General
-
Target
0817_0587613500.doc
-
Size
837KB
-
Sample
210818-8tztx5ka2n
-
MD5
320caa242ad99bb4211d3ccecfc7daf0
-
SHA1
6a90f65cca387a77cae71240989e7ee4dc6d4018
-
SHA256
0a0ae838f3e6f10b797fe2a1791abf7dfaae117081d8bd507403ffebee8ebfe0
-
SHA512
7e0aeca318215b74bbd906f30979255a14d13f1ec170e5acc51a66bd7be864f8197ff3b9b91506469253f373a1b5e444ad933ad4c09156850eb5649158bc0b84
Static task
static1
Behavioral task
behavioral1
Sample
0817_0587613500.doc
Resource
win7v20210410
Behavioral task
behavioral2
Sample
0817_0587613500.doc
Resource
win10v20210410
Malware Config
Extracted
hancitor
1608_febd
http://patiennerrhe.com/8/forum.php
http://thougolograrly.ru/8/forum.php
http://chopprousite.ru/8/forum.php
Targets
-
-
Target
0817_0587613500.doc
-
Size
837KB
-
MD5
320caa242ad99bb4211d3ccecfc7daf0
-
SHA1
6a90f65cca387a77cae71240989e7ee4dc6d4018
-
SHA256
0a0ae838f3e6f10b797fe2a1791abf7dfaae117081d8bd507403ffebee8ebfe0
-
SHA512
7e0aeca318215b74bbd906f30979255a14d13f1ec170e5acc51a66bd7be864f8197ff3b9b91506469253f373a1b5e444ad933ad4c09156850eb5649158bc0b84
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Blocklisted process makes network request
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-