hxxps://github[.]com/nguyenhoanggiabao98/Hydra-Virus/blob/master/Hydra[.]exe

Analysis

max time kernel
146s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
07/07/2024, 22:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/nguyenhoanggiabao98/Hydra-Virus/blob/master/Hydra.exe

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
5944	msedge.exe
5944	msedge.exe
4364	msedge.exe
4364	msedge.exe
4376	msedge.exe
4376	msedge.exe
1548	identity_helper.exe
1548	identity_helper.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe
5376	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe
4364	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4364 wrote to memory of 5960	4364	msedge.exe	80
PID 4364 wrote to memory of 5960	4364	msedge.exe	80
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5784	4364	msedge.exe	82
PID 4364 wrote to memory of 5944	4364	msedge.exe	83
PID 4364 wrote to memory of 5944	4364	msedge.exe	83
PID 4364 wrote to memory of 4524	4364	msedge.exe	84
PID 4364 wrote to memory of 4524	4364	msedge.exe	84
PID 4364 wrote to memory of 4524	4364	msedge.exe	84
PID 4364 wrote to memory of 4524	4364	msedge.exe	84
PID 4364 wrote to memory of 4524	4364	msedge.exe	84
PID 4364 wrote to memory of 4524	4364	msedge.exe	84
PID 4364 wrote to memory of 4524	4364	msedge.exe	84
PID 4364 wrote to memory of 4524	4364	msedge.exe	84
PID 4364 wrote to memory of 4524	4364	msedge.exe	84
PID 4364 wrote to memory of 4524	4364	msedge.exe	84
PID 4364 wrote to memory of 4524	4364	msedge.exe	84
PID 4364 wrote to memory of 4524	4364	msedge.exe	84
PID 4364 wrote to memory of 4524	4364	msedge.exe	84
PID 4364 wrote to memory of 4524	4364	msedge.exe	84
PID 4364 wrote to memory of 4524	4364	msedge.exe	84
PID 4364 wrote to memory of 4524	4364	msedge.exe	84
PID 4364 wrote to memory of 4524	4364	msedge.exe	84
PID 4364 wrote to memory of 4524	4364	msedge.exe	84
PID 4364 wrote to memory of 4524	4364	msedge.exe	84
PID 4364 wrote to memory of 4524	4364	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/nguyenhoanggiabao98/Hydra-Virus/blob/master/Hydra.exe
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaaf543cb8,0x7ffaaf543cc8,0x7ffaaf543cd8
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,9764481074275580899,11000676700594964388,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1628 /prefetch:2
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,9764481074275580899,11000676700594964388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,9764481074275580899,11000676700594964388,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9764481074275580899,11000676700594964388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9764481074275580899,11000676700594964388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1884,9764481074275580899,11000676700594964388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,9764481074275580899,11000676700594964388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9764481074275580899,11000676700594964388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9764481074275580899,11000676700594964388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9764481074275580899,11000676700594964388,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,9764481074275580899,11000676700594964388,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,9764481074275580899,11000676700594964388,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5112 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b45c28d31ee31580e85d12f5ce5b6a46

SHA1
8bd9a23f3141aa877711fc7835446b8783b51974

SHA256
d944d6021a2fdf016911aa4d9e8b437431fa4f92b0229b9e3322b4354a4b19c7

SHA512
3628da551c52367a4b54ca0cb7c401f7d3a8dd37375b3b57d82adb06c96657ac55d593ffa7a9f000f74ecd7e6d35562a96013d0c70b04123f055a4d2af72aa3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
640b9bae54d22b45b4d52a96e2f81f13

SHA1
b1c7304e9abbe1759f8df7f88ca2c6354b42fdf3

SHA256
834c17e205445d197a64177b76ae0bb718bfe2eb8ffe492f008946603edf80d4

SHA512
8baaa3339cddca01a018e9a0900426a7590f7107c55372d65fe932dd570bb4289238977396037c9bf73157d6bfd7f1f5795842df39c354200c2af1a84014e6a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f90517a17befcd3b6cef0b509640e76a

SHA1
3219ab76dd109caf5bee7672d0b3cd3e65663bf0

SHA256
91834f4436a8f6686d0afe428c21976e6baf915cadd00dcea26edd79327a345c

SHA512
830f5198106312cab90f8042c88b7ba3ade818881baad59addaa0698b5e2622262185599321b466289730873764850f67999b4c21fb0388c708dbfaeee4814e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
c4897aa78d9edac4710b6abd9081210d

SHA1
82fff6d6a6c64af2e1e64a0a56c46cfc2a3470bf

SHA256
1c2dbad9b7fe623f7907fe8875ae1df241de6ea09e8dbb063b885983420fc005

SHA512
207439940f16c3a029f465c4f4b6d290f15deea00c5d46365d2bbe5a27c48371315a7a5e39366638a4d256c843470b6e9acd6fc7c0b85aac10dde6176aba026c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
79c63e09ddeebc3868040fe271d1b873

SHA1
1042a6b995da3f5b946efcb874118a808b7f71d4

SHA256
24a1347594faf2838a8da287716cf156c2119e59dbb9153df44e72c1551bd003

SHA512
e8d8ccdf3015d756d65b73029129abe47b44c7de6832eea206b2c12b11f44d138c393d21255da35a0c80d1948e2c4c8945d8cf890b55bcb7573adf97180c2251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e622c00474d050fe22a7b4c2848a26e1

SHA1
da3bdb15967a9cf8137b92fd1477c8e41b01b9ec

SHA256
0cabc35e178fef2fc4e13921be733dfacbea3832243c2d85a7812338ace11ae8

SHA512
8b761a1f9eb7abcad43a94c8431ebfba238c9cea1a8abce6dbc6e40e62955c8bb16f1d39d1dcd981cec8c60ead261eb672b26d8632e9fc3095f26d945347df7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
13e5fcc5d3871ab2cbbbcaab97be2855

SHA1
e893a0c5789d14df550f4b6443c5aa889c57eff5

SHA256
ea7351bdf5e758a569f2fb7e2118967bfd48fd222b148d7b3a876e2bf7fef73b

SHA512
a6947667310b32a0b3f9bfbb67faebba0cccee248e159993035a9d94ada528702c92cda0921207999ce9a9ca474c5202064560be0e63e503120201ee24eacb54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5f5fd56e85c835836d0631e527d7845c

SHA1
65351488b68feb71a24580e23d105c2e1499bb57

SHA256
75aa4dacc44d2aaf042faad4b881de9905a058b84097db907d76d4c6303c4699

SHA512
49f2591bc918ceb142111f4feb106d2ec0c29d955e3df8226e32f8db3a6f21d7d4ea17509d574f18a8ce74ba43c568f944da1e8cd184c50be01150bbfbc05596

Download Submit