Overview

overview

10

Static

static

3

HawkEye (1).exe

windows7-x64

10

Analysis

  • max time kernel
    92s
  • max time network
    95s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    24/02/2025, 19:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HawkEye (1).exe

  • Size

    232KB

  • MD5

    60fabd1a2509b59831876d5e2aa71a6b

  • SHA1

    8b91f3c4f721cb04cc4974fc91056f397ae78faa

  • SHA256

    1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838

  • SHA512

    3e842a7d47b32942adb936cae13293eddf1a6b860abcfe7422d0fb73098264cc95656b5c6d9980fad1bf8b5c277cd846c26acaba1bef441582caf34eb1e5295a

  • SSDEEP

    3072:BMhIBKH7j7DzQi7y5bvl4YAbdY9KWvwn7XHMzqEOf64CEEl64HBVdGXPKD:BMh5H7j5g54YZKXoxOuEEl64HZAi

Score
10/10
chimeradiscoveryransomwarespywarestealer

Malware Config

Signatures

  • Chimera 64 IoCs

    Ransomware which infects local and network files, often distributed via Dropbox links.

    ransomwarechimera
  • Chimera Ransomware Loader DLL 1 IoCs

    Drops/unpacks executable file which resembles Chimera's Loader.dll.

    ransomware
  • Chimera family
    chimera
  • Renames multiple (1999) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 37 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 35 IoCs
    adwarespyware
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HawkEye (1).exe
    "C:\Users\Admin\AppData\Local\Temp\HawkEye (1).exe"
    1⤵
    • Chimera
    • Drops desktop.ini file(s)
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2532
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -k "C:\Users\Admin\Desktop\YOUR_FILES_ARE_ENCRYPTED.HTML"
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2928
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2928 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1428

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Java\jdk1.7.0_80\jre\YOUR_FILES_ARE_ENCRYPTED.HTML
    Filesize

    4KB

    MD5

    d3be8984be57a63e22e436b739762697

    SHA1

    4ed508173e7f893e7515099ab35cddf39d0c2e12

    SHA256

    97c1ac2da973b11e8477182f4b4994145dd5d960adcd44df15bfe236c08026c6

    SHA512

    14b9548c413a6d514f8b60e0a713ca0495a1691cba2d8829ab5bbd18baa25953915edfee53b4ed554fbef9b7ee902c824d6236cd8b564a23bacd41d310f7326c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    df47d0950312b4949b4e81a2d47b7671

    SHA1

    480caa592a7e510d7afcc4d69c8f49f06bc7147d

    SHA256

    ca9b902c76331986351723c7fafe4aaf835d0cb9e8c7c68a65257e6497b0fa12

    SHA512

    ea0afae05ead05e8b0b7882e9cf140e686aad6be688c3da3a1db8f09332284167271502f9721ae2a39dc28d8b24b834fab90ccfe80e8831fcfe648a4a27d4677

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c5ff2cbc21405691a1e9190fe21665f9

    SHA1

    8d0ea9b03209882b3e26de7c09652df074eda438

    SHA256

    4e04fc21b1901d505ec386817db58488b7ada6bc7808ea783d976923eb6b98f3

    SHA512

    64b1726f0bde6ef0142b9c507e02fcfcb29da2161973a560ccd80cd16b1548a54dde0cccdb77476d5ba598e7213d78d0ef7d96bb6c5bf2f7943da470a583896b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8b1263b91b4e0eb991e20f29c640a0aa

    SHA1

    d2c642fd9e5a14136c6ef6999917195b00b4010b

    SHA256

    fc601efb9801f50d10692c1cdcd4cc5cbffa028bad8f698e6d6d0d9525c109fc

    SHA512

    7c006f392da73653340ac9af06d6efae5df0599eb7ea93ad1c0cb42ce078cb0e6f19f7749f74b01c4106c0e60dd61ccfeb1ff616ae950c305a99b6ebc99bdf25

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c34196059a7c183bb1bc66642612b2ab

    SHA1

    ba8789a2e5a01679f2e304876329adefae194c84

    SHA256

    5469bae0dd512d1100f532f99cbd668eb1fcb50e1dd2b190fb334996564dc80c

    SHA512

    4d3edf5861acb523817dcf90f4d36fd2470ba90ddae6a1d69f75b34a2e59277cee8fc49386557b50ae06f90f093947749378d31d9f119a16aadd8f3da48c98de

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9cbcc49da19ead64c26eacd6138e34d7

    SHA1

    d578c233bbace5aa5007e5c2f7aee5f0601c36db

    SHA256

    ac7bc88fc0875a79b5afa2ae9c4ddf000c1331b5442df26b4b0c4d2a07d77301

    SHA512

    dc040cae3cb968deb59e22a1803e150e8be22d81574f1ba3f3cf6cb6a5c570ce37e127d68aaaf4d69ed635940b8c82071d484110e7fa08bcc6c167ac0e685bd9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    de4ad2a5f7d96ae133d99da49dfdebc0

    SHA1

    2b14814ff18206370356593b4be8af6f77d9a829

    SHA256

    4f9a4f89ac1f2fa07ed671c1be1905efd4396e40614727bfa116543e4534e965

    SHA512

    c2158641e7fb5450a073df74fe2bea68cddbb3e3985cb8d7b137f5d017a1a30ddc7664b9644a8a4eeba2c13b139390736a5a61eaee0dc4ca7750174c6d98f534

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fafd1e5cce3e969bc6856ce02b6e60f7

    SHA1

    4a5f2502505011a5b718aa8fb962b1c0619afe8f

    SHA256

    3e8652cebda62d2b80fe8546174be86673fbc9d8ad8e7f915bdb2839f9c07b5b

    SHA512

    76002375a6573468896b6822944757148598ee93237c8c5c4220553385f1091a0c6d9f6cc298dae1a1b334bcbe4294a62964019df2bc903e21bcc72f5181ee92

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1d950c800706235ab5e2be6284db5691

    SHA1

    a6812efabe06f680289623f7b42f4c5bb55e0bb9

    SHA256

    9f8d81b9c2877e968c48caee65d139b82dfba7ccbd6187cb0884869dc582caed

    SHA512

    36632071b8142a8dc8a97ab1eefb97e856df1bf6ec53015c0d3a1f262fcfdde656c2245f9e43aed0b92a75d6d7b71261f4f4b3df3db6aea5e2eb38bd7249d997

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca80f124e7a359e94d0e7dc2a7a5b855

    SHA1

    c2affa0c3287a16c6cddcfbfc5aecb1d6c54e8d2

    SHA256

    ffc21c12325025ff04c6611a885f70b70fa4d0794f9025f48ca347a5dc77bc28

    SHA512

    1283d2dd202e921de321062c035cd89b37f7088e24f770241c50a5551f29b719e405dd63cdc72e0820fb21a1b484f25e215388dc9de962ac7344042e81989224

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    64e37f5c7bfa1a9ffe4db2d52ec76235

    SHA1

    9a527214d509b4db99160101e26a72f409bc5dbb

    SHA256

    4c22e825152913cd916d90e824d71d6b42b99c051abe64c5c1935407a82583c9

    SHA512

    9efe04a1b3e3cdeae24c5dbbda61004781f431354a548fc40008951b5cc449436b3845e203293c3c312692654ea3a66134aa02599a77ebde5ee1806a8e724d0e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    991a35eb416f34a326c78009975421f1

    SHA1

    33c5d74dfcdcfea5ab9a52662a4650f4371c0500

    SHA256

    0fdec795c008300de1a17817dc90decf78b21df047f0212340defd71b44e5da8

    SHA512

    271e8d122acd85d3b7aa92686a0f6916c030d9f0b6a94716b450af22d2dbf700c9d0e280ab172a273727b7d49dd2a32759560d675bddd18a3ad180a85891a71a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b187599388d57214cbbc20f56e6af684

    SHA1

    649dc57754e4459aef13ac456edf7b2f648139c2

    SHA256

    fbd79223c79817d3725eaacda497b61c0644332a7d2f83d0035842f3e50897c4

    SHA512

    58a06afa047dbe4f21cfe0ff261b477f2db23a5fa0376f6fd9efc32e11b1dd7587d94e12de621a2aba0a3cfff63c9b1e568374a168e0beaa1ed53f8e92ca2276

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d938097c3b508c802ddc5b75956e849a

    SHA1

    af8ec878fbf005a051a8ac7b8c6940ffdf1610b6

    SHA256

    77ac9678f04595fc8a21710f7f33cb791a9440053688f36ed59698b8157316f0

    SHA512

    fad5e5123faf3ac53ab9951b560c3621582d409480fd4797639059e7c643b4b3d4e17b687fb33cb9f8a8f8d212eee7ab8c111cbd697cb83b9c7c4fb8f2c2b373

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    82a3fbfd899cfef443c71d4ff0823e08

    SHA1

    097c7f724cb1356fea631a5d4a8edc649aae9680

    SHA256

    f1061c5108baa29d00c0eef500951924e0c0ad4fe27ddc250f09254f2831c4f3

    SHA512

    f1076dd7f946cc9ac6c481448d90cab0689e83e71f2cd31697380d2b30f645a872ba716736b36e400d6342607e72fbfceb9a3f610bea5b5f689a522470e753a2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    11e8f18fc6d51f3956708b62497177c3

    SHA1

    37b44acf8bccecf12cb9cd0987b9f07ea163e5b9

    SHA256

    67832a8497d534f47c56e07f57cd548d6fa306223d9d5ed8c587312655eb38f7

    SHA512

    2e95da218d614832998661d6788266e7c4f12d23efc1c2f3597159573bdafaaede2757ed431a107fe9d1410703ce0116aff1c003fcf5998438678700e7bbc29a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    20815abfd19209a5675d19c14fe989b5

    SHA1

    9a76ac8f3258674aadc604368a82708cc240fca7

    SHA256

    9a10f47d78c2533f64298b7ccbc1f1d88b24c7532b1b1b271b55f7c413864b18

    SHA512

    f25a2b6c441f75a47bd91fdfd5102bc08d813153f8fcab79fbf376704ae2197133366a1c580e9e47234532adc9b1b1c04b22d0437f22db3f5dc75491985e2fc2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7f845cf9c0eefd26b3a7dc87a19fe1cb

    SHA1

    4a6e5bae00a1d23a4f826d6255394a192e5efd63

    SHA256

    645b8ee042117e6e4a1d643ffe469ba5e1a6f722c5e46a501a33317f69ffad43

    SHA512

    8b3c3c36d0e99bfb5cfbe2634c340085422287896a668b9265c2b168a7d3da5a8a5b981aaf9a854556f97a90e07e395b33e4519eb590d8c6f83e9fde4f64ad0c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    922d65d8b0d92cd16032e87dfb8745fe

    SHA1

    cf77601b79985b44407cea7009491ba943a5033d

    SHA256

    a84285dc60c7e3549b783a6718fa11c1db1e889ca036807893cc66e2b70b5ab0

    SHA512

    fc8081acf561e4a5910ec479d0a643471546b8c85a893c5faf6c0ea471f5999cbef75ab2e8b327696247f600e3bb648c81c2108809015c79c515fbb3327c2ce4

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    912a74920ebbc644dfbc719c27ce3f19

    SHA1

    f4f3fb9947b52f526761b02bba43b91c4b79195e

    SHA256

    d0cf98bd96c397ee62b29cb041a7e9b2542bac643fd4a1b1d82b60d78c7c022b

    SHA512

    49d7440ab631cb5847017b335b907edc30136f9e8c62ade60ab817de7752626fb8470b2ea15c83d6521eb9c8a2a1e282e57b32f26dd9bc514c88cd9ffbf27966

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    112ad3a2b4073914958b3c85e9bd3268

    SHA1

    32984214d52a2b369b2b3e3459c2c51097ece723

    SHA256

    6d1f351b351880d91853989938a1e6bd578e78f1aba16387b91d3104a8599d32

    SHA512

    d6323b5ea8e65d65db6c9c3cb3e5ad584ad0c5c8b589a318a0b7b2d06ad685f72ca94180beb54367b83761a36431a551588a193ec4eb65c08f359857f49399e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    600221cb48e8f27f5612257a9f088424

    SHA1

    ed775d06ac356ffda75e5d0782f58596dfdd7026

    SHA256

    ff47d0a5130483f4b740e41e20562ac73f7d9c1f253d9f412fe476b1e57b747b

    SHA512

    a23f1cbe8037a9f93e58c87ea563aca9bf27b193640c769c928a6dd17d0d928995aff9acd7266b5447e56ffa87198a1d5d4f096bbb3b921b9d2b4c2929129e12

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    c444f131e1392288894f194f32fa440c

    SHA1

    5ec3f8047e5f964f4f204cae739ccac366f3f6d6

    SHA256

    9507e145e7a9265b496556292322f0ca1513299be2b7b3eeb196486fafd488b0

    SHA512

    c5badba9da639ed66a8ee8626bb28d3d46fc39eae5791c2d514b28782906735ecae0721acb24e1dce2809101fdd6f3b4d57964c43d945395bdec3d1cf9d0811a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabE072.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarE14F.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2532-0-0x0000000074E21000-0x0000000074E22000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2532-998-0x0000000074E20000-0x00000000753CB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2532-9-0x0000000001DF0000-0x0000000001E0A000-memory.dmp

    Filesize

    104KB

    Download

  • memory/2532-8-0x0000000074E20000-0x00000000753CB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2532-3-0x0000000010000000-0x0000000010010000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2532-2-0x0000000074E20000-0x00000000753CB000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2532-1-0x0000000074E20000-0x00000000753CB000-memory.dmp

    Filesize

    5.7MB

    Download