Overview

overview

3

Static

static

3

hydra-5.4-....8.dll

windows7-x64

3

hydra-5.4-....8.dll

windows10-2004-x64

3

hydra-5.4-....8.dll

windows7-x64

3

hydra-5.4-....8.dll

windows10-2004-x64

3

hydra-5.4-...n1.dll

windows7-x64

3

hydra-5.4-...n1.dll

windows10-2004-x64

3

hydra-5.4-...ra.exe

windows7-x64

1

hydra-5.4-...ra.exe

windows10-2004-x64

3

hydra-5.4-...or.exe

windows7-x64

1

hydra-5.4-...or.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-08-2024 03:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    hydra-5.4-win/cygssl-0.9.8.dll

  • Size

    214KB

  • MD5

    2714cce8b8a660118144f110b3686a3d

  • SHA1

    4606236784c4a4d91fe30f1e4776aa325bb0d87d

  • SHA256

    b7bcb26c8f2ad4ecc9b87be507389c4518956d7a3334b2e42e7f19f68d3a929f

  • SHA512

    c9da0077382e4e0d364bc1aa06b4175c02204a39abc3a3f8a8e3740bbd75a52c9f1842be544765199c68af20c3e1608ca4850148c5e3c017b890a629c02d2b80

  • SSDEEP

    3072:bXCAr65CA5UBet1LL0iw9SaQJRxWgSQmxXRjIqAopXcVB78tQQDccyd8kHMvqNUR:btW5YGL0ZsJigSlxMzbddHe

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies data under HKEY_USERS 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\hydra-5.4-win\cygssl-0.9.8.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4984
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\hydra-5.4-win\cygssl-0.9.8.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2668
      • C:\Windows\SysWOW64\rundll32.exe
        rundll32.exe C:\Users\Admin\AppData\Local\Temp\hydra-5.4-win\cygssl-0.9.8.dll,#1
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies data under HKEY_USERS
        PID:3920

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2668-1-0x0000000002450000-0x00000000025D0000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2668-0-0x0000000061000000-0x0000000061180000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2668-3-0x0000000002450000-0x00000000025D0000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2668-4-0x0000000061000000-0x0000000061180000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/2668-5-0x0000000010000000-0x000000001003A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/2668-6-0x0000000063000000-0x000000006310C000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/3920-2-0x0000000061000000-0x0000000061180000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3920-11-0x0000000061000000-0x0000000061180000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3920-9-0x0000000063000000-0x000000006310C000-memory.dmp

    Filesize

    1.0MB

    Download