General
-
Target
0224_13930141056302.doc
-
Size
342KB
-
Sample
210224-p2evtkbv82
-
MD5
b6ede47bc6f6d0585ae4f49b05a1bcbd
-
SHA1
a7517e6165c427719dfe680a4aaf7640859070dc
-
SHA256
5da3261145ee75979a781985d628d66637b0552e4fe0a52b4875ac21717a212f
-
SHA512
6259858805166b9506d56db0cbd1e3891a6c41377cdc1b629a4376298bc0bdc4cdacac00820ffa77e476c2e175c07f630f03623670e5af56958c4d5cd8110221
Static task
static1
Behavioral task
behavioral1
Sample
0224_13930141056302.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
0224_13930141056302.doc
Resource
win10v20201028
Malware Config
Extracted
hancitor
2202_pro23
http://aftereand.com/8/forum.php
http://nevemicies.ru/8/forum.php
http://froplivernat.ru/8/forum.php
Targets
-
-
Target
0224_13930141056302.doc
-
Size
342KB
-
MD5
b6ede47bc6f6d0585ae4f49b05a1bcbd
-
SHA1
a7517e6165c427719dfe680a4aaf7640859070dc
-
SHA256
5da3261145ee75979a781985d628d66637b0552e4fe0a52b4875ac21717a212f
-
SHA512
6259858805166b9506d56db0cbd1e3891a6c41377cdc1b629a4376298bc0bdc4cdacac00820ffa77e476c2e175c07f630f03623670e5af56958c4d5cd8110221
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-