Analysis Overview
SHA256
e37042313f8728e4d91db32b3d3207f5efca149c60fc8b0b29786eca1ee759d5
Threat Level: Known bad
The file e37042313f8728e4d91db32b3d3207f5efca149c60fc8b0b29786eca1ee759d5 was found to be: Known bad.
Malicious Activity Summary
Detects Rust Elf variant of Hive Ransomware
Detects Rust x64 variant of Hive Ransomware
Detects Rust x86 variant of Hive Ransomware
Hive family
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2022-04-08 18:29
Signatures
Detects Rust Elf variant of Hive Ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects Rust x64 variant of Hive Ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detects Rust x86 variant of Hive Ransomware
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Hive family
Analysis: behavioral3
Detonation Overview
Submitted
2022-04-08 18:29
Reported
2022-04-08 18:32
Platform
win7-20220331-en
Max time kernel
37s
Max time network
46s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\HiveVersion5\windows_x32_encrypt.exe
"C:\Users\Admin\AppData\Local\Temp\HiveVersion5\windows_x32_encrypt.exe"
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2022-04-08 18:29
Reported
2022-04-08 18:32
Platform
win10v2004-20220331-en
Max time kernel
154s
Max time network
163s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\HiveVersion5\windows_x32_encrypt.exe
"C:\Users\Admin\AppData\Local\Temp\HiveVersion5\windows_x32_encrypt.exe"
Network
| Country | Destination | Domain | Proto |
| IE | 20.50.80.210:443 | tcp | |
| US | 8.8.8.8:53 | crl4.digicert.com | udp |
| US | 93.184.220.29:80 | crl4.digicert.com | tcp |
| US | 13.107.4.50:80 | tcp | |
| US | 13.107.4.50:80 | tcp | |
| US | 13.107.4.50:80 | tcp | |
| US | 8.8.8.8:53 | 96.108.152.52.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2022-04-08 18:29
Reported
2022-04-08 18:32
Platform
win7-20220331-en
Max time kernel
36s
Max time network
47s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\HiveVersion5\windows_x64_encrypt.exe
"C:\Users\Admin\AppData\Local\Temp\HiveVersion5\windows_x64_encrypt.exe"
Network
Files
Analysis: behavioral6
Detonation Overview
Submitted
2022-04-08 18:29
Reported
2022-04-08 18:32
Platform
win10v2004-20220331-en
Max time kernel
150s
Max time network
150s
Command Line
Signatures
Processes
C:\Users\Admin\AppData\Local\Temp\HiveVersion5\windows_x64_encrypt.exe
"C:\Users\Admin\AppData\Local\Temp\HiveVersion5\windows_x64_encrypt.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | crl4.digicert.com | udp |
| US | 93.184.220.29:80 | crl4.digicert.com | tcp |
| US | 93.184.220.29:80 | crl4.digicert.com | tcp |
| SE | 178.79.212.129:80 | tcp | |
| SE | 178.79.212.129:80 | tcp | |
| US | 93.184.220.29:80 | crl4.digicert.com | tcp |
| US | 93.184.220.29:80 | crl4.digicert.com | tcp |
| NL | 20.190.160.72:443 | tcp | |
| US | 8.8.8.8:53 | 14.110.152.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.e.0.0.0.0.0.0.0.0.0.0.0.0.0.0.3.0.0.0.4.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa | udp |
| US | 93.184.221.240:2222 | ctldl.windowsupdate.com | tcp |
| US | 93.184.221.240:24826 | ctldl.windowsupdate.com | tcp |
| US | 93.184.221.240:56929 | ctldl.windowsupdate.com | tcp |
| US | 93.184.221.240:20002 | ctldl.windowsupdate.com | tcp |
| US | 93.184.221.240:10219 | ctldl.windowsupdate.com | tcp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2022-04-08 18:29
Reported
2022-04-08 18:29
Platform
ubuntu1804-amd64-en-20211208
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/778002687/payload.dat
[/tmp/778002687/payload.dat]
Network
Files
Analysis: behavioral2
Detonation Overview
Submitted
2022-04-08 18:29
Reported
2022-04-08 18:29
Platform
ubuntu1804-amd64-en-20211208
Max time kernel
0s
Command Line
Signatures
Processes
/tmp/773122625/payload.dat
[/tmp/773122625/payload.dat]