Overview

overview

7

Static

static

3

a29865ffdc...3f.exe

windows7-x64

7

a29865ffdc...3f.exe

windows10-2004-x64

7

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$SYSDIR/remover.exe

windows7-x64

3

$SYSDIR/remover.exe

windows10-2004-x64

3

BKeeper.dll

windows7-x64

1

BKeeper.dll

windows10-2004-x64

1

Searchhost.exe

windows7-x64

1

Searchhost.exe

windows10-2004-x64

1

SearchhostUpdate.exe

windows7-x64

6

SearchhostUpdate.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    93s
  • max time network
    114s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/02/2024, 19:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    SearchhostUpdate.exe

  • Size

    1.7MB

  • MD5

    a1ed2891f6119cf42f62117a3715c729

  • SHA1

    4fa7f357308447d922f4b0ead18006f5f608f108

  • SHA256

    b72e2cc3baac8bde29ff9f14cad3c483ba6bf27fd74eea18719ef1b13082f410

  • SHA512

    4187acc4b31d397b46902411839bde4195ecfc0596b392b5c8d6eea5f79ef17bd0b009025dacab59b1ed4f3c3a0698a77368cd48bc4119699254f6791e0b1b76

  • SSDEEP

    49152:Z8Cy3H/oRBRpXiJcy/d7h+2pprNWnNPTq33w/62e49PF2:ZHGoRBfGcud7h+6pINPO386odF2

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SearchhostUpdate.exe
    "C:\Users\Admin\AppData\Local\Temp\SearchhostUpdate.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of SetWindowsHookEx
    PID:4120

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads