General
-
Target
0224_8933018407944.doc
-
Size
342KB
-
Sample
210224-hzwcksftq2
-
MD5
19c828daf23a690433f66c8987f36e0f
-
SHA1
7d066391f133d9d38d22770c0b6a9c83aa4d3299
-
SHA256
fb6012d83458227eb8b3ba682e54fa2acf3b1d61541dc288414d9e8c0e569de5
-
SHA512
ab2cde2d13634c85991bce4e61a7fa7da136b1268fc8e60b65784dfaca8d8e6d10ab870a97c84bfca7940fa3c773d6e96d0f7d44b2688c5041d243b496e99614
Static task
static1
Behavioral task
behavioral1
Sample
0224_8933018407944.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
0224_8933018407944.doc
Resource
win10v20201028
Malware Config
Extracted
hancitor
2202_pro23
http://aftereand.com/8/forum.php
http://nevemicies.ru/8/forum.php
http://froplivernat.ru/8/forum.php
Targets
-
-
Target
0224_8933018407944.doc
-
Size
342KB
-
MD5
19c828daf23a690433f66c8987f36e0f
-
SHA1
7d066391f133d9d38d22770c0b6a9c83aa4d3299
-
SHA256
fb6012d83458227eb8b3ba682e54fa2acf3b1d61541dc288414d9e8c0e569de5
-
SHA512
ab2cde2d13634c85991bce4e61a7fa7da136b1268fc8e60b65784dfaca8d8e6d10ab870a97c84bfca7940fa3c773d6e96d0f7d44b2688c5041d243b496e99614
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-