ecc7d67a95a0bc100a6eebc60573de7ff556da84c43137adf9b23c6fbd5fb0d7 | Triage

Sharing

General

Target

ecc7d67a95a0bc100a6eebc60573de7ff556da84c43137adf9b23c6fbd5fb0d7
Size

142KB
Sample

241120-zlhs8ssrbw
MD5

cf35dd57ccc743ae5aef84255b30ef70
SHA1

0d39383fe20e21a41174191976386b1d93c51ddd
SHA256

ecc7d67a95a0bc100a6eebc60573de7ff556da84c43137adf9b23c6fbd5fb0d7
SHA512

c3c2652136fac4be4b3d8dcbf0e782379a17427e5758e1ae3bee12b86bd21b677c4e1ca366d2f923a2610d1212a45ef36e4a600eca38ad7e48b04fc73d92028b
SSDEEP

3072:4Rk3hbdlylKsgqopeJBWhZFGkE+cL2NdAlhEvN8B/W6X1yxYovrepMUdQ6gSz4iq:Qk3hbdlylKsgqopeJBWhZFVE+W2NdAli

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://185.7.214.7/fer/fer.html

Targets

- Target
  
  ecc7d67a95a0bc100a6eebc60573de7ff556da84c43137adf9b23c6fbd5fb0d7
- Size
  
  142KB
- MD5
  
  cf35dd57ccc743ae5aef84255b30ef70
- SHA1
  
  0d39383fe20e21a41174191976386b1d93c51ddd
- SHA256
  
  ecc7d67a95a0bc100a6eebc60573de7ff556da84c43137adf9b23c6fbd5fb0d7
- SHA512
  
  c3c2652136fac4be4b3d8dcbf0e782379a17427e5758e1ae3bee12b86bd21b677c4e1ca366d2f923a2610d1212a45ef36e4a600eca38ad7e48b04fc73d92028b
- SSDEEP
  
  3072:4Rk3hbdlylKsgqopeJBWhZFGkE+cL2NdAlhEvN8B/W6X1yxYovrepMUdQ6gSz4iq:Qk3hbdlylKsgqopeJBWhZFVE+W2NdAli
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2