64a0ce36b89c57c196caa4e8cb6f8be6fbccb4a66e7d5f32260aeab9d1d32c04 | Triage

Sharing

General

Target

64a0ce36b89c57c196caa4e8cb6f8be6fbccb4a66e7d5f32260aeab9d1d32c04
Size

76KB
Sample

241120-zssl1stjd1
MD5

0afc258310d09e92454c3679dc9d5298
SHA1

f3ad63f18b438dc13b0a071027ad0369ee3f3f97
SHA256

64a0ce36b89c57c196caa4e8cb6f8be6fbccb4a66e7d5f32260aeab9d1d32c04
SHA512

d39a39f9e1e35f52ce11039ecd4f6f26e05ba816d5430b1a376f8fb3df31a57f21246ea571ab25b0a2962ec285e87cdbe57eed4488166887c7854d1984ecb1ec
SSDEEP

1536:1I+Hymsbck3hbdlylKsgqopeJBWhZFGkE+cMLxAAISQ5gQ72IotO6nitSU6U+x:1I+HymsYk3hbdlylKsgqopeJBWhZFGkz

Score

10^/10

discovery macro xlm

Malware Config

Extracted

Language

hta

Source

URLs

hta.dropper

http://91.240.118.168/zzx/ccv/fe.html

Targets

- Target
  
  64a0ce36b89c57c196caa4e8cb6f8be6fbccb4a66e7d5f32260aeab9d1d32c04
- Size
  
  76KB
- MD5
  
  0afc258310d09e92454c3679dc9d5298
- SHA1
  
  f3ad63f18b438dc13b0a071027ad0369ee3f3f97
- SHA256
  
  64a0ce36b89c57c196caa4e8cb6f8be6fbccb4a66e7d5f32260aeab9d1d32c04
- SHA512
  
  d39a39f9e1e35f52ce11039ecd4f6f26e05ba816d5430b1a376f8fb3df31a57f21246ea571ab25b0a2962ec285e87cdbe57eed4488166887c7854d1984ecb1ec
- SSDEEP
  
  1536:1I+Hymsbck3hbdlylKsgqopeJBWhZFGkE+cMLxAAISQ5gQ72IotO6nitSU6U+x:1I+HymsYk3hbdlylKsgqopeJBWhZFGkz
Score

10^/10

discovery
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2