Overview

overview

10

Static

static

7

Ransomware.Hive.zip

windows7-x64

1

Ransomware.Hive.zip

windows10-1703-x64

1

211xahcou.exe

windows7-x64

10

211xahcou.exe

windows10-1703-x64

10

Hive.elf

windows7-x64

3

Hive.elf

windows10-1703-x64

3

hive.exe

windows7-x64

10

hive.exe

windows10-1703-x64

10

hive_linux_elf

windows7-x64

1

hive_linux_elf

windows10-1703-x64

1

linux_hive.elf

windows7-x64

3

linux_hive.elf

windows10-1703-x64

3

sjl8j6ap3.exe

windows7-x64

1

sjl8j6ap3.exe

windows10-1703-x64

1

windows_25...c5.exe

windows7-x64

10

windows_25...c5.exe

windows10-1703-x64

10

zi1ysv64h.exe

windows7-x64

10

zi1ysv64h.exe

windows10-1703-x64

10

Resubmissions

12-02-2024 06:38

240212-hd166sgg25 10

12-02-2024 06:21

240212-g4tdksgd86 7

Analysis

  • max time kernel
    269s
  • max time network
    293s
  • platform
    windows10-1703_x64
  • resource
    win10-20231215-en
  • resource tags

    arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
  • submitted
    12-02-2024 06:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sjl8j6ap3.exe

  • Size

    661KB

  • MD5

    7692a5dca7c3c48095aa6db0db640d4a

  • SHA1

    268faa86ae921da264264f392b541a9facc3bdf5

  • SHA256

    b6b1ea26464c92c3d25956815c301caf6fa0da9723a2ef847e2bb9cd11563d8b

  • SHA512

    2e8c4c0ed23dffc2494e39654f0cec03e4ad6bd4c04a80342afa7ad412d1a3dbcbf4a4cab7841354ca6bc2932252eaacfaf7f0abe3f9380e30eed14a610cc882

  • SSDEEP

    12288:BLF6OtM1z8JLbA689tSfvTvFSYIzp4yzhrWbttQfaa4Gxjzgdlo/AhwN/eh9z/ET:BLF6gb0xqx9z/EO3BxhR

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sjl8j6ap3.exe
    "C:\Users\Admin\AppData\Local\Temp\sjl8j6ap3.exe"
    1⤵
      PID:1912
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4652
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4056
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4056.0.826286895\220646599" -parentBuildID 20221007134813 -prefsHandle 1680 -prefMapHandle 1704 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d14f0c29-3a17-4e8c-93e3-36793779defb} 4056 "\\.\pipe\gecko-crash-server-pipe.4056" 1796 1d93bbcc158 gpu
          3⤵
            PID:3236
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4056.1.1525892113\307091195" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdb338f8-a487-43df-a9b1-747de84af110} 4056 "\\.\pipe\gecko-crash-server-pipe.4056" 2136 1d93b335858 socket
            3⤵
              PID:5052
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4056.2.1028469115\1879895649" -childID 1 -isForBrowser -prefsHandle 2712 -prefMapHandle 2676 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {90fe9e06-6866-4b76-ab41-05db8f565240} 4056 "\\.\pipe\gecko-crash-server-pipe.4056" 2900 1d93f304858 tab
              3⤵
                PID:3204
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4056.3.773239843\89871042" -childID 2 -isForBrowser -prefsHandle 3220 -prefMapHandle 3208 -prefsLen 20972 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {313a885f-cc2a-425d-a83e-2513eb9458b1} 4056 "\\.\pipe\gecko-crash-server-pipe.4056" 3232 1d93f4f4e58 tab
                3⤵
                  PID:2088
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4056.5.1266614585\1312240986" -childID 4 -isForBrowser -prefsHandle 3252 -prefMapHandle 3360 -prefsLen 20972 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {07d33361-6bc1-4bca-8495-592b9ea51cf7} 4056 "\\.\pipe\gecko-crash-server-pipe.4056" 3588 1d93f4f4858 tab
                  3⤵
                    PID:4964
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4056.4.2025254468\2125857235" -childID 3 -isForBrowser -prefsHandle 3368 -prefMapHandle 3372 -prefsLen 20972 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a565838-f2ba-4a03-9ef3-e438b0afdc5b} 4056 "\\.\pipe\gecko-crash-server-pipe.4056" 3452 1d93f4f3f58 tab
                    3⤵
                      PID:1052

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\prefs-1.js
                  Filesize

                  6KB

                  MD5

                  1379265893365cbb48c11c98da8d370d

                  SHA1

                  6b2e150e644fda2d44ec4744a38097b72e0695d4

                  SHA256

                  f533bf6efe91d819badfd81b7bc31a82177cbf24753c6e6cb4b334bcff958cb1

                  SHA512

                  d32aa3b1e693d58a4eaa12d7ca7d2019fbee526017657661b8abfbf41f1200f58f9a9b01a0e82696a6fc424a492bc36031f796672c4bdca5b30ee83db9d996aa

                  Download Submit
                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionCheckpoints.json
                  Filesize

                  53B

                  MD5

                  ea8b62857dfdbd3d0be7d7e4a954ec9a

                  SHA1

                  b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

                  SHA256

                  792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

                  SHA512

                  076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

                  Download Submit
                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\lo9wvv8t.default-release\sessionstore-backups\recovery.jsonlz4
                  Filesize

                  271B

                  MD5

                  839b9389028ec79eb6af13373ff74df0

                  SHA1

                  713d20d350c26bceb3a14cf25caaa5cb99b10c14

                  SHA256

                  0c9e5a330c415b231ab924561203206dedb1874cebff33cb3984cf6c91fd8418

                  SHA512

                  e3ce6be68f0249ad6c20d28dfa40849887c594c5a341f998a0f449e2d20fee11d9a9344b249d7b8e1df15221b9345bc887f44ddb8b1aa899fb48d77f35a5716a

                  Download Submit
                • memory/1912-0-0x00007FF6273F0000-0x00007FF62749C000-memory.dmp
                  Filesize

                  688KB

                  Download