Extracted

• • Target

    ef8cf02b28315daff8ea591bc351976b_JaffaCakes118

  • Size

    534KB

  • MD5

    ef8cf02b28315daff8ea591bc351976b

  • SHA1

    0bc5d06813f9c5aba1369e705dafbc1546c54e4f

  • SHA256

    3af1f23c945a8790a256c5cd13bd6f1d29ab5cfa6d40ce88e44aebba33696922

  • SHA512

    d62d6671a04ad41b38fece9b86d1517cb876be54ffd367f535ee29d0c2d8bc1c91d8abe3d3af05c01be46bfb73b8f53eadf19f7c4354704a574542649618fe2d

  • SSDEEP

    12288:s8CmEKY7gpWMBgroM6scG2u302l0HwbsG7kWunEDXm/zjHwB7:s8CmEj6Bg0MDn2u3049HSn+Xm/s

  Score

  10^/10

  hancitor1910_nswdownloader

  • Hancitor

    Hancitor is downloader used to deliver other malware families.

    downloaderhancitor

  • Process spawned unexpected child process

    This typically indicates the parent process was compromised via an exploit or macro.

  • Blocklisted process makes network request

  • Loads dropped DLL

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2