Malware Analysis Report

2024-10-16 03:13

Sample ID 211122-whwddabfc3
Target 88f7544a29a2ceb175a135d9fa221cbfd3e8c71f32dd6b09399717f85ea9afd1
SHA256 2f7d37c22e6199d1496f307c676223dda999c136ece4f2748975169b4a48afe5
Tags
hive
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2f7d37c22e6199d1496f307c676223dda999c136ece4f2748975169b4a48afe5

Threat Level: Known bad

The file 88f7544a29a2ceb175a135d9fa221cbfd3e8c71f32dd6b09399717f85ea9afd1 was found to be: Known bad.

Malicious Activity Summary

hive

Hive Ransomware

Hive family

Program crash

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2021-11-22 17:55

Signatures

Hive Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Hive family

hive

Analysis: behavioral1

Detonation Overview

Submitted

2021-11-22 17:55

Reported

2021-11-22 17:58

Platform

win7-en-20211014

Max time kernel

122s

Max time network

124s

Command Line

"C:\Users\Admin\AppData\Local\Temp\88f7544a29a2ceb175a135d9fa221cbfd3e8c71f32dd6b09399717f85ea9afd1.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\88f7544a29a2ceb175a135d9fa221cbfd3e8c71f32dd6b09399717f85ea9afd1.exe

"C:\Users\Admin\AppData\Local\Temp\88f7544a29a2ceb175a135d9fa221cbfd3e8c71f32dd6b09399717f85ea9afd1.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 36

Network

N/A

Files

memory/544-55-0x0000000000000000-mapping.dmp

memory/544-56-0x0000000075901000-0x0000000075903000-memory.dmp

memory/544-57-0x0000000001C10000-0x0000000001C11000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2021-11-22 17:55

Reported

2021-11-22 17:58

Platform

win10-en-20211104

Max time kernel

85s

Max time network

129s

Command Line

"C:\Users\Admin\AppData\Local\Temp\88f7544a29a2ceb175a135d9fa221cbfd3e8c71f32dd6b09399717f85ea9afd1.exe"

Signatures

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeRestorePrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\SysWOW64\WerFault.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\88f7544a29a2ceb175a135d9fa221cbfd3e8c71f32dd6b09399717f85ea9afd1.exe

"C:\Users\Admin\AppData\Local\Temp\88f7544a29a2ceb175a135d9fa221cbfd3e8c71f32dd6b09399717f85ea9afd1.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 228

Network

Country Destination Domain Proto
IE 52.109.76.31:443 tcp
US 8.8.8.8:53 sv.symcb.com udp
US 93.184.220.29:80 sv.symcb.com tcp
US 8.8.8.8:53 time.windows.com udp
NL 40.119.148.38:123 time.windows.com udp

Files

N/A