hive | 88f7544a29a2ceb175a135d9fa221cbfd3e8c71f32dd6b09399717f85ea9afd1

Analysis

max time kernel
32s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-12-2022 15:26

Target

hive.exe
Size

764KB
MD5

2f9fc82898d718f2abe99c4a6fa79e69
SHA1

9d336b8911c8ffd7cc809e31d5b53796bb0cc7bb
SHA256

88f7544a29a2ceb175a135d9fa221cbfd3e8c71f32dd6b09399717f85ea9afd1
SHA512

19f0879b1c54d305ab7a97a0d46ab79c103d4687fe37d5f9ef1934904eea48a1c66b1ac2de3dace6dc0d91623309287044c198cb0b3fc9f8453fbc9d1c0cae8b
SSDEEP

12288:CinNFNkY/yU97ppM4NSBG81Np2C9H4S3iDjlLtc4wCIITIQaOI6NrwacVYV+4MsT:CinN3n/y67jM4v4kCSPDjlLtbwt8IQLH

Score

10^/10

hive ransomware upx

Detects Go variant of Hive Ransomware 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2796-132-0x00000000006D0000-0x0000000000933000-memory.dmp	hive_go
behavioral2/memory/2796-133-0x00000000006D0000-0x0000000000933000-memory.dmp	hive_go

Hive
A ransomware written in Golang first seen in June 2021.
ransomware hive

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/2796-132-0x00000000006D0000-0x0000000000933000-memory.dmp	upx
behavioral2/memory/2796-133-0x00000000006D0000-0x0000000000933000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\hive.exe
"C:\Users\Admin\AppData\Local\Temp\hive.exe"
1⤵
PID:2796

memory/2796-132-0x00000000006D0000-0x0000000000933000-memory.dmp

Filesize
2.4MB

Download
memory/2796-133-0x00000000006D0000-0x0000000000933000-memory.dmp

Filesize
2.4MB

Download