General
-
Target
0330_2122365705060.doc
-
Size
768KB
-
Sample
210330-8dd9vts2mn
-
MD5
f7c344bf8006c4ba061178469aec80ae
-
SHA1
742b6aa480ed934100ad744117d728ced097b926
-
SHA256
082d843c9c9610aa0ef139c34e5780e90c51e314b3fb156a5e2f7dfea00b92af
-
SHA512
b3f20011abd56e6fa7cd26e0d16cceefac5b19536bcd2fee72b518c29bdf4831ab437c34fe0825eeb34aa6548ced30ddb1ee9aa16aa9572df8b1b7926a51dfb0
Static task
static1
Behavioral task
behavioral1
Sample
0330_2122365705060.doc
Resource
win7v20201028
Behavioral task
behavioral2
Sample
0330_2122365705060.doc
Resource
win10v20201028
Malware Config
Extracted
hancitor
3003_verio
http://stionicksilid.com/8/forum.php
http://succupenous.ru/8/forum.php
http://cappiasstising.ru/8/forum.php
Targets
-
-
Target
0330_2122365705060.doc
-
Size
768KB
-
MD5
f7c344bf8006c4ba061178469aec80ae
-
SHA1
742b6aa480ed934100ad744117d728ced097b926
-
SHA256
082d843c9c9610aa0ef139c34e5780e90c51e314b3fb156a5e2f7dfea00b92af
-
SHA512
b3f20011abd56e6fa7cd26e0d16cceefac5b19536bcd2fee72b518c29bdf4831ab437c34fe0825eeb34aa6548ced30ddb1ee9aa16aa9572df8b1b7926a51dfb0
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-