Analysis
-
max time kernel
61s -
max time network
113s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
03/03/2021, 14:29
Static task
static1
Behavioral task
behavioral1
Sample
msals.dll
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
msals.dll
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
msals.dll
-
Size
169KB
-
MD5
3f023e26d0abc46ad7ef38bf8095344b
-
SHA1
59a55bda15d8010f82b8a7ccbcd4bfe6a274d31c
-
SHA256
613adae33a54d2ed27dd6a5fe969513b47f3116ee9bf7ccc5e6720c67c2c2a44
-
SHA512
dab0f06cdba421d0c2e90d58f8af1dc533e3085b035a51bc8134ba225e9526ee2bff79726e23d920ce91ae78cc4795f76a3a3238a319d30b94299e89ce5afe8a
Score
10/10
Malware Config
Extracted
Family
hancitor
Botnet
0303_trew30
C2
http://mainctional.com/8/forum.php
http://disrulaytin.ru/8/forum.php
http://puldefletat.ru/8/forum.php
Signatures
-
Hancitor
Hancitor is downloader used to deliver other malware families.
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4712 wrote to memory of 4844 4712 regsvr32.exe 71 PID 4712 wrote to memory of 4844 4712 regsvr32.exe 71 PID 4712 wrote to memory of 4844 4712 regsvr32.exe 71