Overview

overview

10

Static

static

3

HawkEye.exe

windows7-x64

10

Analysis

  • max time kernel
    56s
  • max time network
    66s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    15-10-2024 19:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HawkEye.exe

  • Size

    232KB

  • MD5

    60fabd1a2509b59831876d5e2aa71a6b

  • SHA1

    8b91f3c4f721cb04cc4974fc91056f397ae78faa

  • SHA256

    1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838

  • SHA512

    3e842a7d47b32942adb936cae13293eddf1a6b860abcfe7422d0fb73098264cc95656b5c6d9980fad1bf8b5c277cd846c26acaba1bef441582caf34eb1e5295a

  • SSDEEP

    3072:BMhIBKH7j7DzQi7y5bvl4YAbdY9KWvwn7XHMzqEOf64CEEl64HBVdGXPKD:BMh5H7j5g54YZKXoxOuEEl64HZAi

Score
10/10
chimeradiscoveryransomwarespywarestealer

Malware Config

Signatures

  • Chimera 64 IoCs

    Ransomware which infects local and network files, often distributed via Dropbox links.

    ransomwarechimera
  • Chimera Ransomware Loader DLL 1 IoCs

    Drops/unpacks executable file which resembles Chimera's Loader.dll.

    ransomware
  • Renames multiple (1997) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 37 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HawkEye.exe
    "C:\Users\Admin\AppData\Local\Temp\HawkEye.exe"
    1⤵
    • Chimera
    • Drops desktop.ini file(s)
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1056
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -k "C:\Users\Admin\Downloads\YOUR_FILES_ARE_ENCRYPTED.HTML"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1768
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1768 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Java\jdk1.7.0_80\jre\YOUR_FILES_ARE_ENCRYPTED.HTML
    Filesize

    4KB

    MD5

    a1ab1d9948a2d69ff5d9002ef2e0911c

    SHA1

    2636378f365daa63cbde87da825395d0ddc2e98e

    SHA256

    e6bad30b2936de931a081f0678bf2dec6962fd9c12961bd61148916807d6530f

    SHA512

    c5bcfd0b2d9874208cccac668e0b0d76a2321d7654a204e29c5e9f8ca22e53baf62d2896474b2e1c7d3ff1548952b758a385a97527ad1155513821fb1f38016a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9ec5b2f1acbf3f6508f17814eb672fdd

    SHA1

    1e00bff830b64157b9955ea23ee9292152d84231

    SHA256

    d18a0dfe5e06ea4f3b914c35516f8bebca125fd9c9d5f1fcb1c3bcbb7b0c5d3c

    SHA512

    084868093d464105c107d247fe95ca11d9f71ee856937ed78c2d9ef2c869992030c3fc4560e9e2fd54595921927db2977c7bd5361a051b06f0be08a97fd7b1f6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4cdf8d491fcff635fd22623dd863ab30

    SHA1

    f0d4c3082e24144fbe4dc7002047b36edafaef7c

    SHA256

    f1466edb3a3bb0322f92139f2c26eeb49f3fe44a77c524ac5d007a8a38489d70

    SHA512

    4055cd9b37792254165bc2f4cfbc533ba412a9ae9aa07dee0482241880f468a9b89dc98ccc97f3c86748ca94b2f5d338567214dad457cdefbe6ef88ad75f57d7

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    164c204603a74a172ccb968f5534c7cd

    SHA1

    886e7d99b4e28e5c7e15bbdd153ef96db3980979

    SHA256

    f94bf6a67c9071311b4090f4d4068452e30035f817af7bcfd23bde1c208bf256

    SHA512

    613f69d5a644f9626adbb91bc2c5c5dcbcc067c07ddb64c16a8c05789342d5087b20f6077d74d6468f71ef7a37a795ce98d328491f623180e83e6522066fe393

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    18e6e40bb7362bdaa2e961bbe169c4bd

    SHA1

    718975f422e07b9650aa87cb0044d769b84b75ae

    SHA256

    d14b1d28d9b686c8fded0c17db99194aca83977b7079732fbd54f0539738c9b4

    SHA512

    d541784d0e1f95bf4632c3f3e6f0ceb7c4e6e2eccc67cbb5488b16c4e16f912a99320e37bfe5d443150e4e799ed71a8f9b29a56ba1f311a98faad5c9d8965f32

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2f855b2f6fdba11836d0d1f32b89a130

    SHA1

    92ab26bd47a5609ef7b793af5fc28063c55bf7f3

    SHA256

    8f4286d21a9ed746f7b97994461adca98e1aff7f2efcc199b084d9dacd2c36bf

    SHA512

    da945f0922a2fdcc3b86571c9cc47711d55ff5b2f6850c958fba287515f9ef22f155127751ec3848baa40b258978aa91550f7b3230ceaa0281d434589c617fbd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    20fbb640ef93c2e66a04582a795347c7

    SHA1

    57a61522ccc933248adcc6b9cd96d81fd0ff5657

    SHA256

    6adb5d5646c6c92fbd2c06ea7bd8943f4f2acfcba888ccf1410e0994719658e2

    SHA512

    6735e7ee0e0728e19ec0a7cf5eac92ae7e4ac70404bae4dbfb119cb2d27df753d32303aeaedad558a09a63695ba800d7f4dd75936b172955de213d01a8802d09

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    025ba7b3155449640194912526dd8c41

    SHA1

    12ac9514c30e45ec1d19f117cb2a8e9d3efb6fa5

    SHA256

    5f24726f79d8a8522fb7703bf8e442adc4d3e7f2edca39d70b0b8965116f7ebd

    SHA512

    0c153ac717d4e155caa6d2686d41a16fe034743be7db344d80c719d71e580c8ae19b2889276880a4c2363512fa3190ac229ade48ca57a7232aa100783c5d33a4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9061ba4bf70c3cee723382e6a8b80098

    SHA1

    3bfa6e5061784bde08b7c618e8d139b7ad9aa0b5

    SHA256

    8fc55eed8983d7d41f62b6c5cfee340fc3583e6141e904ed77470d16a39d1ccd

    SHA512

    05c54a565d6951f70684afa8850fdf14e1fcc24d73c1804184040e395bbe67bb379b1c3ed0bb6ec58a104bdca81633f89a36ba5c0ff1a200e4dc9f9c5c4fe3b0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8dd8f374da765a77aeb0e9eb67c51f2b

    SHA1

    bf1718b0e1f6a1338c301c84011f2f8667332542

    SHA256

    c57856aeacaae84ea56dc25a3a0f35d2a024085dda20811c17037863608dde84

    SHA512

    502de1a0620eae10235ce020f70aa472f1ccbfa61a53c11321c4a9a9a4c736dba7c1b2d782cbca9c128a9f667c959e7a2568391053fd337ceacbf29e373e8b2a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c0a3f12115639944b5735ba90d93565d

    SHA1

    fc78701448876e918e36a877725812442a864a0e

    SHA256

    c1b21ec13a58ad245f11110f3f86726cd8470db2cf12b46f582c04d6e67407a1

    SHA512

    1e5c178c86e678aea7238e93250c08a1acf47cb02d561d16a8f03922e2c1c45a32ecda09c80187cbb81c483682e7cc8eb22504c74a9f22431eef6c9ec51d24f3

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabC959.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarC9CA.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/1056-9-0x0000000000640000-0x000000000065A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1056-1-0x00000000740B0000-0x000000007465B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1056-0-0x00000000740B1000-0x00000000740B2000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1056-2-0x00000000740B0000-0x000000007465B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1056-3-0x0000000010000000-0x0000000010010000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1056-8-0x00000000740B0000-0x000000007465B000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/1056-916-0x00000000740B0000-0x000000007465B000-memory.dmp

    Filesize

    5.7MB

    Download