Overview

overview

10

Static

static

3

0691483464...54.exe

windows7-x64

10

0691483464...54.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    153s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-12-2023 05:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    06914834645d9ab3058300de4c756954.exe

  • Size

    410KB

  • MD5

    06914834645d9ab3058300de4c756954

  • SHA1

    437546390ab6be7ab887e82148ba8b923bedd844

  • SHA256

    50c6eeab65b9c35d55dde8ba5cca1eaba4091d0a5611a353f9561e3e37453e67

  • SHA512

    08869a715d99a8034ee9e473c0c56f8fa4d35afbb67467a4d27ffd9d34f7d32f87a2b1f1141657ce7de27888fdca477af3d4756d6e5799d5dd27b5acbe2ff953

  • SSDEEP

    12288:3w06cUYTczdkibnD3WUgFooE3cVkO3rHGa6vSoW1:7TUHkibDGencVnHq6f

Score
10/10
hawkeyekeyloggerpersistencespywarestealertrojan

Malware Config

Signatures

  • HawkEye

    HawkEye is a malware kit that has seen continuous development since at least 2013.

    keyloggertrojanstealerspywarehawkeye
  • Deletes itself 1 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 5 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of WriteProcessMemory 40 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\06914834645d9ab3058300de4c756954.exe
    "C:\Users\Admin\AppData\Local\Temp\06914834645d9ab3058300de4c756954.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2348
      • C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
        C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
        3⤵
          PID:2848
        • C:\Users\Admin\AppData\Local\Temp\System\lsn.exe
          "C:\Users\Admin\AppData\Local\Temp\System\lsn.exe"
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Adds Run key to start application
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:3032
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
      C:\Windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
      1⤵
        PID:2916
      • C:\Users\Admin\AppData\Local\Temp\System\spolsv.exe
        "C:\Users\Admin\AppData\Local\Temp\System\spolsv.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1944

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\SysInfo.txt
        Filesize

        70B

        MD5

        673c630c339470fb63850411fc5af025

        SHA1

        938da03d56e1c206abc0fb7d729855a0a877a103

        SHA256

        64b7ba818f2ac7e79037f57649b441d293bde5e213eae6289e1d16b753ecae70

        SHA512

        8f51561e75a5acc3bff8a8006fc0934b55884255b4ffd6a43b028f4d1379f74694464a614da94195b3a240abf1756a83cdb399efcef209b75ee37789743a0713

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\System\spolsv.exe
        Filesize

        50KB

        MD5

        8f783b69cb94d3d4b7aafb8c528fdfa4

        SHA1

        2fce87e54d1c4b4d4d723ac042b758f1933b6ca0

        SHA256

        4d0bcd0aaeb7ac87395b45be79514b67ed217d1a3d2b670b44b0c0b88fe48303

        SHA512

        79443e8c68425a01c44f94d1cb65813566ea79a24534e307e87be19a1d943d38b1d53896b379e3cdcf06d5c9fddfb47dfbe9b5fb1fd995aed7cd2a65c11eb518

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\System\spolsv.exe
        Filesize

        90KB

        MD5

        8b0868b468388f351d5dd7bedda16e27

        SHA1

        cecbbd1eaf2af57a4b929d48f8eb8bc18971e4b1

        SHA256

        f77416f53850295b72f511c386b5c8691836e5ade378e425c33bf147ee499d78

        SHA512

        32a83ddb4cab5fdbc2b9fd5e2017607aee34711e7fadd93024ad19af092589ebb52cdbed074ace71e92d2599754fa18103be950228949832e4680fcf4acff525

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
        Filesize

        404KB

        MD5

        56b0bbf1fc0cad5a233c187f01fbff3c

        SHA1

        8e173dc24e8434092719d885fb843f24d9a90995

        SHA256

        ad238b5277ea2afded38326f793422528d1f1ec545c3132da09e25bbf9529beb

        SHA512

        0becc7c6053484a04acfaa230e2a3c2bf38c22b82f349ff2f4d4c321dd2f76a6e8b5ac7933797c2ceb696f90f3aacdad1afd7b175f4baeef97f18681a838e0b0

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
        Filesize

        410KB

        MD5

        06914834645d9ab3058300de4c756954

        SHA1

        437546390ab6be7ab887e82148ba8b923bedd844

        SHA256

        50c6eeab65b9c35d55dde8ba5cca1eaba4091d0a5611a353f9561e3e37453e67

        SHA512

        08869a715d99a8034ee9e473c0c56f8fa4d35afbb67467a4d27ffd9d34f7d32f87a2b1f1141657ce7de27888fdca477af3d4756d6e5799d5dd27b5acbe2ff953

        Download Submit

      • \Users\Admin\AppData\Local\Temp\System\lsn.exe
        Filesize

        24KB

        MD5

        0aa7e4dd12b1fc4d899bb86b0fd56233

        SHA1

        3bbd901ecc48959847deb145da3f3af6dc194afd

        SHA256

        d1267fc8e53b1cb8cda98eec93daf21ded66ba6ac9c05b0b7315444d459384e9

        SHA512

        2f2cd1892ab79a9dba46d1c1d848cd85ec876968b07316ccbda275b88960dc1718da7e4d433c88d0a52d2637bb5c99eda1135529f956e4a54c14f09bbc3f8e11

        Download Submit

      • \Users\Admin\AppData\Local\Temp\System\spolsv.exe
        Filesize

        99KB

        MD5

        f893c2f028fcf43648eb4ab2ceb7fa6d

        SHA1

        45330bc652686377beb835f7e226bf32cf975cc2

        SHA256

        03213002ae2e6bf56c6e3ef48ee4f3408cbe03ec085e61d9aefc13c8a24808c9

        SHA512

        77e0714112c676ba53228b114bed51aea75a5a4760ebb3afc5b340327d6e51254a4522251e7c231e0cb37b1269563b000accd8f67479a6420e9bf2f681e37a70

        Download Submit

      • \Users\Admin\AppData\Local\Temp\System\spolsv.exe
        Filesize

        208KB

        MD5

        203ae4f45f441a8cf32aa9eefc30ddb2

        SHA1

        937d41359962c0713b4ca32edd1663745920a9ee

        SHA256

        263529aa5a76e4639b97d89239d137be325266fc0b2af0af4ef84dde6d29f738

        SHA512

        a51b2284645303fe8857473b1c79628df7c001eb02e8bc0b5e8d1b9fb4ae4a43f0ce5fc325c3dceb769a696d8f61f0fb7ba40f353295dbafa361273edbccd90b

        Download Submit

      • \Users\Admin\AppData\Roaming\Microsoft\Windows\Templates\explorer.exe
        Filesize

        91KB

        MD5

        3f41264c4acf80c5c1a1b6a6fb62b3ef

        SHA1

        3afb0a9cee1a39418292a269eedd3542d068f3a3

        SHA256

        92950026a361fe1ea6c5295473c4c5e833a257df68ff538a6102d58ba23119d1

        SHA512

        4287c73f45ea514b06fcf7d9888fcd9a6ccfc2a8829466ae75191bde1cbf9ed37e8ad7c6493580527c92a0fbaf5e4f09ae2151c999544f8f22d7145a2ad5e0ed

        Download Submit

      • memory/1944-62-0x0000000074710000-0x0000000074CBB000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/1944-60-0x0000000074710000-0x0000000074CBB000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/1944-93-0x0000000074710000-0x0000000074CBB000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/1944-92-0x0000000074710000-0x0000000074CBB000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/1944-91-0x00000000004A0000-0x00000000004E0000-memory.dmp

        Filesize

        256KB

        Download

      • memory/2220-14-0x0000000074710000-0x0000000074CBB000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/2220-2-0x0000000000950000-0x0000000000990000-memory.dmp

        Filesize

        256KB

        Download

      • memory/2220-1-0x0000000074710000-0x0000000074CBB000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/2220-0-0x0000000074710000-0x0000000074CBB000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/2348-85-0x0000000074710000-0x0000000074CBB000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/2348-86-0x0000000074710000-0x0000000074CBB000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/2348-17-0x0000000074710000-0x0000000074CBB000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/2348-15-0x0000000074710000-0x0000000074CBB000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/2348-16-0x0000000001EC0000-0x0000000001F00000-memory.dmp

        Filesize

        256KB

        Download

      • memory/2848-45-0x0000000000400000-0x0000000000466000-memory.dmp

        Filesize

        408KB

        Download

      • memory/2848-38-0x0000000000400000-0x0000000000466000-memory.dmp

        Filesize

        408KB

        Download

      • memory/2848-41-0x0000000000400000-0x0000000000466000-memory.dmp

        Filesize

        408KB

        Download

      • memory/2848-43-0x0000000000400000-0x0000000000466000-memory.dmp

        Filesize

        408KB

        Download

      • memory/2848-25-0x0000000000400000-0x0000000000466000-memory.dmp

        Filesize

        408KB

        Download

      • memory/2848-37-0x0000000000400000-0x0000000000466000-memory.dmp

        Filesize

        408KB

        Download

      • memory/2848-39-0x0000000000400000-0x0000000000466000-memory.dmp

        Filesize

        408KB

        Download

      • memory/2848-31-0x0000000000400000-0x0000000000466000-memory.dmp

        Filesize

        408KB

        Download

      • memory/2848-23-0x0000000000400000-0x0000000000466000-memory.dmp

        Filesize

        408KB

        Download

      • memory/2848-29-0x0000000000400000-0x0000000000466000-memory.dmp

        Filesize

        408KB

        Download

      • memory/2848-27-0x0000000000400000-0x0000000000466000-memory.dmp

        Filesize

        408KB

        Download

      • memory/2848-46-0x0000000000240000-0x0000000000241000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2848-87-0x0000000000400000-0x0000000000466000-memory.dmp

        Filesize

        408KB

        Download

      • memory/2848-35-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2848-33-0x0000000000400000-0x0000000000466000-memory.dmp

        Filesize

        408KB

        Download

      • memory/2916-84-0x0000000000401000-0x0000000000456000-memory.dmp

        Filesize

        340KB

        Download

      • memory/3032-53-0x0000000074710000-0x0000000074CBB000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/3032-89-0x0000000074710000-0x0000000074CBB000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/3032-88-0x0000000074710000-0x0000000074CBB000-memory.dmp

        Filesize

        5.7MB

        Download

      • memory/3032-54-0x00000000001E0000-0x0000000000220000-memory.dmp

        Filesize

        256KB

        Download

      • memory/3032-90-0x00000000001E0000-0x0000000000220000-memory.dmp

        Filesize

        256KB

        Download

      • memory/3032-59-0x0000000074710000-0x0000000074CBB000-memory.dmp

        Filesize

        5.7MB

        Download