Malware Analysis Report

2024-10-16 03:10

Sample ID 220408-w5bbqagac2
Target e37042313f8728e4d91db32b3d3207f5efca149c60fc8b0b29786eca1ee759d5
SHA256 e37042313f8728e4d91db32b3d3207f5efca149c60fc8b0b29786eca1ee759d5
Tags
hive
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e37042313f8728e4d91db32b3d3207f5efca149c60fc8b0b29786eca1ee759d5

Threat Level: Known bad

The file e37042313f8728e4d91db32b3d3207f5efca149c60fc8b0b29786eca1ee759d5 was found to be: Known bad.

Malicious Activity Summary

hive

Detects Rust Elf variant of Hive Ransomware

Detects Rust x64 variant of Hive Ransomware

Detects Rust x86 variant of Hive Ransomware

Hive family

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2022-04-08 18:29

Signatures

Detects Rust Elf variant of Hive Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Detects Rust x64 variant of Hive Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Detects Rust x86 variant of Hive Ransomware

Description Indicator Process Target
N/A N/A N/A N/A

Hive family

hive

Analysis: behavioral3

Detonation Overview

Submitted

2022-04-08 18:29

Reported

2022-04-08 18:32

Platform

win7-20220331-en

Max time kernel

37s

Max time network

46s

Command Line

"C:\Users\Admin\AppData\Local\Temp\HiveVersion5\windows_x32_encrypt.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\HiveVersion5\windows_x32_encrypt.exe

"C:\Users\Admin\AppData\Local\Temp\HiveVersion5\windows_x32_encrypt.exe"

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2022-04-08 18:29

Reported

2022-04-08 18:32

Platform

win10v2004-20220331-en

Max time kernel

154s

Max time network

163s

Command Line

"C:\Users\Admin\AppData\Local\Temp\HiveVersion5\windows_x32_encrypt.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\HiveVersion5\windows_x32_encrypt.exe

"C:\Users\Admin\AppData\Local\Temp\HiveVersion5\windows_x32_encrypt.exe"

Network

Country Destination Domain Proto
IE 20.50.80.210:443 tcp
US 8.8.8.8:53 crl4.digicert.com udp
US 93.184.220.29:80 crl4.digicert.com tcp
US 13.107.4.50:80 tcp
US 13.107.4.50:80 tcp
US 13.107.4.50:80 tcp
US 8.8.8.8:53 96.108.152.52.in-addr.arpa udp

Files

N/A

Analysis: behavioral5

Detonation Overview

Submitted

2022-04-08 18:29

Reported

2022-04-08 18:32

Platform

win7-20220331-en

Max time kernel

36s

Max time network

47s

Command Line

"C:\Users\Admin\AppData\Local\Temp\HiveVersion5\windows_x64_encrypt.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\HiveVersion5\windows_x64_encrypt.exe

"C:\Users\Admin\AppData\Local\Temp\HiveVersion5\windows_x64_encrypt.exe"

Network

N/A

Files

N/A

Analysis: behavioral6

Detonation Overview

Submitted

2022-04-08 18:29

Reported

2022-04-08 18:32

Platform

win10v2004-20220331-en

Max time kernel

150s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\HiveVersion5\windows_x64_encrypt.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\HiveVersion5\windows_x64_encrypt.exe

"C:\Users\Admin\AppData\Local\Temp\HiveVersion5\windows_x64_encrypt.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 crl4.digicert.com udp
US 93.184.220.29:80 crl4.digicert.com tcp
US 93.184.220.29:80 crl4.digicert.com tcp
SE 178.79.212.129:80 tcp
SE 178.79.212.129:80 tcp
US 93.184.220.29:80 crl4.digicert.com tcp
US 93.184.220.29:80 crl4.digicert.com tcp
NL 20.190.160.72:443 tcp
US 8.8.8.8:53 14.110.152.52.in-addr.arpa udp
US 8.8.8.8:53 0.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa udp
US 93.184.221.240:2222 ctldl.windowsupdate.com tcp
US 93.184.221.240:24826 ctldl.windowsupdate.com tcp
US 93.184.221.240:56929 ctldl.windowsupdate.com tcp
US 93.184.221.240:20002 ctldl.windowsupdate.com tcp
US 93.184.221.240:10219 ctldl.windowsupdate.com tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-04-08 18:29

Reported

2022-04-08 18:29

Platform

ubuntu1804-amd64-en-20211208

Max time kernel

0s

Command Line

[/tmp/778002687/payload.dat]

Signatures

N/A

Processes

/tmp/778002687/payload.dat

[/tmp/778002687/payload.dat]

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2022-04-08 18:29

Reported

2022-04-08 18:29

Platform

ubuntu1804-amd64-en-20211208

Max time kernel

0s

Command Line

[/tmp/773122625/payload.dat]

Signatures

N/A

Processes

/tmp/773122625/payload.dat

[/tmp/773122625/payload.dat]

Network

N/A

Files

N/A