Cobalt Strike Beacon dropped by HTML Application (HTA) | Yara
Try VMRay Analyzer
VTI SCORE: 100/100
Target: win10_64 | html_application
Classification: Trojan, Keylogger, Downloader

d8ef1c4f64a05b1abf100044fcb7048c9526d175a114cb90bd134b80783da146 (SHA256)

Secure_Document_Plugin.hta

HTML Application

Created at 2018-02-15 18:28:00

Notifications (2/3)

Some memory dumps may be missing in the reports since the maximum number of dumps was reached during the analysis. You can increase the limit in the configuration settings.

Some memory dumps may be missing in the reports since the total dump size limit was reached during the analysis. You can increase the limit in the configuration settings.

The overall sleep time of all monitored processes was truncated from "11 minutes, 47 seconds" to "8 minutes, 50 seconds" to reveal dormant functionality.

YARA Information

Applied On Sample Files, Created Files, Modified Files, PCAP File, Process Dumps
Number of YARA matches 0
There are no YARA matches for this sample
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Before

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
After

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".


    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image