Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

HawkEyes.exe

windows7-x64

7

HawkEyes.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    25s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    04/07/2023, 05:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HawkEyes.exe

  • Size

    61.2MB

  • MD5

    229b39c9a2ed47dd87d2eae54f11f41f

  • SHA1

    802842e2f264a6a4756233bc658602b24c990d55

  • SHA256

    0d82b1a03a626ae36f777573c66de32b4b5487be24137baa06b9f3da6538166a

  • SHA512

    1c6099cde3ad3cf5d61439bf3be60185c56e6402c5bc7778d893ea47f4725d2896d75a614410900e928bf1a94b4e893d2adecdde8e1940d81dc446bbf66eb23d

  • SSDEEP

    1572864:uohRuJvESn4nTKLbKVDCsAq3rYkctmFV1Ga6cbgghbqa9Kbu3bFYF8R0ROt11L98:uMu72TKLbyqOc

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 18 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HawkEyes.exe
    "C:\Users\Admin\AppData\Local\Temp\HawkEyes.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1316

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\.net\HawkEyes\vmvhkc1y.wj3\HawkEyes.dll
    Filesize

    2.3MB

    MD5

    0850a5046062b4d7457c4cef683f0d49

    SHA1

    29ef8ebd960ccc30094f7c1ad9f4f72b01f87356

    SHA256

    a3d8430f317ba6141da03ff10038e0dd05b35d876bc7acbc4c2971797e56208e

    SHA512

    a8504434dfbc9338a5f1385816ee8f93bc7a6c1a3fe0fc8d36edc8c86cfe343c911531b86deb4eb98f2cf43df62c7bddb3352932ae7a7e92c6742c56f65c9126

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\HawkEyes\vmvhkc1y.wj3\Microsoft.Win32.Primitives.dll
    Filesize

    21KB

    MD5

    43b000fb8fa07a83d1e4770646f2c074

    SHA1

    ea720d2321d30aeb9ea1b9c5e096bb78fff3a41c

    SHA256

    4db1d77c02b04a98b066f403f8d7fa05a1a60e955684a4d55aeca065d1b9b0af

    SHA512

    8f763d39126e892f2557bad89d90010251958c6b3436ba40295af5ed60a28e499b8cb4c82808d55f501f76148c0b46ac3cdcbbd766ce2b085d08ebd2faa028b8

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\HawkEyes\vmvhkc1y.wj3\System.Collections.dll
    Filesize

    287KB

    MD5

    31326cd48be995fdd14fd0800b9de684

    SHA1

    7534afcad65735ca8cc127b7ff263c4f559b9b45

    SHA256

    28bddbafb7b8ddc6876f33f1051b499e529e29481ffdebad486eaa6610f96fb0

    SHA512

    d6b97f6d91f833c4d3ed7943712fb2cbf7c3754cc942e56172cb95ab08275de9507a72c2b856e7966fc55bffe22e032173ea95909ca95c07b3c0de7c5c843f4a

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\HawkEyes\vmvhkc1y.wj3\System.ComponentModel.Primitives.dll
    Filesize

    48KB

    MD5

    d4fdb1426ea57c8b3112047bed6b8a69

    SHA1

    dfb53c5d38c82a18c9c7106062955b5426bc2698

    SHA256

    a013670ee70f785ce9eaacb6c48d91d107e70632e72049fd2e681443187b01b2

    SHA512

    7132890f49e9f81c2b4dddbd7e0f284e60b4d33ccdfeb2deb426b595fb7f9d16b9e323737fa63473f68fe51756930e854dc3ac4b47c82182b8b5e52fcfaba14f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\HawkEyes\vmvhkc1y.wj3\System.Diagnostics.Process.dll
    Filesize

    226KB

    MD5

    03d40c1a3cf0f5a83db50e20d0cdd416

    SHA1

    442c18cbbc5e6c4c322fedf0fec2b43d515446e5

    SHA256

    05643a2e93e085187cbe14fea881f0735de82f4fcd8f4c23b567f734c2fd04c4

    SHA512

    d62ecc8fb8a0fa624c6dd26b2e437cb395fec8ac4dc9c907a19edec4cf22c152dd5e5a7fe895d9d3a755e0f0d63591698501cc307f8a72f8a2ecc1e974e1da64

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\HawkEyes\vmvhkc1y.wj3\System.Memory.dll
    Filesize

    164KB

    MD5

    6ad201d00a4026704c32b010e9755551

    SHA1

    747790c23bfa007d5fded8394ee1a8843ed083b5

    SHA256

    d51dac2d0f748246508f9651df3ff532540f300fc91893cffff5f55d2f8d920c

    SHA512

    1b277ddee791d475f1cb6cd4ec14183a66c377c3136fd975e1b932461e67ac5d5c660f297e88150a9263d09971dcf44c58c67eea9eb758654c85519b74c171ed

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\HawkEyes\vmvhkc1y.wj3\System.Net.NetworkInformation.dll
    Filesize

    156KB

    MD5

    80aa9d1d85b836a97ebabdd8c1d7b613

    SHA1

    0de49c0657c88508af3af8be6ae4066e13706fbc

    SHA256

    7f0c825df75d0de463f54bcba83654e77bb24ffe5f8b8d98539dedb68ada18c2

    SHA512

    aa70e55ea2c90b21a0d26c8e762d70f4b5559747a40129d3028ec10c643e322aea1adf21c5df0b45014de48867a6870ffdc31d5fe1e1e003f1930823913a4925

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\HawkEyes\vmvhkc1y.wj3\System.Net.Primitives.dll
    Filesize

    188KB

    MD5

    42e6b9401de72ed0977046457a1b1cf5

    SHA1

    1f31946e151540a42647094b9952338b3cb1a19b

    SHA256

    c6bb06d8d7b409dceaa5ba55ef83ade6d409b47280683b3502d4691f1e0ada66

    SHA512

    817c3cab250182ff2ab886bc25b1c627b30e1edbf55b4bf95ff2b8bf3d8af2f263dcefbaac992bf6a4b6190b227af2ea5a4cbca98a41a167af9d23c51c0d5d86

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\HawkEyes\vmvhkc1y.wj3\System.Private.CoreLib.dll
    Filesize

    8.3MB

    MD5

    280b72bdb1aa037f6f4ded4b65b12392

    SHA1

    ecb7892cd709c8c83f318482d5138939f5704b2f

    SHA256

    ec4ed2a62e1406bd6378e2b5a744d42974e4b4fe08cf9b68d2d7fc25449ea30e

    SHA512

    e1cfce9f5e6a76d327bdbda22c1006adc5585b78ceb3effe44149f2eea6426813e3dc59fd2b40a600a4a032a92340f53d1bfcfe8fdb9989464528ccc90f526aa

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\HawkEyes\vmvhkc1y.wj3\System.Runtime.Extensions.dll
    Filesize

    188KB

    MD5

    dcf3763de999e8fdc90d0c0e1928cde9

    SHA1

    6397dd35dfdf98295256e7ebec402093246b09a6

    SHA256

    ec2fd135c5120d4ac133505d9dedb3b73b7bedd2af120c8d236bf203d7a06b62

    SHA512

    b9ea3f86389b0eb0dc4f24e828bec99d9045696f3722e1c24672c7b9008c027f41265baa460b0549730a14f9272a157431edf8617943fe6c586aee9c78ce8ce9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\HawkEyes\vmvhkc1y.wj3\System.Runtime.InteropServices.dll
    Filesize

    49KB

    MD5

    93ce68289f9e96ed5ee7222f670806a4

    SHA1

    53f774b091fcf44c0148868788c59ed5b3ff8298

    SHA256

    ae2a7283e67b019ada2c0396cf11eff8d557ef9f14adbe8d1d9cd573bc5de41a

    SHA512

    a8f516f08b537924477b890c9874b4dc8f4314e3cbd26eb88f50dddc7598afaf1f92cb4c558919e73d76f8c1512c7a686d61aeda4a1aa6b7a3def4e503b83d4c

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\HawkEyes\vmvhkc1y.wj3\System.Runtime.dll
    Filesize

    51KB

    MD5

    143c20e72c10e66e731b66ac77b6d7f9

    SHA1

    151a5904ade6e03d75ff6668be80d43fe5d9327c

    SHA256

    a15a62a7b6d8852e80509b34780cc294dbdd2bcabcf6d708b07ee5195754687a

    SHA512

    da0ba88538828d29b04ef03cf1c1608fe0541532bd4336247faa5f351ded8cbf5ee0a320cecdd4177a2b1522948b6bd9abd4ea544582d7fae73fd826b0ff51fc

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\HawkEyes\vmvhkc1y.wj3\System.Threading.dll
    Filesize

    71KB

    MD5

    e043ba1f6cd7f6b60288fff0bfef9a51

    SHA1

    1b52414b919d974d16361a6c9f515d4b8e03f8a7

    SHA256

    115ec74188dcdbc157dcb68bdcd017eff5719a67f726dfee129f8cb72899205d

    SHA512

    410f4f266feef0003b622a3ed0a23793995c0f9f24bb742fcf4dca4d6fd80e8801b898b8cf1afe81959ad65a958f2f3b37cae8d7d701d738a9e5333ae01dae0f

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\HawkEyes\vmvhkc1y.wj3\api-ms-win-crt-utility-l1-1-0.dll
    Filesize

    18KB

    MD5

    70e9104e743069b573ca12a3cd87ec33

    SHA1

    4290755b6a49212b2e969200e7a088d1713b84a2

    SHA256

    7e6b33a4c0c84f18f2be294ec63212245af4fd8354636804ffe5ee9a0d526d95

    SHA512

    e979f28451d271f405b780fc2025707c8a29dcb4c28980ca42e33d4033666de0e4a4644defec6c1d5d4bdd3c73d405fafcffe3320c60134681f62805c965bfd9

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\HawkEyes\vmvhkc1y.wj3\clrjit.dll
    Filesize

    1.1MB

    MD5

    4c08835478cb991ffec38c30b7d809ea

    SHA1

    5f9fe968f6be00d8a52728a4467ba6f362451629

    SHA256

    6cdd9bedf3d1441a2297f2f5148195c2b9447dbfd2865e0eec8faf962b8f2f78

    SHA512

    2b3925d2e4ff01b643e64a37f5dde450fa2f90282e10d24ec0a0682fe97e35701671a0836a69131f3c6e52497f78f4e4b0e30bf5053ea89882ea2f182e461467

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\HawkEyes\vmvhkc1y.wj3\coreclr.dll
    Filesize

    4.1MB

    MD5

    b6ffa839d5488870f6eb6975bcc240b3

    SHA1

    f9a273ab0611cff1512e26f1e00547839a021413

    SHA256

    c77b5d3b39931d40b29ddd40c9e0fa035344447356ab4309936e0599b1e73d52

    SHA512

    217938a8bfe9065e3b7413ae28feb0e1dabb97b7bf08f0bd7a22ff5b8a8a63b91443f4a7dea25d9db2a77b1185e96642d23d8d95dcf07a2d242c0ae2fd4d611b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\HawkEyes\vmvhkc1y.wj3\hostfxr.dll
    Filesize

    460KB

    MD5

    94fa4f8a0bec522f1b299b36d744548c

    SHA1

    dafae0424a4f7cb8e81a34b3ef3fb8cb374eb789

    SHA256

    15878546f65d32f1d0edeedc0e8aaf1abc0ba3315d2323d659a5c267f093d1cb

    SHA512

    130a66fc9532a86c625469bf84cca8bf0ed5fbe540dbd77104d80a2bc10ec14d896330c9b47103d6bb4e231e7f6abf72e2a050f04813a337476b4a70ad3c1ab2

    Download Submit

  • \Users\Admin\AppData\Local\Temp\.net\HawkEyes\vmvhkc1y.wj3\hostpolicy.dll
    Filesize

    456KB

    MD5

    db0414cf4cdce8d870522ca604f7ecab

    SHA1

    29c280c23e0b945c08ab203e3c622e243bb24ed4

    SHA256

    523726bfca033a783e32c4c3d834ea4284820dad7be0cff395fa039b51c3d49c

    SHA512

    d8276b152c2007cec470a39849c3540288d3f710779e6f849f7d0af344d69090e246824355f4148c6b5d79c17dbef3a71f810454ed81bce1e9b11b40bb335413

    Download Submit