b1e6994bde3ca775af59e2ff26b91c426c354f14e7593afbc100afc132ec7bc6 | Triage

Sharing

General

Target

b1e6994bde3ca775af59e2ff26b91c426c354f14e7593afbc100afc132ec7bc6
Size

70KB
Sample

241120-ypp62swrek
MD5

d9482b1fbcb43993bbb99502681babbe
SHA1

75632be24e11ab94892b5eb9e5b56e88986a2bdb
SHA256

b1e6994bde3ca775af59e2ff26b91c426c354f14e7593afbc100afc132ec7bc6
SHA512

81c0495a923592e89f877bfa91d5b1d3b676aba9833d5ea6cd050b0b2a83ac935e085a8e10d8ac6470f4080e022d1d5926998b4279a4ff71ae9288a98261cb63
SSDEEP

1536:bpEk3hbdlylKsgqopeJBWhZFGkE+cL2NdA8eXZiozeOgXVZKyaZpvyR1kZkJvU+:bCk3hbdlylKsgqopeJBWhZFGkE+cL2Nr

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://185.7.214.7/fer/fe2.html

Targets

- Target
  
  b1e6994bde3ca775af59e2ff26b91c426c354f14e7593afbc100afc132ec7bc6
- Size
  
  70KB
- MD5
  
  d9482b1fbcb43993bbb99502681babbe
- SHA1
  
  75632be24e11ab94892b5eb9e5b56e88986a2bdb
- SHA256
  
  b1e6994bde3ca775af59e2ff26b91c426c354f14e7593afbc100afc132ec7bc6
- SHA512
  
  81c0495a923592e89f877bfa91d5b1d3b676aba9833d5ea6cd050b0b2a83ac935e085a8e10d8ac6470f4080e022d1d5926998b4279a4ff71ae9288a98261cb63
- SSDEEP
  
  1536:bpEk3hbdlylKsgqopeJBWhZFGkE+cL2NdA8eXZiozeOgXVZKyaZpvyR1kZkJvU+:bCk3hbdlylKsgqopeJBWhZFGkE+cL2Nr
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2