Extracted

• • Target

    4cbd18ecf3f934d6a8db9c3fe9245f81_JaffaCakes118

  • Size

    534KB

  • MD5

    4cbd18ecf3f934d6a8db9c3fe9245f81

  • SHA1

    c9bae2c8ce062ad9ba0495bbce6983824bb950e8

  • SHA256

    4984ec3568630ce614a2296bd459f96f66f9fb935c3f0f89118e0c8a9bb6cdc8

  • SHA512

    6045af24b187aba4c67f8629d2809a6f9a9d2bb13439ca35ff95c6471b4ea0ae282717a1ac684fe9392f9b95b232aa35f0dd4e58e972883413b0ec6ea87c6562

  • SSDEEP

    12288:a8CmEKY7gpWMBbxoM6scG2u302l0HwbsG7kWunEDXm/zjH8BV:a8CmEj6BbOMDn2u3049HSn+Xm/y

  Score

  10^/10

  hancitor1910_nswdownloader

  • Hancitor

    Hancitor is downloader used to deliver other malware families.

    downloaderhancitor

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request

  • Loads dropped DLL

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2