General
-
Target
0329_31702491610050.doc
-
Size
711KB
-
Sample
210329-51tt1x8c5e
-
MD5
7e9402735c332840efc616153d5fb9ec
-
SHA1
92399604632aec4e3b96e170d94dee0429fe5450
-
SHA256
e8341c02f9f21286e9fbfcc847aeff6afc8c11c67979e3a5da692e8cacaa1b74
-
SHA512
434c738386f20c9e383234c945a402cd710bf0dc525c3e09134084f61f8d98ce45b7ed89153f2a8ae557773b74fb2ed06514b7c6a4aa010ba86d2ca6b2b1e37f
Static task
static1
Behavioral task
behavioral1
Sample
0329_31702491610050.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
0329_31702491610050.doc
Resource
win10v20201028
Malware Config
Extracted
hancitor
2903_21387h
http://probassita.com/8/forum.php
http://frobenalini.ru/8/forum.php
http://proubleblecilm.ru/8/forum.php
Targets
-
-
Target
0329_31702491610050.doc
-
Size
711KB
-
MD5
7e9402735c332840efc616153d5fb9ec
-
SHA1
92399604632aec4e3b96e170d94dee0429fe5450
-
SHA256
e8341c02f9f21286e9fbfcc847aeff6afc8c11c67979e3a5da692e8cacaa1b74
-
SHA512
434c738386f20c9e383234c945a402cd710bf0dc525c3e09134084f61f8d98ce45b7ed89153f2a8ae557773b74fb2ed06514b7c6a4aa010ba86d2ca6b2b1e37f
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-