General
-
Target
20210817_154832_74338b71619799a6e5df0bd8b40817ca89dacaf09bf5d4d2108be8509d4d71bc_0817_0378100231.doc
-
Size
837KB
-
Sample
210817-zm3148lsdn
-
MD5
2e40dd4bf39e7e0b4b17f56581646c62
-
SHA1
49122c3d2d5a09604af8f99524a5f5327be4b30a
-
SHA256
74338b71619799a6e5df0bd8b40817ca89dacaf09bf5d4d2108be8509d4d71bc
-
SHA512
14a5fc6bfb1785bf5f1e7fc98feee8187e8fbbdca4b8092f15f888d5248740ccb6e1c743456da27dc6e5d1f857f59ab0f07c8af5e01c3d983c6157d2719619bf
Static task
static1
Behavioral task
behavioral1
Sample
20210817_154832_74338b71619799a6e5df0bd8b40817ca89dacaf09bf5d4d2108be8509d4d71bc_0817_0378100231.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
20210817_154832_74338b71619799a6e5df0bd8b40817ca89dacaf09bf5d4d2108be8509d4d71bc_0817_0378100231.doc
Resource
win10v20210410
Malware Config
Extracted
hancitor
1608_febd
http://patiennerrhe.com/8/forum.php
http://thougolograrly.ru/8/forum.php
http://chopprousite.ru/8/forum.php
Targets
-
-
Target
20210817_154832_74338b71619799a6e5df0bd8b40817ca89dacaf09bf5d4d2108be8509d4d71bc_0817_0378100231.doc
-
Size
837KB
-
MD5
2e40dd4bf39e7e0b4b17f56581646c62
-
SHA1
49122c3d2d5a09604af8f99524a5f5327be4b30a
-
SHA256
74338b71619799a6e5df0bd8b40817ca89dacaf09bf5d4d2108be8509d4d71bc
-
SHA512
14a5fc6bfb1785bf5f1e7fc98feee8187e8fbbdca4b8092f15f888d5248740ccb6e1c743456da27dc6e5d1f857f59ab0f07c8af5e01c3d983c6157d2719619bf
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-