General
-
Target
hancitor.doc
-
Size
901KB
-
Sample
210706-yjtwlt6hwe
-
MD5
9a3f74a7a051a03a434247593d8ed747
-
SHA1
58f84cb979f0f70cd91d98a254ee1c4fd0c8dcd1
-
SHA256
b55284924181f69bf59527ac2b7a5397c35652c799c037a3e94d492d412f8c9c
-
SHA512
42808b1938e381a8954c9641989f03f18258c70d5b5fe40ac60202cc7d55c2b854fabc1e6a84d75b4eecf882b31d5d76736b4b17b399052bf800899d4782edd0
Static task
static1
Behavioral task
behavioral1
Sample
hancitor.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
hancitor.doc
Resource
win10v20210410
Malware Config
Targets
-
-
Target
hancitor.doc
-
Size
901KB
-
MD5
9a3f74a7a051a03a434247593d8ed747
-
SHA1
58f84cb979f0f70cd91d98a254ee1c4fd0c8dcd1
-
SHA256
b55284924181f69bf59527ac2b7a5397c35652c799c037a3e94d492d412f8c9c
-
SHA512
42808b1938e381a8954c9641989f03f18258c70d5b5fe40ac60202cc7d55c2b854fabc1e6a84d75b4eecf882b31d5d76736b4b17b399052bf800899d4782edd0
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-