General
-
Target
0318_45657944978421.doc
-
Size
717KB
-
Sample
210318-pg7djaylyx
-
MD5
a1ba6d313842fb0407fbe037ca84c5a2
-
SHA1
af339e9a077fe9eef9dbdae2284e29d546ec2aca
-
SHA256
ab80918fd8343507b3b5f1f2f8a1f128209601124ebb26b527bee6992989ea29
-
SHA512
0f25b98ead300ae78093f8d1baaccb434e0d7b2ac082fa0d63fd994abca9d186b1752a4b7a11c8cd1068f81263b476f432ef10ca3831b847d062c8699060296b
Static task
static1
Behavioral task
behavioral1
Sample
0318_45657944978421.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
0318_45657944978421.doc
Resource
win10v20201028
Malware Config
Extracted
hancitor
1503_kin1
http://froursmonesed.com/8/forum.php
http://abouniteta.ru/8/forum.php
http://diverbsez.ru/8/forum.php
Targets
-
-
Target
0318_45657944978421.doc
-
Size
717KB
-
MD5
a1ba6d313842fb0407fbe037ca84c5a2
-
SHA1
af339e9a077fe9eef9dbdae2284e29d546ec2aca
-
SHA256
ab80918fd8343507b3b5f1f2f8a1f128209601124ebb26b527bee6992989ea29
-
SHA512
0f25b98ead300ae78093f8d1baaccb434e0d7b2ac082fa0d63fd994abca9d186b1752a4b7a11c8cd1068f81263b476f432ef10ca3831b847d062c8699060296b
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-