General
-
Target
0216_29570659210860.doc
-
Size
363KB
-
Sample
210216-3ttz8s84l6
-
MD5
45ded128f3f52bf39d0771a55ea244ae
-
SHA1
2fe3e24d8af64e3e079e936cc13089afcb74daf9
-
SHA256
f46eeafb15da4873dd4423279e3390767141e17a4fb87e8d5226316a4635a6ac
-
SHA512
eb81220dc55d847eac8a0e3ed7ce280e8b0ef56b803f94a2319e770fda4c40d6e34e9f286909834c5daa7ce824f2ecb27d0b56d08c8f6fcbeca9ce236a82cda5
Static task
static1
Behavioral task
behavioral1
Sample
0216_29570659210860.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
0216_29570659210860.doc
Resource
win10v20201028
Malware Config
Extracted
hancitor
1602_78210h
http://eviddinlahal.com/8/forum.php
http://saisepsdrablis.ru/8/forum.php
http://obvionsweyband.ru/8/forum.php
Targets
-
-
Target
0216_29570659210860.doc
-
Size
363KB
-
MD5
45ded128f3f52bf39d0771a55ea244ae
-
SHA1
2fe3e24d8af64e3e079e936cc13089afcb74daf9
-
SHA256
f46eeafb15da4873dd4423279e3390767141e17a4fb87e8d5226316a4635a6ac
-
SHA512
eb81220dc55d847eac8a0e3ed7ce280e8b0ef56b803f94a2319e770fda4c40d6e34e9f286909834c5daa7ce824f2ecb27d0b56d08c8f6fcbeca9ce236a82cda5
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-