Analysis
-
max time kernel
45s -
max time network
10s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
04/03/2021, 17:14
Static task
static1
Behavioral task
behavioral1
Sample
Static.dll
Resource
win7v20201028
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
Static.dll
Resource
win10v20201028
0 signatures
0 seconds
General
-
Target
Static.dll
-
Size
106KB
-
MD5
f710d0296f0deb04993451e4db79f2fd
-
SHA1
36fadce4b6313930a0d09b338e39dce1253d46ed
-
SHA256
a9a79858c47dd66fc9951a8ba78e791f03fc36f6df893ed467e22b2d4a4bb422
-
SHA512
1350fd8697b3a252c765af7affa05380d80890a52dad47a0b67c9778bb377ed9ed619d3c45bd107188ac37e1f4fed51d9be044bcc276393d60b87b9861403bc1
Score
10/10
Malware Config
Extracted
Family
hancitor
Botnet
0403_nores34
C2
http://throsesspeotte.com/8/forum.php
http://imilifeesinci.ru/8/forum.php
http://publearysuc.ru/8/forum.php
Signatures
-
Hancitor
Hancitor is downloader used to deliver other malware families.
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1684 wrote to memory of 1960 1684 regsvr32.exe 19 PID 1684 wrote to memory of 1960 1684 regsvr32.exe 19 PID 1684 wrote to memory of 1960 1684 regsvr32.exe 19 PID 1684 wrote to memory of 1960 1684 regsvr32.exe 19 PID 1684 wrote to memory of 1960 1684 regsvr32.exe 19 PID 1684 wrote to memory of 1960 1684 regsvr32.exe 19 PID 1684 wrote to memory of 1960 1684 regsvr32.exe 19