Overview

overview

10

Static

static

3

HawkEye.exe

windows7-x64

10

HawkEye.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    129s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02-03-2024 13:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HawkEye.exe

  • Size

    232KB

  • MD5

    60fabd1a2509b59831876d5e2aa71a6b

  • SHA1

    8b91f3c4f721cb04cc4974fc91056f397ae78faa

  • SHA256

    1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838

  • SHA512

    3e842a7d47b32942adb936cae13293eddf1a6b860abcfe7422d0fb73098264cc95656b5c6d9980fad1bf8b5c277cd846c26acaba1bef441582caf34eb1e5295a

  • SSDEEP

    3072:BMhIBKH7j7DzQi7y5bvl4YAbdY9KWvwn7XHMzqEOf64CEEl64HBVdGXPKD:BMh5H7j5g54YZKXoxOuEEl64HZAi

Score
10/10
chimeraransomwarespywarestealer

Malware Config

Signatures

  • Chimera 64 IoCs

    Ransomware which infects local and network files, often distributed via Dropbox links.

    ransomwarechimera
  • Chimera Ransomware Loader DLL 1 IoCs

    Drops/unpacks executable file which resembles Chimera's Loader.dll.

    ransomware
  • Detects Reflective DLL injection artifacts 2 IoCs
  • Renames multiple (1994) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 37 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in Program Files directory 64 IoCs
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HawkEye.exe
    "C:\Users\Admin\AppData\Local\Temp\HawkEye.exe"
    1⤵
    • Chimera
    • Drops desktop.ini file(s)
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -k "C:\Users\Admin\Music\YOUR_FILES_ARE_ENCRYPTED.HTML"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2384
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2384 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1156

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Java\jdk1.7.0_80\jre\YOUR_FILES_ARE_ENCRYPTED.HTML
    Filesize

    4KB

    MD5

    ad491f471f02c9bd079c28963d2fec11

    SHA1

    87b94b2399097540ddaed8da7403b1bd52e7fa7c

    SHA256

    a8d67687fd8436004739b4cd3e91d8dcde8abc476cbbbb8001a4b5b92829a90a

    SHA512

    e466306416a9022f4a77bf9698c0fefdda21faeceba7ca0938e7a3f259a72dc383f549fb33d927c384b3dbbbf4caf1dee9ca07d5b0ec3b97e7185552e1866d48

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1f6a85661f9495e5d889c8766fb0711d

    SHA1

    072a6ebd337c295e33ff4594c41ffb7163236a7f

    SHA256

    056cfde4a5183f0e6bbdcd74370c23c31ec3bf8c11fca48d709b8ca7f15e47c8

    SHA512

    c4fb4f17bf0f9006428ee197e5bed2a3ea869e05b539d06a2163723edc25fd66fdf3554f2f3c1d9e4c6a919a2cd004156e87f4474bd5bc54cf8140c233f9a562

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    5169d8a9d775da00d7a44a635061872f

    SHA1

    f1b6311c27a115879250562737056e6dbe5adc30

    SHA256

    18472e71ecedacf0766d3654b220ca5b287268410ff555b4a9358c6a057239c3

    SHA512

    87641439e1eee9baf52f665484c567a64c9be295d6b77c3883c851b88b4487ceaef765d5c3c5037377c680e507b52fda95ab31ab50d7d4be488e5ea4920627cf

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fcdfe088d4664826f68c6a85ae66a921

    SHA1

    02592c260b0cbea72a73dbaeae089fb457181e9b

    SHA256

    82a9b9ea4f6dd83b2c7df62ff609b9743954a99b3f9c514c1d84bec245327eb3

    SHA512

    c2d4e8da76798752348260978ddeca866994ad6d741e717bfb1bb9d2da5d3f5c137fec11b0e8fb63b9f95cdc1dce7fa05d60fb6cf4f1c993c5891dd6a4f94ba6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    2138a6211582c61fceeeb6bb6dec6308

    SHA1

    f3eb2ae0afeb7e54397bcd00cf32b5f95da47dbe

    SHA256

    f1d70f8e88f7ed0371a13d248b650f4d20def70083c1ba1d8db822f9449fa915

    SHA512

    016b6e4b108c348dde6a94aa31d02291957be43ad2c078c4fd67c988b5e1208cc099b8ff052d513fa38968273a6419ee7ddf91604a6f8cebb03d418dd4e2dc67

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ff97f8eb94867e7f066bca49b3bf4ce5

    SHA1

    0193612235db57f12f147fdf304968dd47e26f85

    SHA256

    f4bb2cbe4d72f7c1dede40da80978a9fb71bb5876ad18e6ceeb69e258a25de8d

    SHA512

    4d6d1ee81d6561a1236898ef768accddb6b99a0fcf4d8933e1fc089b6d749b8cd1ee05b7141b2c090a8f20d82469c3df20f237c08d4d8f37e6eb36bb1a86110b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    d95937ca79d6a75fbdadeff5f6856295

    SHA1

    ead22e795d1bb847879a717185b174143d00a457

    SHA256

    293056d4883b6d938246a9874274b316f1289d11e4f876d25af8061272ea2c93

    SHA512

    0157d26a04d727d7574bfc801b06cb57ac7f575032526faec0494ca8d2d3b1e2dfa59841d541c5b56ae50f6480f318076feb1c4ab341b801dd668acf7821e9da

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3cc3de267939fbff3320c66af8a7c076

    SHA1

    531786ad36774fd5f1aac0913a37fe61e6e57eff

    SHA256

    bc9775f6f67527f17b3f432b175a71a7c543d34c9771931ad6c54eaa55f7521d

    SHA512

    5841755cd8ea9aefc1bfbc5130a6a68939bff8159ebaed375543f1593eb45c5927952623b24028ea583853d60e6f557ebcc855f29cf78f4d4565735f98cf89ac

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    374f9ae70915dc7eac93467d75dddfab

    SHA1

    6ed694569625f9c318af528d17ccd6c9c5d998fe

    SHA256

    30851891a01a885d0bb591b3bf9c073b6a8bd966633eb6b064a15f8d70c1e251

    SHA512

    4ec452b176becb5928a44dc3562e0c3443b0ed5bc1d9afd1ba11711d12825658189a6fae0e2e0cb3cae4db5e9b544f25ca1462d5fdaf8afff889cc370a58615a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    308d1d0d4ef512620afcbecf1f71345c

    SHA1

    b1e99cdeddde3a0c3e4af0658874bab7d31e829f

    SHA256

    7b347d2f1eed4c25e250908e7eeb0510f5ce90a75f10fdd72255bb63bff202a3

    SHA512

    5e3416658fc40630ce89331b71b120b610f2f6f800bb35459c3d35b6bd02f80b3cf4eba95493fc23f815aa9c6b34963dfaf627640238e9975bc592dc19cd26d2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1350ba70fb37650615f7992b576d2006

    SHA1

    1ce60e642e849f6fd8a6b183e977028153c5b72e

    SHA256

    d1efb02a534de5ed01e147dd821dcc2b03ee8c8185266b5f40fd417e39ee0701

    SHA512

    766f789ff5e6a5074e33c35c4dc134da281bc108df29340fc54acf3cd645d8cb1b7b075ed79989afbfc4eb436712df6f60cf44ed0c1dcd997f75e126557fb5ee

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fb8e6488a8d195cc7444fcb2c207922d

    SHA1

    dd841256c337f4c1690162a0277daf5b669e82a2

    SHA256

    6a21bc60f27516328ced1f0c1ccca65927aeca432a524d95cfdedbf45769e524

    SHA512

    aadf296efeb84db76ca2961210538287500a5a8eed2a6b9a3a72dd385a2ae49176aaeaaf4724cf623c7fd9ebd63ef82f9d11829cdaca3e526220b8bb377cb930

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4fc49427ba9cda4774620af0f503552c

    SHA1

    09904f2d5e4810093942356909d144dc973fa811

    SHA256

    52097524f9092b0d7dbce710f50c655eb7c6f9ea4cca01138f8a0a715ebc614f

    SHA512

    9fbb2f4ece25c662447798ce2894f06f3499995108f1d1116423d482b552111267446e8f05021f56ffedae5b02a5c267580b133697ee53223208bab0692b3809

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3cd94bf13fe70c65ce2887b8f10b5905

    SHA1

    ca8ffcf50d6547d6a5facef1c000304c306302b9

    SHA256

    67aeff4a23271dc9e7a56fc9619cd0086bba6b24a979b1c40c058338ba67f039

    SHA512

    050b5d4d55f9aa46460d8a23eacc6a5a70cb46aaca38ef57b5c995e8a1e03b5c2be61cb8d97d9b6f1988b51382080d92a7a60698c1220d6ae76e3baa47adc854

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0b41be75a3f2621432a746a295a9c479

    SHA1

    4f3b8ac72e89b9fdf2788f133039403f466d1b6c

    SHA256

    6c12ef550bfff0966de95f52fdee8cd4c7d5f5ec574d7ea0b3b7351b3541aef6

    SHA512

    e96c5fc7ff5ef3f76ae9a392089931093c28b09f83dc70b1b5cd285fb3f459752361d77ebf100dbaeda336616e963da1fbbd1e77f2cab894366b1e34762325eb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    a44a7d043652a95637fa58b355cc3b4d

    SHA1

    58250924cb87074c3fde5c533404e0611e142707

    SHA256

    7de1b51dd20797f39021e4010e7a8dda40ab47f7757c45a40f67e47fc33ab850

    SHA512

    5af5a25be3565cadcc953c4ed6db50c766d7a5e17244ab0d06d38d5f92b089fff73cc9db9eb23d2456f98042285b7d6c052a19d4bcd6a1a5a5e901e104c74ea9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    04a0f02e0ccb1997ecb1fe4471f0f35e

    SHA1

    9086f1dbfe47893eb2018ac546275f0eef973c76

    SHA256

    1a3423f1cc6e850c8e4c5ce86261c1a59befe5afb945590f266c49f3e98f3bb1

    SHA512

    7fe09d0c78af7df78126de817e77b9dd8c2e987cd3af732b7cfd45a8730a9806746013945a13b2acb670db634334220c639011f7368fc68391a5768f4d249ad9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    08d0733749615f1355bfb54f2be8d4e8

    SHA1

    d61dc303bdff56a258ef24b3cc5e72edefe12b41

    SHA256

    74ca980bf502670d85ec9c910e53031a6a8d4c4424b988a28ebd6dfa13381929

    SHA512

    0a303a057492e849b93bdda21f3f70a3a758d0d96bde95e8e2e49bf8d708fe6c91423500c4d77a705841975dd058b868a62e4581ad5aca352381b1a5b4296274

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fb866960b8eef7aa9808e9f1a22bfc60

    SHA1

    68b1958df03461ed62d2c4a884e90ea97f4812cd

    SHA256

    332882b35695f951edd1556ac8a26ccb7e05d7a7f50f9d7d42253e28fc750469

    SHA512

    7a2dc089afc05f6fb0cc3924d607159b1ef502e955359790afd08e28e6108d6087313f89f5bea4de9e15ba815bc0c7be7f4b402c7da37ab1b44c0fc8f6c2cce4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e4db6ad90515a12046918d920b057fcc

    SHA1

    4bd8cdc59fb1d580f6978e8093826e49fe7f9d56

    SHA256

    1fd8bfe733f47432a0348469041f8e19efd275ea59cf3a1dfd4c0c8594473672

    SHA512

    12fced7d6884bfd2137c69be01d1722879fa8b39d0d7501c1472e162056621e61accb65f8ec063cf49b189e60ccbf6bf5e239a0fd11643456ffb2504765edda7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    1ea38b545e21827bdfa8af89535edd60

    SHA1

    1d70fe42c441f8d0810f589ca1356825fcf221c7

    SHA256

    aa1fadfc9f4195cd7e3b023b5ea6c7445bd8a0dcc6ff34c1fa16499da5440ff0

    SHA512

    4c4697855c3136c8de2b14394dbc29b123b436fd3ec0641552e2372d2c1bd3582ae6b8272edc8408326138cbfa3a2119a9b1febadab7c121a85114394974fed3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab6AC6.tmp
    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar6C72.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • memory/2212-1-0x0000000002080000-0x00000000020C0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2212-0-0x0000000074710000-0x0000000074CBB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2212-4750-0x0000000000650000-0x0000000000750000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2212-4749-0x0000000002080000-0x00000000020C0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2212-4748-0x0000000074710000-0x0000000074CBB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2212-2-0x0000000010000000-0x0000000010010000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2212-4-0x0000000074710000-0x0000000074CBB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2212-8-0x0000000000650000-0x0000000000750000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2212-9-0x0000000000360000-0x000000000037A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2212-10-0x0000000000360000-0x000000000037A000-memory.dmp

    Filesize

    104KB

    Download