hawkeye | 7904257af820db24fcf0cba9fe6cd156eecd2a99c4b837f5807660d2c13b5fb0 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

53dd759d56...18.exe

windows7-x64

53dd759d56...18.exe

windows10-2004-x64

Sharing

General

Target

53dd759d56240beba49d6318b4e53197_JaffaCakes118
Size

340KB
Sample

240717-t7y5fssfrb
MD5

53dd759d56240beba49d6318b4e53197
SHA1

25f4afea4e8babc6d7774fcf08b48f3917f05ae8
SHA256

7904257af820db24fcf0cba9fe6cd156eecd2a99c4b837f5807660d2c13b5fb0
SHA512

61c4e0b2348317efa48905e6918040775269022d052af5f805a45670710fa1259606011e08b434ffe4ebdea58dc95b6a053f2af9d0539f4e119cd5bbca5924d2
SSDEEP

6144:AyGXQhW1B4rVph3k4cSbgzs/rEpyrVRRelKHAK3g3UHYTvLRUQSOObAIAjgItE6a:PzGnvpDOB+jggTBtAyhKuD

Score

10^/10

hawkeye evasion keylogger persistence spyware stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

53dd759d56240beba49d6318b4e53197_JaffaCakes118.exe

Resource

win7-20240704-en

hawkeye evasion keylogger persistence spyware stealer trojan upx

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

53dd759d56240beba49d6318b4e53197_JaffaCakes118.exe

Resource

win10v2004-20240709-en

hawkeye evasion keylogger persistence spyware stealer trojan upx

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  53dd759d56240beba49d6318b4e53197_JaffaCakes118
- Size
  
  340KB
- MD5
  
  53dd759d56240beba49d6318b4e53197
- SHA1
  
  25f4afea4e8babc6d7774fcf08b48f3917f05ae8
- SHA256
  
  7904257af820db24fcf0cba9fe6cd156eecd2a99c4b837f5807660d2c13b5fb0
- SHA512
  
  61c4e0b2348317efa48905e6918040775269022d052af5f805a45670710fa1259606011e08b434ffe4ebdea58dc95b6a053f2af9d0539f4e119cd5bbca5924d2
- SSDEEP
  
  6144:AyGXQhW1B4rVph3k4cSbgzs/rEpyrVRRelKHAK3g3UHYTvLRUQSOObAIAjgItE6a:PzGnvpDOB+jggTBtAyhKuD
Score

10^/10

hawkeye evasion keylogger persistence spyware stealer trojan upx
- HawkEye
  HawkEye is a malware kit that has seen continuous development since at least 2013.
  keylogger trojan stealer spyware hawkeye
- Modifies firewall policy service
  evasion
- Adds policy Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

hawkeyeevasionkeyloggerpersistencespywarestealertrojanupx

behavioral2

hawkeyeevasionkeyloggerpersistencespywarestealertrojanupx

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.