Malware Analysis Report

2024-10-23 17:26

Sample ID 220731-n5t5tsegc7
Target 5f6b9f6c4720a58e07b9a6745a22d3d335363ded771d2310a1078f4c3396d2cb
SHA256 5f6b9f6c4720a58e07b9a6745a22d3d335363ded771d2310a1078f4c3396d2cb
Tags
2205_674384 hancitor
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

5f6b9f6c4720a58e07b9a6745a22d3d335363ded771d2310a1078f4c3396d2cb

Threat Level: Known bad

The file 5f6b9f6c4720a58e07b9a6745a22d3d335363ded771d2310a1078f4c3396d2cb was found to be: Known bad.

Malicious Activity Summary

2205_674384 hancitor

Hancitor family

Program crash

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-07-31 11:59

Signatures

Hancitor family

hancitor

Analysis: behavioral1

Detonation Overview

Submitted

2022-07-31 11:59

Reported

2022-07-31 16:29

Platform

win7-20220718-en

Max time kernel

28s

Max time network

46s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5f6b9f6c4720a58e07b9a6745a22d3d335363ded771d2310a1078f4c3396d2cb.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\5f6b9f6c4720a58e07b9a6745a22d3d335363ded771d2310a1078f4c3396d2cb.exe

"C:\Users\Admin\AppData\Local\Temp\5f6b9f6c4720a58e07b9a6745a22d3d335363ded771d2310a1078f4c3396d2cb.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 100

Network

N/A

Files

memory/1636-54-0x0000000000000000-mapping.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2022-07-31 11:59

Reported

2022-07-31 16:26

Platform

win10v2004-20220721-en

Max time kernel

85s

Max time network

146s

Command Line

"C:\Users\Admin\AppData\Local\Temp\5f6b9f6c4720a58e07b9a6745a22d3d335363ded771d2310a1078f4c3396d2cb.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\5f6b9f6c4720a58e07b9a6745a22d3d335363ded771d2310a1078f4c3396d2cb.exe

"C:\Users\Admin\AppData\Local\Temp\5f6b9f6c4720a58e07b9a6745a22d3d335363ded771d2310a1078f4c3396d2cb.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4100 -ip 4100

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 296

Network

Country Destination Domain Proto
FR 20.40.129.122:443 tcp
FR 20.40.129.122:443 tcp
IE 20.50.73.9:443 tcp
NL 67.26.105.254:80 tcp
NL 67.26.105.254:80 tcp

Files

N/A