Overview

overview

4

Static

static

3

Hemingway ...om.ps1

windows7-x64

3

Hemingway ...om.ps1

windows10-2004-x64

3

Hemingway ...or.exe

windows7-x64

3

Hemingway ...or.exe

windows10-2004-x64

3

Hemingway ...m.html

windows7-x64

3

Hemingway ...m.html

windows10-2004-x64

3

Hemingway ...ell.js

windows7-x64

3

Hemingway ...ell.js

windows10-2004-x64

3

Hemingway ...47.dll

windows7-x64

3

Hemingway ...47.dll

windows10-2004-x64

3

Hemingway ...eg.dll

windows7-x64

3

Hemingway ...eg.dll

windows10-2004-x64

3

Hemingway ...GL.dll

windows7-x64

3

Hemingway ...GL.dll

windows10-2004-x64

3

Hemingway ...v2.dll

windows7-x64

3

Hemingway ...v2.dll

windows10-2004-x64

3

Hemingway ...lob.js

windows7-x64

3

Hemingway ...lob.js

windows10-2004-x64

3

Hemingway ...de.dll

windows7-x64

3

Hemingway ...de.dll

windows10-2004-x64

3

Hemingway ...p.asar

windows7-x64

3

Hemingway ...p.asar

windows10-2004-x64

3

Hemingway ...cli.js

ubuntu-18.04-amd64

3

Hemingway ...cli.js

debian-9-armhf

4

Hemingway ...cli.js

debian-9-mips

1

Hemingway ...cli.js

debian-9-mipsel

1

Hemingway ...dex.js

windows7-x64

3

Hemingway ...dex.js

windows10-2004-x64

3

Hemingway ...dex.js

windows7-x64

3

Hemingway ...dex.js

windows10-2004-x64

3

Hemingway ..._mo.js

windows7-x64

3

Hemingway ..._mo.js

windows10-2004-x64

3

Analysis

  • max time kernel
    143s
  • max time network
    275s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-11-2024 12:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Hemingway Editor 3.0.6/App/Hemingway Editor/libGLESv2.dll

  • Size

    2.2MB

  • MD5

    295240747d8ddf40a7b7f9bea7b1faa5

  • SHA1

    a6e932650d1f8815e44786bcbdbb5493ebca6268

  • SHA256

    c84b74b77dc3066952d5284eb83d38c579c4cb282070cff98a18f7e4fec01235

  • SHA512

    42b026166b7b905ad51e53599dee56e208186cace0781fad8168c3f9470cbc435bad6a9d94710bed1111f001e54903987105633a258e9903e8d1cae1f64b640f

  • SSDEEP

    49152:GF6K8qduL+Xnwc44vHWST5CKZzNIZlW84t9TD0Z5W39UkNYlcVM0NX+H0R2gPErd:y6VOnttvHE2zNIZlW84t9TD0Z5W39Uk3

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Hemingway Editor 3.0.6\App\Hemingway Editor\libGLESv2.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3808
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Hemingway Editor 3.0.6\App\Hemingway Editor\libGLESv2.dll",#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:920

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads