Overview

overview

7

Static

static

3

bin/NIKYME...au.dll

windows7-x64

1

bin/NIKYME...au.dll

windows10-2004-x64

1

bin/save.js

windows7-x64

3

bin/save.js

windows10-2004-x64

3

hyperion.exe

windows7-x64

7

hyperion.exe

windows10-2004-x64

7

scripts/UNC TEST.js

windows7-x64

3

scripts/UNC TEST.js

windows10-2004-x64

3

workspace/...che.js

windows7-x64

3

workspace/...che.js

windows10-2004-x64

3

Analysis

  • max time kernel
    71s
  • max time network
    80s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    06-08-2024 01:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    hyperion.exe

  • Size

    58.4MB

  • MD5

    0ec4d20dccaa0aed06a491a4c9c1636d

  • SHA1

    b7aeed9a004193b472fc82296cd0d7f121978433

  • SHA256

    2cffa447570221c478089472e676991105bf71154549b40608eeac113f890515

  • SHA512

    81c77adc25ff0b01c039f2dfc35d38d169281db8892eb6c5b1123b4ea1b94f3eb080dffcd846c7a0ddff0512a58b594b5d583f89eadd5d9d91c7f3b478a6ce17

  • SSDEEP

    1572864:uvEb9dLgxquRke+EJYPLnB3e4tBwzBtJ1srDVSmCo:uMbgxzupnB3eCBw1T1s/cx

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\hyperion.exe
    "C:\Users\Admin\AppData\Local\Temp\hyperion.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2780
    • C:\Users\Admin\AppData\Local\Temp\onefile_2780_133673815828738000\main.exe
      C:\Users\Admin\AppData\Local\Temp\hyperion.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:1620
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2424
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x2e8
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1640
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\ConvertFromMove.mht
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2016
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2016 CREDAT:275457 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:756

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      219ce69280d02b3835faabeb5f70de46

      SHA1

      d8927ecd412508cd125d81c3516459f3a948235a

      SHA256

      b22f2b9c8485be8496e38b7d94f9995e34e7173a2a5f645fc8b460446d78bd04

      SHA512

      646f8bf3bbdd1251add95069eeaceeb05c073d3c2c5f051dea269369c3d75923ebf61fba2a2fa4011eecb80957618304ecec576f671662db92b6ec8f9d59c6b5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f727840d70348f6e63d7e19ea28e64a9

      SHA1

      fda1d8c6093c928fe67740a5cd4957eee8b6290e

      SHA256

      90a0fd6321032870aa6a65a176823acf81dc93c0acf216021a0215f57915aca5

      SHA512

      919c57c63c1bc6e6f59cbb6d5ace6c999221280efd0217dfe787323c9a6a820e36b17141f2dfaedf234d1d6fb372af7c357f3d53a7524a01b6431fca1d9a6e97

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4e77a50c3b1ac396fce80427cf6861dd

      SHA1

      619c1a09f3288b7db5256667c139d893358f9a05

      SHA256

      feeb9bb00b9019e54a2d2908b9d1c21f9730173c4b99b04630019f2d3e05e41e

      SHA512

      4e3e63f4830952edd949430f91d35b4f0835e32605f02cb3d35faff37bd5ce206bf3df9664226d74bafd3c9d90b5b3ccc1636dbb2cd6eb04145efa5a0ac3938b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      28191c8092fe55014b63bb41f2d9c305

      SHA1

      78045f32f9fbe76b95b2fef1a024e479c9b26599

      SHA256

      b0924cd152526ab0721ecc7d822c7bd23f1af207b35dff4192eb2b22ec96156d

      SHA512

      bb64cc46a8ed7f5f53312d7a45e583879c0f068d4abeba961df272d5964082a5eec5d6f1963b25191b778bda68c6715f48b39fedfbf2cb4fcaa0074689e82e74

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      73d511f72b0271d8e77b34cf47fe18a2

      SHA1

      b4b0a19e79621ea953a97a9063dd328c07f7d605

      SHA256

      cc13e40688459baa6d0805556ae559e2782636509f4bd3eab0f63b3819fd2b1e

      SHA512

      01f393f5ea4ec130ba6c14c84396002ac08dffb242b735352e4c210d6917015d5b1ef22fb870c4673cf16f84b935efcd8e3eac7dad759520f67625bf2ae54218

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      93cd76ab3d3c144c66d736bfbbc09c12

      SHA1

      ddfb775779be7d2ddec022dbd313419347d965bf

      SHA256

      d7f92845f69f35dda7116ffef129d4f8f2e2b972bbc6e2c1e76200bea0ffe66b

      SHA512

      2099602e214f537da52bd7d410ec2c45aabec215dd459ef0fe15ae1bae80778bf5ec0f08eea15bd9ed33f5a46234fb6c6827ed5bb58fcc8c2fcee9387f527986

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f745df3ef16eca13342d2342edc7c1da

      SHA1

      bb465fcf61382062d05e76c93bf0c06c28327fe8

      SHA256

      e17589984e29e90badd03dad5ed9bb02176c8afb67b1bafbf2c29e35c6875d61

      SHA512

      fff0890b5a8bc9b87385df563d3b5dca5dc06d317de58b8bbac1cd44b72187c6525f61e82d2d7c7addf2750562d5704724e2b9c2bd06706d7cb8668ec348a8d5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a98a2151f9b995e9c9444fc38c8c6011

      SHA1

      3e63b991e855e1d6eecd0e0340c9e28d882bfcb1

      SHA256

      7cc9a9407b010de1250cdee294abe59a7af5076a0a3d317961284a42282bf1a2

      SHA512

      7e9516b8895cb00b6d95ce0fcdaaeec2e02124d8f970035ab1e12a9e2b8e462b3a2282ca689803d5152eee6bb13723c95cd2af9a9b2c3a0a0b597401325a8610

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      6a433b37c449aa04e61f9c2a0352f365

      SHA1

      4205285662c6af87098de013426eac2b6e78f088

      SHA256

      8aac24ce14151c953d0580c310c89144eec088616a9622060d6b055021dbcf3e

      SHA512

      2e060b484afad24e474c757b6cf5f610959b1cf51ee0e66eab9fcd2c95ca71706d25fa1a75a2035afad62f04a1440f628a9b39ffcf516d105c6487ba73ca22b3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e2e0ad836fe809ea5e02385c91509267

      SHA1

      9e41789b694f9669c350780a2fd69356d765e243

      SHA256

      62da153a36c245a3dbf1c708e4a4ce8dec3a793b54a9842a837aa8048dab97e2

      SHA512

      22b44ac0f4512c0edc53188af8a47293784907e487696a05b6e2535c01a5763feb50b7bc0c55130573a498b8dc1ffa61d4219fb0da38d905d9cdb736a5fa41d7

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab78EA.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar79D7.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\onefile_2780_133673815828738000\python310.dll
      Filesize

      4.3MB

      MD5

      63a1fa9259a35eaeac04174cecb90048

      SHA1

      0dc0c91bcd6f69b80dcdd7e4020365dd7853885a

      SHA256

      14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed

      SHA512

      896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b

      Download Submit

    • memory/1620-102-0x000000013FCB0000-0x0000000143CA7000-memory.dmp

      Filesize

      64.0MB

      Download

    • memory/2780-199-0x000000013F3B0000-0x0000000142E4C000-memory.dmp

      Filesize

      58.6MB

      Download