Analysis
-
max time kernel
49s -
max time network
10s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
04/03/2021, 17:15
Static task
static1
Behavioral task
behavioral1
Sample
Static.dll
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Static.dll
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
Static.dll
-
Size
106KB
-
MD5
b6675ddf8a99e0103b4c18655ead94fd
-
SHA1
7390a58de7de0c4b4f4aaf3618255415e4929297
-
SHA256
ef26b61e75811ba54c24dade26c7050726e42b20de3d0e27098ee845ae906d7c
-
SHA512
3b80fc1654342de56426f955f9d94eaf9994fec2286d564e76e15aaed4ac3aa23e34c1b0a3cc657e770028219f2666dcb10ef1d790175cd8e955004a1cabde84
Score
10/10
Malware Config
Extracted
Family
hancitor
Botnet
0403_nores34
C2
http://throsesspeotte.com/8/forum.php
http://imilifeesinci.ru/8/forum.php
http://publearysuc.ru/8/forum.php
Signatures
-
Hancitor
Hancitor is downloader used to deliver other malware families.
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1340 wrote to memory of 1296 1340 regsvr32.exe 25 PID 1340 wrote to memory of 1296 1340 regsvr32.exe 25 PID 1340 wrote to memory of 1296 1340 regsvr32.exe 25 PID 1340 wrote to memory of 1296 1340 regsvr32.exe 25 PID 1340 wrote to memory of 1296 1340 regsvr32.exe 25 PID 1340 wrote to memory of 1296 1340 regsvr32.exe 25 PID 1340 wrote to memory of 1296 1340 regsvr32.exe 25