Analysis
-
max time kernel
64s -
max time network
10s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
03/03/2021, 16:29
Static task
static1
Behavioral task
behavioral1
Sample
Static.dll
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Static.dll
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
Static.dll
-
Size
169KB
-
MD5
541f0ae61eaa22bc5eeca8351f9e76e3
-
SHA1
9c52ae468d81fceaf09c8f1fc166a6b6ffdc9225
-
SHA256
492ed4c57dbe80c20cc0749ff91da5d9f2b3c5b95ae24ac8822b242cb51f9d5a
-
SHA512
7bf98a7a1530e3f407c0b4fb0d4c4fb6cc8d3e6b462bc0bd99f5daf1568041dbe1d5c0acf4422c62f05bb4070e33446f0195f5154da1566899eb9dbc8af47f5e
Score
10/10
Malware Config
Extracted
Family
hancitor
Botnet
0303_trew30
C2
http://mainctional.com/8/forum.php
http://disrulaytin.ru/8/forum.php
http://puldefletat.ru/8/forum.php
Signatures
-
Hancitor
Hancitor is downloader used to deliver other malware families.
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1724 wrote to memory of 1900 1724 regsvr32.exe 26 PID 1724 wrote to memory of 1900 1724 regsvr32.exe 26 PID 1724 wrote to memory of 1900 1724 regsvr32.exe 26 PID 1724 wrote to memory of 1900 1724 regsvr32.exe 26 PID 1724 wrote to memory of 1900 1724 regsvr32.exe 26 PID 1724 wrote to memory of 1900 1724 regsvr32.exe 26 PID 1724 wrote to memory of 1900 1724 regsvr32.exe 26