Overview

overview

3

Static

static

3

Hornynite-...ws.zip

windows7-x64

1

Hornynite-...ws.zip

windows10-2004-x64

1

Hornynite-...47.dll

windows7-x64

1

Hornynite-...47.dll

windows10-2004-x64

1

Hornynite-...GL.dll

windows7-x64

1

Hornynite-...GL.dll

windows10-2004-x64

1

Hornynite-...v2.dll

windows7-x64

1

Hornynite-...v2.dll

windows10-2004-x64

1

Hornynite-....9.dll

windows7-x64

1

Hornynite-....9.dll

windows10-2004-x64

1

Hornynite-...on.dll

windows7-x64

1

Hornynite-...on.dll

windows10-2004-x64

1

Hornynite-...rs.dll

windows7-x64

1

Hornynite-...rs.dll

windows10-2004-x64

1

Hornynite-...on.exe

windows7-x64

1

Hornynite-...on.exe

windows10-2004-x64

1

Hornynite-...nw.exe

windows7-x64

1

Hornynite-...nw.exe

windows10-2004-x64

1

Hornynite-...ay.vbs

windows7-x64

1

Hornynite-...ay.vbs

windows10-2004-x64

1

Hornynite-...nc.exe

windows7-x64

1

Hornynite-...nc.exe

windows10-2004-x64

1

Hornynite-...ke.exe

windows7-x64

1

Hornynite-...ke.exe

windows10-2004-x64

1

Hornynite-...__.pyc

windows7-x64

3

Hornynite-...__.pyc

windows10-2004-x64

3

Hornynite-...le.pyc

windows7-x64

3

Hornynite-...le.pyc

windows10-2004-x64

3

Hornynite-...ss.pyc

windows7-x64

3

Hornynite-...ss.pyc

windows10-2004-x64

3

Hornynite-...bc.pyc

windows7-x64

3

Hornynite-...bc.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    137s
  • max time network
    167s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2023, 14:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Hornynite-0.14-win/lib/python3.9/_bootlocale.pyc

  • Size

    1KB

  • MD5

    25cd8310c27834d830e9d5e3bf331f10

  • SHA1

    718b7e30a2009d554a628c1e9b3aa33ce5df73a4

  • SHA256

    f44c741b071d68fbe32e8f27fec6e18a42541a7bbb1ccad03fcb5582a8ab987b

  • SHA512

    0879d2297a145f58e00df1032c8c2f73f3cd6a441516b51d819de693fdcd61581d03dbba28d01f4b31b285df6d4f8bbc98390e321b1f67ac5540310b8ed685aa

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Hornynite-0.14-win\lib\python3.9\_bootlocale.pyc
    1⤵
    • Modifies registry class
    PID:3068
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:2252

Network

  • flag-us
    DNS
    2.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    2.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    9.228.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.228.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    41.110.16.96.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    41.110.16.96.in-addr.arpa
    IN PTR
    Response
    41.110.16.96.in-addr.arpa
    IN PTR
    a96-16-110-41deploystaticakamaitechnologiescom
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    157.123.68.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    157.123.68.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    133.121.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.121.18.2.in-addr.arpa
    IN PTR
    Response
    133.121.18.2.in-addr.arpa
    IN PTR
    a2-18-121-133deploystaticakamaitechnologiescom
  • flag-us
    DNS
    19.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    131.109.69.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    131.109.69.13.in-addr.arpa
    IN PTR
    Response
No results found
  • 8.8.8.8:53
    2.159.190.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    2.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    9.228.82.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    9.228.82.20.in-addr.arpa

  • 8.8.8.8:53
    41.110.16.96.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    41.110.16.96.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    157.123.68.40.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    157.123.68.40.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    133.121.18.2.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    133.121.18.2.in-addr.arpa

  • 8.8.8.8:53
    19.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    19.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    131.109.69.13.in-addr.arpa
    dns
    72 B
     146 B
     1
    1

    DNS Request

    131.109.69.13.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.