General
-
Target
0216_2632629125129.doc
-
Size
834KB
-
Sample
210216-dc7n9e9rxj
-
MD5
475eebe2974edd4801847661dcb528e0
-
SHA1
0738db9956dfc1e0c614c7a71cda4fd1182526e7
-
SHA256
d0a97fe3a995c7bc3aa27929b2c36bb1e87add6451bd7757439ecc0ab031ff56
-
SHA512
9d1752e1242afc7e0a73fc808a42683e7d7c4d021f027f8a11d02da03383219fca0f1c9a20d3107dbf94e15c298aab8ee4f79fa9d70ee530d73b1104e930cfe2
Static task
static1
Behavioral task
behavioral1
Sample
0216_2632629125129.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
0216_2632629125129.doc
Resource
win10v20201028
Malware Config
Extracted
hancitor
1602_78210h
http://eviddinlahal.com/8/forum.php
http://saisepsdrablis.ru/8/forum.php
http://obvionsweyband.ru/8/forum.php
Targets
-
-
Target
0216_2632629125129.doc
-
Size
834KB
-
MD5
475eebe2974edd4801847661dcb528e0
-
SHA1
0738db9956dfc1e0c614c7a71cda4fd1182526e7
-
SHA256
d0a97fe3a995c7bc3aa27929b2c36bb1e87add6451bd7757439ecc0ab031ff56
-
SHA512
9d1752e1242afc7e0a73fc808a42683e7d7c4d021f027f8a11d02da03383219fca0f1c9a20d3107dbf94e15c298aab8ee4f79fa9d70ee530d73b1104e930cfe2
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-