af9e8f301a3677b457345921d7ee765a842eceb7df107714eaffc6193bfc6bbe

Analysis

max time kernel
140s
max time network
161s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
12-02-2024 07:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Hive.elf
Size

246KB
MD5

22ae3e19ec54a9d314719158c00986e3
SHA1

84353fe08dd87eb2f1086dfd08c014311e7e4889
SHA256

822d89e7917d41a90f5f65bee75cad31fe13995e43f47ea9ea536862884efc25
SHA512

a72a3e8fb908c2ed946b9266cc742b1584709205f1911e381823ef7caac10d55ccec2f35c3e7ca4a3eda7e04e1b57ec2039054c087fdc39241554cd82b62570e
SSDEEP

3072:3Zp7gZzdfvjRCMj1Yk36ioyJ1zgjIlOhXYopNL+V7o0xvvkB/37Nt7xhew8A2Mzc:P7gDj8S1Hlx14+opNClvk977ew8A2M

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

Processes:

OpenWith.execmd.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4068299709-2976237847-2753307267-1000_Classes\Local Settings	cmd.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

OpenWith.exe

pid process

4164 OpenWith.exe

pid	process
4164	OpenWith.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Hive.elf
1⤵
- Modifies registry class
PID:1020

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads