General
-
Target
file
-
Size
1.3MB
-
Sample
210623-ka3j42eefs
-
MD5
df1322214337bed7cc898bdca5002e8b
-
SHA1
dac91c99f1bb2b62ccd39e53ca6b2368efdb6c16
-
SHA256
a6bd19943dd9083e7a2f67c9302c32cbc5640d245d84176c43e9369cd6c34a11
-
SHA512
bb2814b3a11e24e245f58ddc9401473c98fb0f8168b792f37844e2a22e6faf7fed789088f53437c82e9ebbb35b55ceaec090e5fef8544a0617e059dc411b4e50
Static task
static1
Behavioral task
behavioral1
Sample
file.doc
Resource
win7v20210408
Behavioral task
behavioral2
Sample
file.doc
Resource
win10v20210408
Malware Config
Extracted
hancitor
2306_vensip
http://extilivelly.com/8/forum.php
http://cludimetifte.ru/8/forum.php
http://sakincesed.ru/8/forum.php
Targets
-
-
Target
file
-
Size
1.3MB
-
MD5
df1322214337bed7cc898bdca5002e8b
-
SHA1
dac91c99f1bb2b62ccd39e53ca6b2368efdb6c16
-
SHA256
a6bd19943dd9083e7a2f67c9302c32cbc5640d245d84176c43e9369cd6c34a11
-
SHA512
bb2814b3a11e24e245f58ddc9401473c98fb0f8168b792f37844e2a22e6faf7fed789088f53437c82e9ebbb35b55ceaec090e5fef8544a0617e059dc411b4e50
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-