General
-
Target
0318_85826668285221.doc
-
Size
717KB
-
Sample
210318-c7fh6a3ccs
-
MD5
504afcedfccc2caf7e2bd9a440bbe566
-
SHA1
5c1a66a82e6f8e4eee4d10354f678c9a794c9a89
-
SHA256
ec501de74ba3d126a14b1d1b09a33cb70e184c28f395e84149fe01fc8041a366
-
SHA512
edbd112480a29d93644f7a2672d7bd288985bdea333545d6eafbbf108df4f65b108f3106c806f8a7fcbfc17f00a9a32f505e182cf3eb1c38f6ee9da69fc16e9c
Static task
static1
Behavioral task
behavioral1
Sample
0318_85826668285221.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
0318_85826668285221.doc
Resource
win10v20201028
Malware Config
Extracted
hancitor
1503_kin1
http://froursmonesed.com/8/forum.php
http://abouniteta.ru/8/forum.php
http://diverbsez.ru/8/forum.php
Targets
-
-
Target
0318_85826668285221.doc
-
Size
717KB
-
MD5
504afcedfccc2caf7e2bd9a440bbe566
-
SHA1
5c1a66a82e6f8e4eee4d10354f678c9a794c9a89
-
SHA256
ec501de74ba3d126a14b1d1b09a33cb70e184c28f395e84149fe01fc8041a366
-
SHA512
edbd112480a29d93644f7a2672d7bd288985bdea333545d6eafbbf108df4f65b108f3106c806f8a7fcbfc17f00a9a32f505e182cf3eb1c38f6ee9da69fc16e9c
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-