General
-
Target
0714_6667737000.doc
-
Size
950KB
-
Sample
210714-l1qp8zcqwx
-
MD5
ca3863086e54e017e5ee340947357c0c
-
SHA1
958fd07c6258321c99ceed63910aaf5d961c83a4
-
SHA256
986aa81b4d67fafde1f7052d5d61025ca059c68516d21d8e4b12f22bfcb68220
-
SHA512
5b9d82a551fbb4ba3083abad64b786d7dac2d7cd66aa672c0a6474203aa891d6665a8fcee5faec18f956a98858b72e7c22110f1a10e4f7ad80a51828eea7a739
Static task
static1
Behavioral task
behavioral1
Sample
0714_6667737000.doc
Resource
win10v20210410
Malware Config
Extracted
hancitor
1407_bdgtq
http://wortlybeentax.com/8/forum.php
http://omermancto.ru/8/forum.php
http://metweveer.ru/8/forum.php
Targets
-
-
Target
0714_6667737000.doc
-
Size
950KB
-
MD5
ca3863086e54e017e5ee340947357c0c
-
SHA1
958fd07c6258321c99ceed63910aaf5d961c83a4
-
SHA256
986aa81b4d67fafde1f7052d5d61025ca059c68516d21d8e4b12f22bfcb68220
-
SHA512
5b9d82a551fbb4ba3083abad64b786d7dac2d7cd66aa672c0a6474203aa891d6665a8fcee5faec18f956a98858b72e7c22110f1a10e4f7ad80a51828eea7a739
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-