2024-11-26_2771c5047c43a95cb2e844a824222524_bkransomware_hawkeye

Sharing

Copy URL

Twitter E-mail

General

Target

2024-11-26_2771c5047c43a95cb2e844a824222524_bkransomware_hawkeye
Size

671KB
MD5

2771c5047c43a95cb2e844a824222524
SHA1

4e8c124cac00278dd1900eb0276fd26ba662330c
SHA256

1e27b32cb569d966b7c4d0097561521a9e561bd186e3d95f4cf43c13b70748e2
SHA512

718b486d87eaebc84e192b57c5ddebff3abb5db73bbd72d5053b02c47f361e64b0eeee2eca36e3636b5dcb876f8c86847a85d8b79e96ba2ad3f4db2f0a1bc024
SSDEEP

6144:PJOEOW62VY+BwGPDtvKfgnJd5OgjvX+F1JjVXK6DuzoTqe:P/D6F+BwG7tvLqpCz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-11-26_2771c5047c43a95cb2e844a824222524_bkransomware_hawkeye

Files

2024-11-26_2771c5047c43a95cb2e844a824222524_bkransomware_hawkeye
.exe windows:5 windows x86 arch:x86

7f2cf3ffe94e02df03cdd966534f68e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BUILD_1066892\BUILD\Setup\Release\setup.pdb

Imports

kernel32

GetFileAttributesW
GetLastError
Sleep
GetModuleHandleW
GlobalAlloc
GlobalFree
GetCurrentProcess
CreateThread
CreateMutexW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
TerminateProcess
GetCurrentThreadId
DebugBreak
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStdHandle
WriteFile
TlsAlloc
TlsGetValue
TlsSetValue
GetFileSize
ReadFile
FormatMessageW
CreateFileW
SetErrorMode
SetEvent
ResetEvent
GetFileInformationByHandle
SetEndOfFile
SetFilePointer
GetFileTime
SetFileTime
DuplicateHandle
GetSystemTimeAsFileTime
SystemTimeToFileTime
CreateProcessW
GetTickCount
CreatePipe
CreateEventW
GetEnvironmentVariableW
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetDiskFreeSpaceExW
RemoveDirectoryW
GetFullPathNameW
CopyFileExW
MoveFileW
GetComputerNameW
SetConsoleCtrlHandler
GenerateConsoleCtrlEvent
FreeConsole
LoadLibraryExW
FindNextFileW
GetThreadLocale
GetSystemDefaultLCID
WriteConsoleW
SetStdHandle
OutputDebugStringW
FlushFileBuffers
LCMapStringW
CompareStringW
ReadConsoleW
GetTimeFormatW
GetDateFormatW
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
QueryPerformanceCounter
LoadLibraryW
CloseHandle
WaitForSingleObject
GetExitCodeProcess
GetProcAddress
FreeLibrary
CopyFileW
DeleteFileW
SetFileAttributesW
GetUserDefaultLCID
GetVersionExW
FindFirstFileW
CreateDirectoryW
GetTempPathW
GetSystemDirectoryW
GetCommandLineW
GetModuleFileNameW
lstrlenW
FindClose
GetPrivateProfileStringW
FileTimeToSystemTime
GetPrivateProfileIntW
RaiseException
LoadLibraryExA
IsDebuggerPresent
IsProcessorFeaturePresent
HeapReAlloc
GetLocalTime
EncodePointer
DecodePointer
RtlUnwind
HeapFree
HeapAlloc
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
TlsFree
GetStartupInfoW
CreateSemaphoreW
GetProcessHeap
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThread
MultiByteToWideChar
ExitProcess
GetModuleHandleExW
AreFileApisANSI
WideCharToMultiByte
HeapSize
FatalAppExitA
GetFileType
GetStringTypeW
GetModuleFileNameA

user32

EnumChildWindows
GetParent
GetWindowTextW
SetMenuItemInfoW
GetMenuItemInfoW
GetMenu
IsChild
FindWindowW
SetWindowTextW
SetFocus
GetDlgItem
DialogBoxParamW
ShowWindow
SendMessageW
MessageBoxW
wsprintfW
CharNextW
EndDialog

advapi32

QueryServiceStatus
OpenServiceW
OpenSCManagerW
ControlService
CloseServiceHandle
RegCreateKeyExW
LookupPrivilegeValueW
FreeSid
AllocateAndInitializeSid
EqualSid
AdjustTokenPrivileges
GetTokenInformation
OpenProcessToken
InitiateSystemShutdownExW
RegSetValueExW
RegEnumValueW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
GetUserNameW

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.zero
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7f2cf3ffe94e02df03cdd966534f68e7

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

Sections

.text Size: 236KB - Virtual size: 235KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 5KB - Virtual size: 20KB

.rsrc Size: 358KB - Virtual size: 357KB

.reloc Size: 10KB - Virtual size: 10KB

.zero Size: 4KB - Virtual size: 3KB

.text
Size: 236KB - Virtual size: 235KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 5KB - Virtual size: 20KB

.rsrc
Size: 358KB - Virtual size: 357KB

.reloc
Size: 10KB - Virtual size: 10KB

.zero
Size: 4KB - Virtual size: 3KB