General
-
Target
2c9fa440d9bce01f99d5d0be146c7c80feb4b02e33cb0d2448398df2cff9d46a
-
Size
198KB
-
Sample
220614-1489ksbec8
-
MD5
c7694f570c028b7f2f81312542cab118
-
SHA1
e59efaaf65429f42460070dc7c5c8d943d391fca
-
SHA256
2c9fa440d9bce01f99d5d0be146c7c80feb4b02e33cb0d2448398df2cff9d46a
-
SHA512
589038ab7a04cb4f7f4dddd57f8813e0cc12022cdbfdaa11907bbec397d14ada2b6b48800d79cf782358cc9cc604f959f2ab13b78f4326a59128813d93e53d4e
Static task
static1
Behavioral task
behavioral1
Sample
Tracking#5828259108959.vbs
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Tracking#5828259108959.vbs
Resource
win10v2004-20220414-en
Malware Config
Extracted
hancitor
1912_372823
http://howeelyzuq.com/4/forum.php
http://thriondery.ru/4/forum.php
http://craledlopj.ru/4/forum.php
Targets
-
-
Target
Tracking#5828259108959.vbs
-
Size
545KB
-
MD5
97770c143d6f911ad2fb667089f3254b
-
SHA1
eb2be9136ecad2479b0f8348ce154d48f6c89d25
-
SHA256
ca9ebb765d73b6379c2c037f86d2823144137a366bf79a4a974063beff45d55a
-
SHA512
51962e2f84cb1a753268c4ff79a166d754c7d13caaa41d53e1119999a14774721fab4cd9fb05dbf99913db42c9e0b16061685b6945159892ade604821efb734a
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Loads dropped DLL
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-