Analysis
-
max time kernel
97s -
max time network
104s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
01/03/2021, 15:55
Static task
static1
Behavioral task
behavioral1
Sample
Hs52qascx.dll
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Hs52qascx.dll
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
Hs52qascx.dll
-
Size
136KB
-
MD5
8d54e98795c459e0263c1d40cbdfc9f8
-
SHA1
bd444170211a7b1ce4a185846b7928b9c33e547a
-
SHA256
7bfd59b4c8b046bf15cb408e51ed482a9d19c3d9201d510978b82c9f58cf8e8a
-
SHA512
addf71dbffb7a553d25cf27e550a0f70630b1324d372648922e4b1ca12892718629ad96c681bb7d5b074960c7c41d39c1eab0d1fa481f929b4091690de233ff3
Score
10/10
Malware Config
Extracted
Family
hancitor
Botnet
0103_jepskew
C2
http://ementincied.com/8/forum.php
http://watoredprocaus.ru/8/forum.php
http://noriblerughly.ru/8/forum.php
Signatures
-
Hancitor
Hancitor is downloader used to deliver other malware families.
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4768 wrote to memory of 4848 4768 regsvr32.exe 70 PID 4768 wrote to memory of 4848 4768 regsvr32.exe 70 PID 4768 wrote to memory of 4848 4768 regsvr32.exe 70