Overview
overview
7Static
static
7CrosshairE...2).rar
windows7-x64
7CrosshairE...2).rar
windows10-2004-x64
3CrosshairE...ya.dll
windows7-x64
1CrosshairE...ya.dll
windows10-2004-x64
1CrosshairE...hl.exe
windows7-x64
7CrosshairE...hl.exe
windows10-2004-x64
7CrosshairE...hd.ini
windows7-x64
1CrosshairE...hd.ini
windows10-2004-x64
1DefenderControl.zip
windows7-x64
1DefenderControl.zip
windows10-2004-x64
1ВАЖНО...�!.txt
windows7-x64
1ВАЖНО...�!.txt
windows10-2004-x64
1Analysis
-
max time kernel
150s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
15-08-2023 15:29
Behavioral task
behavioral1
Sample
CrosshairEditor by Freya v1 (2).rar
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral2
Sample
CrosshairEditor by Freya v1 (2).rar
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
CrosshairEditor/Freya.dll
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral4
Sample
CrosshairEditor/Freya.dll
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
CrosshairEditor/Freya.hl.exe
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral6
Sample
CrosshairEditor/Freya.hl.exe
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
CrosshairEditor/injmthd.ini
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral8
Sample
CrosshairEditor/injmthd.ini
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
DefenderControl.zip
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral10
Sample
DefenderControl.zip
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
ВАЖНО! ЧИТАТЬ!.txt
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral12
Sample
ВАЖНО! ЧИТАТЬ!.txt
Resource
win10v2004-20230703-en
windows10-2004-x64
General
-
Target
CrosshairEditor/Freya.hl.exe
-
Size
179KB
-
MD5
12b9674d5a68f829f20214644e67baa3
-
SHA1
9f2681173105f628c7cb14b57540121c5dc667dd
-
SHA256
88132922084d88a606d4430b1903c2c7d2b48e4b1467253c3a51ed00b05954c6
-
SHA512
c1c47d6d7f2ec3d2cf6a50fe85acab653a4e81d7c56a2f1972f7de0b686272c3cb03f59be9512acb4530b94bbe90d4b81b00682d4413ed62bc69b6033a43a073
-
SSDEEP
3072:O2qkbSLWyjCkRtc8lsAR8Z4GkZypFuX6HNwTBf0aeEus/aL:xH+ayW8fWOCDRY0ouAK
Malware Config
Signatures
-
resource yara_rule behavioral6/memory/2976-133-0x0000000000CD0000-0x0000000000D2F000-memory.dmp upx behavioral6/memory/2976-134-0x0000000000CD0000-0x0000000000D2F000-memory.dmp upx -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe 2976 Freya.hl.exe