Overview
overview
10Static
static
820210817_1...75.doc
windows7_x64
420210817_1...75.doc
windows10_x64
1020210817_1...10.doc
windows7_x64
420210817_1...10.doc
windows10_x64
1020210817_1...31.doc
windows7_x64
420210817_1...31.doc
windows10_x64
1020210817_1...80.doc
windows7_x64
420210817_1...80.doc
windows10_x64
10General
-
Target
hans_20210817.zip
-
Size
2.9MB
-
Sample
210817-e1frs9eg9x
-
MD5
76c30d2b3a88e669c9dd0e5690e1b050
-
SHA1
4f3e7e7f99fc6db8062a96f29744d665d505e926
-
SHA256
975cecc2ec93898a5d0a9fcc9c57ed8bb335271530c140e8e2ae4ca5f176f06f
-
SHA512
e7d7905e8213f69b5cc022ca48196816dd24bc42098a5bf6e13d86a758cdae2fdd959367d9bea5ea528196342950834115edcbc4feb5164d78432130be585208
Static task
static1
Behavioral task
behavioral1
Sample
20210817_153735_9b8b946ac5d46b4648f63890d4da5cec9b9413d116cb3c5ec2646d490225ffd9_0817_1625158575.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
20210817_153735_9b8b946ac5d46b4648f63890d4da5cec9b9413d116cb3c5ec2646d490225ffd9_0817_1625158575.doc
Resource
win10v20210408
Behavioral task
behavioral3
Sample
20210817_154154_1dbbafce55a19e7946895e941ff89874813a85a25ccd91840f358af181cf26a1_0817_6576604010.doc
Resource
win7v20210410
Behavioral task
behavioral4
Sample
20210817_154154_1dbbafce55a19e7946895e941ff89874813a85a25ccd91840f358af181cf26a1_0817_6576604010.doc
Resource
win10v20210408
Behavioral task
behavioral5
Sample
20210817_154832_74338b71619799a6e5df0bd8b40817ca89dacaf09bf5d4d2108be8509d4d71bc_0817_0378100231.doc
Resource
win7v20210410
Behavioral task
behavioral6
Sample
20210817_154832_74338b71619799a6e5df0bd8b40817ca89dacaf09bf5d4d2108be8509d4d71bc_0817_0378100231.doc
Resource
win10v20210410
Behavioral task
behavioral7
Sample
20210817_160744_f34d0679122dd95e900f88283dad55b68727c77c337508e6c449a5073682df64_0817_2167548380.doc
Resource
win7v20210408
Behavioral task
behavioral8
Sample
20210817_160744_f34d0679122dd95e900f88283dad55b68727c77c337508e6c449a5073682df64_0817_2167548380.doc
Resource
win10v20210410
Malware Config
Extracted
hancitor
1608_febd
http://patiennerrhe.com/8/forum.php
http://thougolograrly.ru/8/forum.php
http://chopprousite.ru/8/forum.php
Targets
-
-
Target
20210817_153735_9b8b946ac5d46b4648f63890d4da5cec9b9413d116cb3c5ec2646d490225ffd9_0817_1625158575.doc
-
Size
837KB
-
MD5
4b46e8622355d01db7079cab35105162
-
SHA1
c403c4bd39f636784a5a7e61ac0107785f927324
-
SHA256
9b8b946ac5d46b4648f63890d4da5cec9b9413d116cb3c5ec2646d490225ffd9
-
SHA512
f2c2178c5755fb4d2ea1d6acfeb84b09b12ca3ef84dd81c5bfaaf203f753c6333ead16589e7290e7715effca207ea016545596fced708bed7ae077a93ffa38cb
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
20210817_154154_1dbbafce55a19e7946895e941ff89874813a85a25ccd91840f358af181cf26a1_0817_6576604010.doc
-
Size
837KB
-
MD5
9a954d5ff68f5f008ae31a511868b901
-
SHA1
5b2bdf49c95c6fe464511967cbc9fe4481ce5b2a
-
SHA256
1dbbafce55a19e7946895e941ff89874813a85a25ccd91840f358af181cf26a1
-
SHA512
482c1409afc191a64d47502a52d2d2fc877bfa935ce1d63a0a259c23b92c29bd418cc2e00d45471c0b656a239714690ee3de9f1b71be41100213d23703c76b48
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
20210817_154832_74338b71619799a6e5df0bd8b40817ca89dacaf09bf5d4d2108be8509d4d71bc_0817_0378100231.doc
-
Size
837KB
-
MD5
2e40dd4bf39e7e0b4b17f56581646c62
-
SHA1
49122c3d2d5a09604af8f99524a5f5327be4b30a
-
SHA256
74338b71619799a6e5df0bd8b40817ca89dacaf09bf5d4d2108be8509d4d71bc
-
SHA512
14a5fc6bfb1785bf5f1e7fc98feee8187e8fbbdca4b8092f15f888d5248740ccb6e1c743456da27dc6e5d1f857f59ab0f07c8af5e01c3d983c6157d2719619bf
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
-
-
Target
20210817_160744_f34d0679122dd95e900f88283dad55b68727c77c337508e6c449a5073682df64_0817_2167548380.doc
-
Size
837KB
-
MD5
1c62c00b029f4246e2f63fbcb8c0ece7
-
SHA1
3a4e6fa3e3378e123e462a725cb1ee2e91a14ae8
-
SHA256
f34d0679122dd95e900f88283dad55b68727c77c337508e6c449a5073682df64
-
SHA512
7ba3dbbb7280d6b415aa5a8341e98aa6bd2aac1e15bf5b00566aca206e18d153d21431631d6598db496c6fb60f0c4f2f221b42aca9303f79e92eb0eb2c3c54c2
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-