Overview

overview

3

Static

static

3

Hornynite-...ws.zip

windows7-x64

1

Hornynite-...ws.zip

windows10-2004-x64

1

Hornynite-...47.dll

windows7-x64

1

Hornynite-...47.dll

windows10-2004-x64

1

Hornynite-...GL.dll

windows7-x64

1

Hornynite-...GL.dll

windows10-2004-x64

1

Hornynite-...v2.dll

windows7-x64

1

Hornynite-...v2.dll

windows10-2004-x64

1

Hornynite-....9.dll

windows7-x64

1

Hornynite-....9.dll

windows10-2004-x64

1

Hornynite-...on.dll

windows7-x64

1

Hornynite-...on.dll

windows10-2004-x64

1

Hornynite-...rs.dll

windows7-x64

1

Hornynite-...rs.dll

windows10-2004-x64

1

Hornynite-...on.exe

windows7-x64

1

Hornynite-...on.exe

windows10-2004-x64

1

Hornynite-...nw.exe

windows7-x64

1

Hornynite-...nw.exe

windows10-2004-x64

1

Hornynite-...ay.vbs

windows7-x64

1

Hornynite-...ay.vbs

windows10-2004-x64

1

Hornynite-...nc.exe

windows7-x64

1

Hornynite-...nc.exe

windows10-2004-x64

1

Hornynite-...ke.exe

windows7-x64

1

Hornynite-...ke.exe

windows10-2004-x64

1

Hornynite-...__.pyc

windows7-x64

3

Hornynite-...__.pyc

windows10-2004-x64

3

Hornynite-...le.pyc

windows7-x64

3

Hornynite-...le.pyc

windows10-2004-x64

3

Hornynite-...ss.pyc

windows7-x64

3

Hornynite-...ss.pyc

windows10-2004-x64

3

Hornynite-...bc.pyc

windows7-x64

3

Hornynite-...bc.pyc

windows10-2004-x64

3

Analysis

  • max time kernel
    156s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2023, 14:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Hornynite-0.14-win/lib/python3.9/_bootsubprocess.pyc

  • Size

    2KB

  • MD5

    958bb5841c613ea6ff96441c33af098a

  • SHA1

    7bf353ae2ec210031544c61083b102b4ffc99afd

  • SHA256

    e13eb991a60901ff4ea4e2eede6f38fcd0fa129446bdd267d5baabe7f3ec288d

  • SHA512

    97aa0dc3bd985d48bf19e32924e6a2d91abcec59542c62dbef3d46d602155dddcaad16b71937b022926467360174ceb1cd7abd7df3bcb67d4ced231f82097891

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Hornynite-0.14-win\lib\python3.9\_bootsubprocess.pyc
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1968
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Hornynite-0.14-win\lib\python3.9\_bootsubprocess.pyc
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:2144
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Hornynite-0.14-win\lib\python3.9\_bootsubprocess.pyc"
        3⤵
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2664

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    a3291e2f41b36bd76a3e792e2d7f25cd

    SHA1

    b7eb95bcf6a03a0b4b665269cc9223de2058e7ec

    SHA256

    59151be8f37ae6170a7f0ab74467c6ca92223698f202329af377c09ba0eb48b9

    SHA512

    75e3b4cac4d0dc56d52c0bfcfaa9e503ae3d60f80ce318fa04015cd326fc070af2570f147fd501da0e71712476f7c6ed34ca85ec1587f878ae2546b881074a1f

    Download Submit