General
-
Target
0318_98323640085061.doc
-
Size
717KB
-
Sample
210318-ec2xrdmmls
-
MD5
ed8d3539a3e027ec713cb7eddbb0dcf6
-
SHA1
5253b7e09168b17bc8bfd7938e6ee054f5b5bb59
-
SHA256
1d11fee370ab3997737f58df6f80162981c24b61266d0818036d257e7217bbb9
-
SHA512
7de42950bdb4c6d60ecdd1814432c284d304437294c5b77188767937b7381d6ba2d002a6bcbab3eac44e8516a25b8e21fcc221bc88baa0e4a2d6eb641ca965af
Static task
static1
Behavioral task
behavioral1
Sample
0318_98323640085061.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
0318_98323640085061.doc
Resource
win10v20201028
Malware Config
Extracted
hancitor
1503_kin1
http://froursmonesed.com/8/forum.php
http://abouniteta.ru/8/forum.php
http://diverbsez.ru/8/forum.php
Targets
-
-
Target
0318_98323640085061.doc
-
Size
717KB
-
MD5
ed8d3539a3e027ec713cb7eddbb0dcf6
-
SHA1
5253b7e09168b17bc8bfd7938e6ee054f5b5bb59
-
SHA256
1d11fee370ab3997737f58df6f80162981c24b61266d0818036d257e7217bbb9
-
SHA512
7de42950bdb4c6d60ecdd1814432c284d304437294c5b77188767937b7381d6ba2d002a6bcbab3eac44e8516a25b8e21fcc221bc88baa0e4a2d6eb641ca965af
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-