Overview

overview

10

Static

static

3

HawkEye.exe

windows7-x64

10

HawkEye.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    20-03-2024 03:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HawkEye.exe

  • Size

    232KB

  • MD5

    60fabd1a2509b59831876d5e2aa71a6b

  • SHA1

    8b91f3c4f721cb04cc4974fc91056f397ae78faa

  • SHA256

    1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838

  • SHA512

    3e842a7d47b32942adb936cae13293eddf1a6b860abcfe7422d0fb73098264cc95656b5c6d9980fad1bf8b5c277cd846c26acaba1bef441582caf34eb1e5295a

  • SSDEEP

    3072:BMhIBKH7j7DzQi7y5bvl4YAbdY9KWvwn7XHMzqEOf64CEEl64HBVdGXPKD:BMh5H7j5g54YZKXoxOuEEl64HZAi

Score
10/10
chimeraransomwarespywarestealer

Malware Config

Signatures

  • Chimera 64 IoCs

    Ransomware which infects local and network files, often distributed via Dropbox links.

    ransomwarechimera
  • Chimera Ransomware Loader DLL 1 IoCs

    Drops/unpacks executable file which resembles Chimera's Loader.dll.

    ransomware
  • Detects Reflective DLL injection artifacts 2 IoCs
  • Renames multiple (2011) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 37 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in Program Files directory 64 IoCs
  • Modifies Internet Explorer settings 1 TTPs 37 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HawkEye.exe
    "C:\Users\Admin\AppData\Local\Temp\HawkEye.exe"
    1⤵
    • Chimera
    • Drops desktop.ini file(s)
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2320
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -k "C:\Users\Admin\Desktop\YOUR_FILES_ARE_ENCRYPTED.HTML"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:844
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:844 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:820

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Java\jdk1.7.0_80\jre\YOUR_FILES_ARE_ENCRYPTED.HTML
    Filesize

    4KB

    MD5

    14c752704505df2093472565d7f71e33

    SHA1

    7b4539dea3400bf62aa7877023e1376c2249ee87

    SHA256

    0d1e8a88d09d0d94ecb1aedf57550878587c6f1472f13b6f0e41a3adccd98d46

    SHA512

    fd55926abb92988ea650e0ac31205d166a9a5619f15ae30afeebc69928cc0490b0bfc281ce6c6d083087b155e6e6516b1bc0bfed2e8535861a0e2df598b21a7f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    67KB

    MD5

    753df6889fd7410a2e9fe333da83a429

    SHA1

    3c425f16e8267186061dd48ac1c77c122962456e

    SHA256

    b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

    SHA512

    9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    7724a927ec8a41685b0cf3a0627bea9a

    SHA1

    604b23464039a297bd8e1526f44345013b52d5d2

    SHA256

    ed76d04f3f4ce45e05bdf817bccf6158d1896242016f66dd9aeddbe47e7acf1c

    SHA512

    efc41c79a0cc4091a70fae94ea8156f751c33dc00134086f39fec6a9f63d8a28613ce617d4960a0192d2760c9c7e865f303670c980a2f8252ff009d8519034b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    86c9b193d85001e4371c41c1e5419748

    SHA1

    067839199a3bd5b89705607ef63e521f3de958e4

    SHA256

    832f888bcb8731292588f2667b2cabfdb3290f170c2ef380c3a5051e11c852a8

    SHA512

    e77197147eb440423b510be12ec8276939554e6d8356e0cb97c333e58771fd42b4bf79fdd8b264c3817b1133a6c7faf432b77b9c442d9c945de4ecd6e264f5d8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    859cbdafd3ef9eca8b26756227cd9594

    SHA1

    f1dfa3e1d428a14e1bc3333c441341646b6703a7

    SHA256

    80815e97afa23aef4ea4fc5b67206a256c5c70420b02a44d8532e4c3a2a0b5b7

    SHA512

    7fdf9ea8a637ad6341489426596f29ea1b72c206803842d47b0a6f94bbd10994d7dd85acca9b7789ee2b5175de34e64218078856630a1b3ffcdb379e7df05e2f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    b0ba146e546eea54caba1a8cfcf7eb80

    SHA1

    c82fe503007fb64388e0b6783b9c8e880cec2978

    SHA256

    fa43b3502c958c39ab570b058c8f69dddecca80113314ea0857a5b0a910eb8d2

    SHA512

    44cedebf8e62c03934aefa0944ffe77cf1dcaf8b7290920759d0625556fc284154bddcd25107905221aa00019eb6b2412b50b2309a7cac5476a3adc60b45918d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    71c0944dc3fea7b056bf0914192c86d4

    SHA1

    4b9a62e4b30d4902a632a4612bcaf409acc38bf2

    SHA256

    f328bade60c22e124122224a251f9cbc62b44d07740b2b2117b320e85b18fec3

    SHA512

    37043dbce12ace40d07245d53fd3d46286ef46ec9bd59b1718ccd1b43b0044529d8d5178e20718f25bb4842727631ff561987087d6f01100d66922716260601f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    afed3dca84dfb84d564b5ead44183a04

    SHA1

    a8f155d24680cc414c733ae6e468d84c85dbaa5e

    SHA256

    94d5050d98610dec9e2c84d95b89b383921b8108f637768f47d07ee945c8101c

    SHA512

    9d2d7e51006c203141147c82ed4bc878404fa83b5ad95fd88aa414ca797502e1a7b3cfbbd45fbc660f48597cd363c471d53bb6c70585de51b5f235f81e5ba870

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    edba9210c7dea25cd7537574b7316a80

    SHA1

    a762df6e2f17837ee3e8226b4a625d1f68bbe986

    SHA256

    18e02793c3a5d1a012da7c7452322b82c8ef8a6f7a3db6ff56822a95f36a610b

    SHA512

    ff5df5b1d9969227d73770b00c9d7f339bcc43158cb8be22f79a8a07bc04b5a9eaebd2f5c1a388c94c523b085ea6c0f161c5515f4086f27babfbc82bdeaf5e59

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    e65cc6c22413d2d0ab23cb240f487090

    SHA1

    2f60ac67774dace360d7d4bcbf6a78dbd548c43b

    SHA256

    6ed9cd25d67a7d66a5c2f79e124f92548d92d37854ab22dfc7678b13597ae1d9

    SHA512

    cda07cede763c64142bee5e8051c43e52bc30264e9a18d5f43cd2b80462d9335de2b03b739d614a9d4e3c81e0f016ad2eb83cf6cf3e515558b6a024178ba003e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    80576163accc1f15cd08d07631512d01

    SHA1

    b6805794be14c38d71fb6d01b81eac76b0355449

    SHA256

    a16694fcd5dc6f31ca953bed1b02ec13a048bd026f7b442943580279ba52d67f

    SHA512

    ea4fbe1b39ae79e6030f933f1d9bac7880b220d07f0e3ecbe12d7f32bc11d7d130eec90b17dc68d81dc1560273f37d2e67e27e08fa0c53305297a6bee2fccd65

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3530d9dd6efccc5ae771a145994fe464

    SHA1

    8682cfa9d2ad547ca957a08aefc46fa22dbd1bda

    SHA256

    19a6a0cfaf70a01d303da17613e1e571fdb745029b18a2f4b72a76968466d34f

    SHA512

    87d544b5ec5905ad2ee139cf92f507cb4dca433a3c46f24906cb455d91b4ba43acbd5a5456e8b0ebdc3981483c3ea2ccf5603021d21df46f5f2712a857a1b6aa

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    0c37eaa8b146e57e869673f3072e2650

    SHA1

    5fe3e47a17645c69480b9fd9fd2378ecc50c7283

    SHA256

    482ef31bae0eaa5b0075778b049c42deb95cc3aec19fcdc954a63de19bf931b6

    SHA512

    6761c956d7df91685e59b6c93156b0d3d10e9d2a6cd087550fc7cdcd6bcc8c50748471dfbc04b1bd231c1eeab0509e0f2f2a0ee90547058081321594e1c8e665

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    698e867e83442b05037c8406232be2ee

    SHA1

    529fc15aa4e0142f767e9b8cc942f67de4232b00

    SHA256

    eb39296e413e4987724c70b83bc2a13f5072e70d5c9faddcdb5ecb4d1eabadce

    SHA512

    8b74999bc9f4ccc6d90e0e1a6ed16193bde24b655e3a26320472398aeafb99b3492f34b098ef4c2b08b02790917977a0b37a87a8d65799e49c41e0e5d10b063e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    4d6bee982739b0956daf66ae1ea5739b

    SHA1

    2bdeb03cf7cdf7abb45ed8c200719dcb837d9aec

    SHA256

    8683d99748316bf37aa9aa696f9bc24456c7b247cf359e4de3e04a43743edc81

    SHA512

    d9a130198072c1d3fc10443e80519b300f6404f57dcc2a083d337517002fe10fe237c35fc6539daa0d071b0088ff96a8e835f136ecedf86778072519e0ca2267

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    8998be54621c26f09e5c95c7ec5bc1f3

    SHA1

    ac5f7d910f6c105ef9dc3f45fa3506caef157087

    SHA256

    a48f6808bac6295a32ea2453f5fcb5593bac5000391f3e65c73408ce03c6b6b9

    SHA512

    e03a0024f2e353cef310c1cb316474fd2573b3d81b9038e7d1e17affd9cf00dbc89af1f525f653d403607435bd617b614f44e75576a58131f9f04f9b138c9006

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    fb4aae4055c3ba0d700110c8194f963d

    SHA1

    11338a32789077202f55105c7451d5c03a342d10

    SHA256

    66e1282ddc39b208a95dbd6a2e7c5cf61b9607e5ff7f4ea57c731d315e26a77a

    SHA512

    ef83f6f4d8fa4065a4180f5e31a6f527766c499d99a58e0d406f62fa02b13aa163cdfd59a33decfabe2aaa7f583d65403f99d77e4d7d3454805457b821845e94

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    cea2ef04804732fad96678b57cb82935

    SHA1

    a5ad8b3354614c1a5514568bacd02b6a84d65e8e

    SHA256

    b6a186ae381893e6d92861182714015a2f306bca5e2dc7547bb36b9f2140e4ee

    SHA512

    c30edfbad31597e7484d75c2b7117697500745d7084dd448a4d13207420c9f7f7afe81ae3a165ddcfa4e4c271e4876172aa237fb3851d51e6f050c5aa78b06c1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    ef1520922e55642c48a18c70a68ecdfa

    SHA1

    2bace62d32ea389c3439a3cbef71c7445cc79652

    SHA256

    646eadf34921828419cddbdba7dc21623c4b93e3d765a141a0cc711f23b049be

    SHA512

    46c4ce1be00e4494e05d6f67b21697b44a8aa92f34799f6999be57f440d7d226b4f1709e80a0ed2fa7a4b63645b6abd62acb9e6da45d53b1b674145e12bb8891

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    3dcc106b7b22ac3935aef327633d094e

    SHA1

    62621f59b0e3e18b0f675089598a42e1261ec5d3

    SHA256

    54ba66fea4d2ba25017237cb15197cdbec9b9a583a3ec82620c0e23b15887835

    SHA512

    2292aaeb8ce8f3367eca1c0a5a6bd72eedb11409802c3207a961a3e26e2588c591dcccff6cfeaed999a4c39d52a5544954c52b13f548725136d2c9e9b7b5adb4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    487b964867baa131ec9b324892810728

    SHA1

    a8876c167921bcfbc85015db16b7e3b7a6d3483e

    SHA256

    a50022deb51714c47c06d6ec700dedf31d1c75dd1cc8d29c85d2d7c080402444

    SHA512

    fa39ff1e53c4a0b38eff93321d12049fb548043ff237a24b448e5bcbdcb907550b6730ce746e49c9ba22012fcbe28f7ed5f5f9aa063e5f56635cdc6e2321a1c6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    344B

    MD5

    21fe1410e7950ffb8812317ef41f1d98

    SHA1

    06751a9fbce317585bad9c8b998f96e3b2966ef3

    SHA256

    805ff16db8470ddd54c8412dfb6a5abb9af40b4cf86a67ade3c971d6ef8b7e12

    SHA512

    28b302a46a484338bc587f589e0d7e81aa0c1ce534250fe110b08cdd76066b70681be15ca280a023881b9e034613a5b4fc50df244aae286e2da05f1557c47a81

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    63f6d56157b9056b273e7bbe759f5410

    SHA1

    b22ac5d364523639ca7b209066a0743fc775dd91

    SHA256

    8952c1d76d1b7b937af52da7aa1f5f65157cd0b4b8755e4d75458ff40fbf5829

    SHA512

    850e9cb70c526f54020a20bb8dc912015e11a2ae40d4a0736b0de95ed745f8499b2948c17364f93ccc2c126e63c5c9238d8c3c53ed11818356ec997bfb3fd6d7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
    Filesize

    4KB

    MD5

    da597791be3b6e732f0bc8b20e38ee62

    SHA1

    1125c45d285c360542027d7554a5c442288974de

    SHA256

    5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

    SHA512

    d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar5085.tmp
    Filesize

    175KB

    MD5

    dd73cead4b93366cf3465c8cd32e2796

    SHA1

    74546226dfe9ceb8184651e920d1dbfb432b314e

    SHA256

    a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

    SHA512

    ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

    Download Submit

  • memory/2320-4670-0x0000000074070000-0x000000007461B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2320-0-0x0000000074070000-0x000000007461B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2320-1-0x0000000000270000-0x00000000002B0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2320-2-0x0000000074070000-0x000000007461B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2320-3-0x0000000010000000-0x0000000010010000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2320-4672-0x00000000005D0000-0x00000000006D0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2320-4671-0x0000000000270000-0x00000000002B0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2320-8-0x00000000005D0000-0x00000000006D0000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/2320-9-0x0000000000450000-0x000000000046A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2320-10-0x0000000000450000-0x000000000046A000-memory.dmp

    Filesize

    104KB

    Download