Well, that might explain it ("its length is of about 40 characters")... see https://hashcat.net/faq#what_is_the_maxi...ord_length
so max 31 for -a 0 (40 is already too long).
But you might be able to use -a 1 which is able to handle 31 chars from the first dictionary and 31 from the second one (but not longer than 55 in total). So try to split the password candidates and use -a 1 dict1.txt dict2.txt
BTW: you should definitely see the rejected count be larger than 0, if the password candidates are too long.
$HEX[] encoding could also just mean that the password candidates include some special chars like the colon (":") etc.
Update: actually, the 31 limit should only be true for fast hashes (and I forget that we talk about -m 13723 here, a slow hash), unfortunately I'm not sure if the FAQ section for max. password for 137xx is up-to-date/correct. Maybe you can test and see what is the max. length that hashcat cracks (and we should update the FAQ accordingly)
so max 31 for -a 0 (40 is already too long).
But you might be able to use -a 1 which is able to handle 31 chars from the first dictionary and 31 from the second one (but not longer than 55 in total). So try to split the password candidates and use -a 1 dict1.txt dict2.txt
BTW: you should definitely see the rejected count be larger than 0, if the password candidates are too long.
$HEX[] encoding could also just mean that the password candidates include some special chars like the colon (":") etc.
Update: actually, the 31 limit should only be true for fast hashes (and I forget that we talk about -m 13723 here, a slow hash), unfortunately I'm not sure if the FAQ section for max. password for 137xx is up-to-date/correct. Maybe you can test and see what is the max. length that hashcat cracks (and we should update the FAQ accordingly)