Analysis
-
max time kernel
44s -
max time network
8s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
04/03/2021, 15:09
Static task
static1
Behavioral task
behavioral1
Sample
msals.dll
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
msals.dll
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
msals.dll
-
Size
106KB
-
MD5
0ebfd7b332790b46a967e03fea84673d
-
SHA1
d7499862564963f5e441dc09f5a94eab006d8dd0
-
SHA256
67ee41920145e77746a3a4f6a7599536c42181f030fce8afe5b3fe3925bd58f1
-
SHA512
760b2536ab115e30f9e5c0de9b26e447da181bbe9c43d87bb3b573f350b60b3d2cd2be9bf218cfc839594517901d216ba919061f0e15d3ef6f8a3d8767b6aeeb
Score
10/10
Malware Config
Extracted
Family
hancitor
Botnet
0403_nores34
C2
http://throsesspeotte.com/8/forum.php
http://imilifeesinci.ru/8/forum.php
http://publearysuc.ru/8/forum.php
Signatures
-
Hancitor
Hancitor is downloader used to deliver other malware families.
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 776 wrote to memory of 1992 776 regsvr32.exe 26 PID 776 wrote to memory of 1992 776 regsvr32.exe 26 PID 776 wrote to memory of 1992 776 regsvr32.exe 26 PID 776 wrote to memory of 1992 776 regsvr32.exe 26 PID 776 wrote to memory of 1992 776 regsvr32.exe 26 PID 776 wrote to memory of 1992 776 regsvr32.exe 26 PID 776 wrote to memory of 1992 776 regsvr32.exe 26