Overview

overview

4

Static

static

3

Hemingway ...om.ps1

windows7-x64

3

Hemingway ...om.ps1

windows10-2004-x64

3

Hemingway ...or.exe

windows7-x64

3

Hemingway ...or.exe

windows10-2004-x64

3

Hemingway ...m.html

windows7-x64

3

Hemingway ...m.html

windows10-2004-x64

3

Hemingway ...ell.js

windows7-x64

3

Hemingway ...ell.js

windows10-2004-x64

3

Hemingway ...47.dll

windows7-x64

3

Hemingway ...47.dll

windows10-2004-x64

3

Hemingway ...eg.dll

windows7-x64

3

Hemingway ...eg.dll

windows10-2004-x64

3

Hemingway ...GL.dll

windows7-x64

3

Hemingway ...GL.dll

windows10-2004-x64

3

Hemingway ...v2.dll

windows7-x64

3

Hemingway ...v2.dll

windows10-2004-x64

3

Hemingway ...lob.js

windows7-x64

3

Hemingway ...lob.js

windows10-2004-x64

3

Hemingway ...de.dll

windows7-x64

3

Hemingway ...de.dll

windows10-2004-x64

3

Hemingway ...p.asar

windows7-x64

3

Hemingway ...p.asar

windows10-2004-x64

3

Hemingway ...cli.js

ubuntu-18.04-amd64

3

Hemingway ...cli.js

debian-9-armhf

4

Hemingway ...cli.js

debian-9-mips

1

Hemingway ...cli.js

debian-9-mipsel

1

Hemingway ...dex.js

windows7-x64

3

Hemingway ...dex.js

windows10-2004-x64

3

Hemingway ...dex.js

windows7-x64

3

Hemingway ...dex.js

windows10-2004-x64

3

Hemingway ..._mo.js

windows7-x64

3

Hemingway ..._mo.js

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21-11-2024 12:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Hemingway Editor 3.0.6/App/Hemingway Editor/resources/app.asar

  • Size

    205.2MB

  • MD5

    92204aaaded1ed09814c547e0beb259e

  • SHA1

    df6351fe9d94f468f025a92684cc3ed0e370ea73

  • SHA256

    eb810afcb28b9e76496730e646ceb369e02a6efedbed5a7270c976651721b9b9

  • SHA512

    e6cbc1ce352c068c93fbe1533d7ca96b48ce11f87e77ece216c3371c62f85d4479322e5d2ed0451d1b88edbbede39b7835a141a1393bc6b098d24b42227f057e

  • SSDEEP

    393216:t8ffgJHWDbVzwvKpiGVkspClkPiHe8fIvIkC5O+3opPTqTJf:uVziGVmdY4

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c "C:\Users\Admin\AppData\Local\Temp\Hemingway Editor 3.0.6\App\Hemingway Editor\resources\app.asar"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2064
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Hemingway Editor 3.0.6\App\Hemingway Editor\resources\app.asar
      2⤵
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:604
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Hemingway Editor 3.0.6\App\Hemingway Editor\resources\app.asar"
        3⤵
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of SetWindowsHookEx
        PID:2924

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    6db7757eaeb0208ae3be242a2e362835

    SHA1

    e355c949c4280d6a56c2815aacc0980f2ea9c0cc

    SHA256

    3888822bd6e0738b516433b7cb82931a127cbfccf82eb8f6e18bf77f6fde8ccc

    SHA512

    3be8cc6c0435f0321bbd177658dbbec3e8c492a52544e5d7b558054972ac9cda4203a8b10c40fa01c5ea76a0d2eed05965e0103d7b9a048d14aaf03becccd146

    Download Submit