Analysis Overview
SHA256
5f6b9f6c4720a58e07b9a6745a22d3d335363ded771d2310a1078f4c3396d2cb
Threat Level: Known bad
The file 5f6b9f6c4720a58e07b9a6745a22d3d335363ded771d2310a1078f4c3396d2cb was found to be: Known bad.
Malicious Activity Summary
Hancitor family
Program crash
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-07-31 11:59
Signatures
Hancitor family
Analysis: behavioral1
Detonation Overview
Submitted
2022-07-31 11:59
Reported
2022-07-31 16:29
Platform
win7-20220718-en
Max time kernel
28s
Max time network
46s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\5f6b9f6c4720a58e07b9a6745a22d3d335363ded771d2310a1078f4c3396d2cb.exe |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 916 wrote to memory of 1636 | N/A | C:\Users\Admin\AppData\Local\Temp\5f6b9f6c4720a58e07b9a6745a22d3d335363ded771d2310a1078f4c3396d2cb.exe | C:\Windows\SysWOW64\WerFault.exe |
| PID 916 wrote to memory of 1636 | N/A | C:\Users\Admin\AppData\Local\Temp\5f6b9f6c4720a58e07b9a6745a22d3d335363ded771d2310a1078f4c3396d2cb.exe | C:\Windows\SysWOW64\WerFault.exe |
| PID 916 wrote to memory of 1636 | N/A | C:\Users\Admin\AppData\Local\Temp\5f6b9f6c4720a58e07b9a6745a22d3d335363ded771d2310a1078f4c3396d2cb.exe | C:\Windows\SysWOW64\WerFault.exe |
| PID 916 wrote to memory of 1636 | N/A | C:\Users\Admin\AppData\Local\Temp\5f6b9f6c4720a58e07b9a6745a22d3d335363ded771d2310a1078f4c3396d2cb.exe | C:\Windows\SysWOW64\WerFault.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\5f6b9f6c4720a58e07b9a6745a22d3d335363ded771d2310a1078f4c3396d2cb.exe
"C:\Users\Admin\AppData\Local\Temp\5f6b9f6c4720a58e07b9a6745a22d3d335363ded771d2310a1078f4c3396d2cb.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 100
Network
Files
memory/1636-54-0x0000000000000000-mapping.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2022-07-31 11:59
Reported
2022-07-31 16:26
Platform
win10v2004-20220721-en
Max time kernel
85s
Max time network
146s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\5f6b9f6c4720a58e07b9a6745a22d3d335363ded771d2310a1078f4c3396d2cb.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\5f6b9f6c4720a58e07b9a6745a22d3d335363ded771d2310a1078f4c3396d2cb.exe
"C:\Users\Admin\AppData\Local\Temp\5f6b9f6c4720a58e07b9a6745a22d3d335363ded771d2310a1078f4c3396d2cb.exe"
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4100 -ip 4100
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 296
Network
| Country | Destination | Domain | Proto |
| FR | 20.40.129.122:443 | tcp | |
| FR | 20.40.129.122:443 | tcp | |
| IE | 20.50.73.9:443 | tcp | |
| NL | 67.26.105.254:80 | tcp | |
| NL | 67.26.105.254:80 | tcp |