Extracted

• • Target

    c47745c73485b8492a301c2754ff895b_JaffaCakes118

  • Size

    534KB

  • MD5

    c47745c73485b8492a301c2754ff895b

  • SHA1

    9a90d06c544c9848d7f384921812877a4fdad5f3

  • SHA256

    35dd54998c21502765a5807c3d0da5f67f09e93d90be66881cbe5d5360ae17b0

  • SHA512

    11067e4b5ce4d4e5d926958fc57df99cdb278313891b0270b74d14a5a4c8a43c44197dd15ff9ba72cb8e743feaee61d70ee9e5de952c5945cdc9ed1b2d0f2425

  • SSDEEP

    12288:k8CmEKY7gpWMBYKoM6scG2u302l0HwbsG7kWunEDXm/zjH0Bq:k8CmEj6BYHMDn2u3049HSn+Xm/9

  Score

  10^/10

  hancitor1910_nswdownloader

  • Hancitor

    Hancitor is downloader used to deliver other malware families.

    downloaderhancitor

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request

  • Loads dropped DLL

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2