Overview
overview
10Static
static
10HydraDrago...tch.py
windows7-x64
3HydraDrago...tch.py
windows10-2004-x64
3HydraDrago...ter.py
windows7-x64
3HydraDrago...ter.py
windows10-2004-x64
3HydraDrago...ter.py
windows7-x64
3HydraDrago...ter.py
windows10-2004-x64
3HydraDrago...tor.py
windows7-x64
3HydraDrago...tor.py
windows10-2004-x64
3HydraDrago...ing.py
windows7-x64
3HydraDrago...ing.py
windows10-2004-x64
3HydraDrago...ker.py
windows7-x64
3HydraDrago...ker.py
windows10-2004-x64
3HydraDrago...ins.py
windows7-x64
3HydraDrago...ins.py
windows10-2004-x64
3HydraDrago...lip.py
windows7-x64
3HydraDrago...lip.py
windows10-2004-x64
3HydraDrago...tic.py
windows7-x64
3HydraDrago...tic.py
windows10-2004-x64
3HydraDrago...ted.py
windows7-x64
3HydraDrago...ted.py
windows10-2004-x64
3HydraDrago...ers.py
windows7-x64
3HydraDrago...ers.py
windows10-2004-x64
3HydraDrago...ng0.py
windows7-x64
3HydraDrago...ng0.py
windows10-2004-x64
3HydraDrago...ing.py
windows7-x64
3HydraDrago...ing.py
windows10-2004-x64
3HydraDrago...eck.py
windows7-x64
3HydraDrago...eck.py
windows10-2004-x64
3HydraDrago...ing.py
windows7-x64
3HydraDrago...ing.py
windows10-2004-x64
3HydraDrago...ng0.py
windows7-x64
3HydraDrago...ng0.py
windows10-2004-x64
3Analysis
-
max time kernel
141s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
26-12-2024 23:05
Behavioral task
behavioral1
Sample
HydraDragonAntivirus-main/website/fullymatch.py
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral2
Sample
HydraDragonAntivirus-main/website/fullymatch.py
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
HydraDragonAntivirus-main/website/hydraupdater.py
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
HydraDragonAntivirus-main/website/hydraupdater.py
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
HydraDragonAntivirus-main/website/nochracter.py
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral6
Sample
HydraDragonAntivirus-main/website/nochracter.py
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
HydraDragonAntivirus-main/website/theunknowndetector.py
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral8
Sample
HydraDragonAntivirus-main/website/theunknowndetector.py
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
HydraDragonAntivirus-main/website/tools/containsnothing.py
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral10
Sample
HydraDragonAntivirus-main/website/tools/containsnothing.py
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
HydraDragonAntivirus-main/website/tools/domainchecker.py
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral12
Sample
HydraDragonAntivirus-main/website/tools/domainchecker.py
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
HydraDragonAntivirus-main/website/tools/noipinodomains.py
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral14
Sample
HydraDragonAntivirus-main/website/tools/noipinodomains.py
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
HydraDragonAntivirus-main/website/tools/nolocalip.py
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral16
Sample
HydraDragonAntivirus-main/website/tools/nolocalip.py
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
HydraDragonAntivirus-main/website/tools/problematic.py
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral18
Sample
HydraDragonAntivirus-main/website/tools/problematic.py
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
HydraDragonAntivirus-main/website/tools/removerunwanted.py
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral20
Sample
HydraDragonAntivirus-main/website/tools/removerunwanted.py
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
HydraDragonAntivirus-main/website/tools/removeunwantedchracters.py
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral22
Sample
HydraDragonAntivirus-main/website/tools/removeunwantedchracters.py
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
HydraDragonAntivirus-main/website/tools/trashing0.py
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral24
Sample
HydraDragonAntivirus-main/website/tools/trashing0.py
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
HydraDragonAntivirus-main/website/tools/whitelisting.py
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral26
Sample
HydraDragonAntivirus-main/website/tools/whitelisting.py
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
HydraDragonAntivirus-main/website/tools/whitelistingrecheck.py
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral28
Sample
HydraDragonAntivirus-main/website/tools/whitelistingrecheck.py
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
HydraDragonAntivirus-main/website/tools/whitelistking.py
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral30
Sample
HydraDragonAntivirus-main/website/tools/whitelistking.py
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
HydraDragonAntivirus-main/website/tools/whitelistking0.py
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral32
Sample
HydraDragonAntivirus-main/website/tools/whitelistking0.py
Resource
win10v2004-20241007-en
windows10-2004-x64
General
-
Target
HydraDragonAntivirus-main/website/tools/trashing0.py
-
Size
376B
-
MD5
6a4099dd88201bab75eb9972077c1bb5
-
SHA1
db26a8faf92fe5cbdc65a31f7cad93039502f67b
-
SHA256
f5222c18bb67484a2928b0cb79f3b40e6924a59461f3c984198b69bf1b8ecb8d
-
SHA512
0cdfbe77b82e5066f8db21457fe16d908668ad05959453a45419f9a8d4fb8d53fa4d53095769095543979cdd0a9bb46eeac08cdee9cc65b09563f2299cb87b1e
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IEXPLORE.EXE -
description ioc Process Set value (data) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31152107" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000013f787289f1be14e87be8dc204ff715d0000000002000000000010660000000100002000000039390a3a962a5c7e1e6b742f14ffa64a1e4a5fe485e20a44e6be6215ee2cb060000000000e800000000200002000000041230699711164afb644b520a93c58b1967e1af29621f1854e1b4a2de419a9722000000037565d74b6c304969f48e6a0e61e1cd53ce46c897706332d545c1cafaf99f824400000003054e758efd64116277c50a87eccbaaf081865fbca58544d0af3a5e50e8e3da71dd1393cd0dfc6fca0e228c4c353c092cba527436c29c34933ea12e5187c9bd3 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a067b667eb57db01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\GPU IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\"" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1726259151" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31152107" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000013f787289f1be14e87be8dc204ff715d00000000020000000000106600000001000020000000c9f8fa19901cb442bf3d91a8547a00e9748e71257c74c2bbcc4c6da538a5e8b4000000000e80000000020000200000002b9ad050960d5d1c9c93a9864778f1c12ef667defce5f1f1963c0cb9c6c37c0020000000dfe0aaa49f04499a6579e445ffd0775701205197d15cc8c6cc1b7b71c11ede7740000000a06459cf1fadb3557b9b9d6ed66f405ed5819879c0efa7464b2af6e4ff65e343c1eb61643aac2c42ced8b2d8e975f13e20729d32aee5ed72b9f386e8c47b5109 iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 7098c467eb57db01 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "1730009182" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "442019592" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{92599633-C3DE-11EF-B319-FE5A08828E79} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "1726259151" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31152107" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings OpenWith.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 3408 iexplore.exe -
Suspicious use of SetWindowsHookEx 23 IoCs
pid Process 2508 OpenWith.exe 2508 OpenWith.exe 2508 OpenWith.exe 2508 OpenWith.exe 2508 OpenWith.exe 2508 OpenWith.exe 2508 OpenWith.exe 2508 OpenWith.exe 2508 OpenWith.exe 2508 OpenWith.exe 2508 OpenWith.exe 2508 OpenWith.exe 2508 OpenWith.exe 2508 OpenWith.exe 2508 OpenWith.exe 2508 OpenWith.exe 2508 OpenWith.exe 3408 iexplore.exe 3408 iexplore.exe 2856 IEXPLORE.EXE 2856 IEXPLORE.EXE 2856 IEXPLORE.EXE 2856 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 5 IoCs
description pid Process procid_target PID 2508 wrote to memory of 3408 2508 OpenWith.exe 100 PID 2508 wrote to memory of 3408 2508 OpenWith.exe 100 PID 3408 wrote to memory of 2856 3408 iexplore.exe 103 PID 3408 wrote to memory of 2856 3408 iexplore.exe 103 PID 3408 wrote to memory of 2856 3408 iexplore.exe 103
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\HydraDragonAntivirus-main\website\tools\trashing0.py1⤵
- Modifies registry class
PID:3380
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2508 -
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\HydraDragonAntivirus-main\website\tools\trashing0.py2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3408 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3408 CREDAT:17410 /prefetch:23⤵
- System Location Discovery: System Language Discovery
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2856
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD5863881560832be6db3d7e95507b796d8
SHA1bab29c682b73454cb94d1a0edfaae5fd64d076f6
SHA2561b8c898d463e9947656d97610caa6068a39c17fae72baa9168113364b7f70063
SHA5120556ac3e08e23d12ba2558e3e1320f8c7591359a003c6b98e3d93208361000c3fc25dc13e9f4a3575ef854bd903b32f62a36e541ba10de67f38663d8d8debbcb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize404B
MD52d67c43b133e3c10000bd6ae97e66ba6
SHA1a7bff6bbe00d2d4f000cc458f64c6df407ed3fad
SHA256d71641a47553c348a3e4ce84cb19bdf856c096bbae6b9c64bedae7da06da5909
SHA512aceffa0e425c454af51c5267a17c15d3b8e5d76b5cc62d26740f072266fec31c5f8b58a7b7940d44a47c0a0e82846953f6865115346af23ea0ef3f0a7394e35f
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee