4e04d06948e7d4ec409fde9b2ce30b39a0d7fe1713012b2d3772c9dfe7791116 | Triage

Sharing

General

Target

4e04d06948e7d4ec409fde9b2ce30b39a0d7fe1713012b2d3772c9dfe7791116
Size

109KB
Sample

241120-wd1gjazqgz
MD5

31a30a4029ed8d052ccc747026cc7dae
SHA1

92ca4fc1c5da05fdd3f588a9bf15bf69f03096b2
SHA256

4e04d06948e7d4ec409fde9b2ce30b39a0d7fe1713012b2d3772c9dfe7791116
SHA512

770ab98753b8d9bd001cd636ba3d061d3003bdd1bfe6290f2b5c8cedf2cf0eb4f23e948773889e6717a4f52cdc20706064e2da795eb538d0b5560eb2ea4bcfa6
SSDEEP

3072:+C+nBqmxk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIFxe53lGvFTQ3IzxgdrvxpU0O:R+nBqmxk3hbdlylKsgqopeJBWhZFVE+s

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://185.7.214.7/fer/fe4.html

Targets

- Target
  
  4e04d06948e7d4ec409fde9b2ce30b39a0d7fe1713012b2d3772c9dfe7791116
- Size
  
  109KB
- MD5
  
  31a30a4029ed8d052ccc747026cc7dae
- SHA1
  
  92ca4fc1c5da05fdd3f588a9bf15bf69f03096b2
- SHA256
  
  4e04d06948e7d4ec409fde9b2ce30b39a0d7fe1713012b2d3772c9dfe7791116
- SHA512
  
  770ab98753b8d9bd001cd636ba3d061d3003bdd1bfe6290f2b5c8cedf2cf0eb4f23e948773889e6717a4f52cdc20706064e2da795eb538d0b5560eb2ea4bcfa6
- SSDEEP
  
  3072:+C+nBqmxk3hbdlylKsgqopeJBWhZFGkE+cMLxAAIFxe53lGvFTQ3IzxgdrvxpU0O:R+nBqmxk3hbdlylKsgqopeJBWhZFVE+s
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2