General
-
Target
0329_2016740009605.doc
-
Size
711KB
-
Sample
210329-zzwsp394f2
-
MD5
9c6bdac4a903bc77f49e33ab6eecd6e9
-
SHA1
f25d69049ea9565797b802fe648cbe2f0296dcaa
-
SHA256
1668b12e57562e9cd331af6f4ae0ce029079f66ae38a1e70384574199e64cb91
-
SHA512
f3dcfe86a9690673b4851caa11e5380fe60f85d817bb4718bc2cc96b99ffea4f7d7312260889eebb8bf30d279cc0427f0389ded65ca888ae1ff38c711bfaeb94
Static task
static1
Behavioral task
behavioral1
Sample
0329_2016740009605.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
0329_2016740009605.doc
Resource
win10v20201028
Malware Config
Extracted
hancitor
2903_21387h
http://probassita.com/8/forum.php
http://frobenalini.ru/8/forum.php
http://proubleblecilm.ru/8/forum.php
Targets
-
-
Target
0329_2016740009605.doc
-
Size
711KB
-
MD5
9c6bdac4a903bc77f49e33ab6eecd6e9
-
SHA1
f25d69049ea9565797b802fe648cbe2f0296dcaa
-
SHA256
1668b12e57562e9cd331af6f4ae0ce029079f66ae38a1e70384574199e64cb91
-
SHA512
f3dcfe86a9690673b4851caa11e5380fe60f85d817bb4718bc2cc96b99ffea4f7d7312260889eebb8bf30d279cc0427f0389ded65ca888ae1ff38c711bfaeb94
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-