General
-
Target
0211_38602014674781.doc
-
Size
332KB
-
Sample
210211-dcvggp7x86
-
MD5
b346a01d3398a728758895b1aaf2748b
-
SHA1
d1f569be335e637d6a43e859bd7969b9624e68e8
-
SHA256
5134951dfe74a2803ae255e7ba55e765fb16b1f212ecaa957aa612e304423ecd
-
SHA512
ca38ab17a297ddae23d8585aaaf9f8a3e482fb11db5dffe852870f070aa2dbce1b415f660d17f64bee3d637a188d3efe51364ec585e8e5cf30a2503bb61d80e6
Static task
static1
Behavioral task
behavioral1
Sample
0211_38602014674781.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
0211_38602014674781.doc
Resource
win10v20201028
Malware Config
Extracted
hancitor
1102_heid89
http://nuencres.com/8/forum.php
http://matuattheires.ru/8/forum.php
http://desuctoette.ru/8/forum.php
Targets
-
-
Target
0211_38602014674781.doc
-
Size
332KB
-
MD5
b346a01d3398a728758895b1aaf2748b
-
SHA1
d1f569be335e637d6a43e859bd7969b9624e68e8
-
SHA256
5134951dfe74a2803ae255e7ba55e765fb16b1f212ecaa957aa612e304423ecd
-
SHA512
ca38ab17a297ddae23d8585aaaf9f8a3e482fb11db5dffe852870f070aa2dbce1b415f660d17f64bee3d637a188d3efe51364ec585e8e5cf30a2503bb61d80e6
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-