Overview

overview

3

Static

static

3

HorionInje...1).exe

windows7-x64

1

HorionInje...1).exe

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    15/04/2024, 06:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HorionInjector (1).exe

  • Size

    147KB

  • MD5

    6b5b6e625de774e5c285712b7c4a0da7

  • SHA1

    317099aef530afbe3a0c5d6a2743d51e04805267

  • SHA256

    2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d

  • SHA512

    104609adf666588af4e152ec7891cedafd89ad8d427063d03fb42a228babefc59428b0c8b1430cb3fc319a5014d2ee1083ff2b74fa585cab2d86cdad346e8b08

  • SSDEEP

    3072:ckgHqUGSCoEslON/q178+oO3BAE4T/DvueX:cNHqUGSCPBh+7VST/Ke

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HorionInjector (1).exe
    "C:\Users\Admin\AppData\Local\Temp\HorionInjector (1).exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1772
  • C:\Windows\explorer.exe
    "C:\Windows\explorer.exe"
    1⤵
      PID:2632
    • C:\Windows\System32\conhost.exe
      "C:\Windows\System32\conhost.exe"
      1⤵
        PID:2760

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\System32\2mclctzfrvmkg.exe
        Filesize

        5.3MB

        MD5

        86c97835b1c81ab53dd0fcbe3aa5fffc

        SHA1

        8eaecac4b7745028c7ac5c5f18ae73c7ec57dc30

        SHA256

        11a61886d6a6d491feae11ad753aca834ffec392ed30cfba33eb08ac2edd3d8d

        SHA512

        bab7313d31a8f4bf33741cb795432840aa497c342fdda5e46b50a6a11e36d7938d7ab108e6d38f7e4f77e7f975ae415f94cfa608a2bdcec188f94b567eb6a5b6

        Download Submit

      • C:\Windows\System32\3hbxoibuljxfm.exe
        Filesize

        591KB

        MD5

        72055dedf9d9a69e5ffc96a7e3c1e6f3

        SHA1

        b872ced57c472b323cb29b44ea23d0387cd3904b

        SHA256

        e1b8bc26a84a70ce525ab15ee44ac7a1ad09077f9de4348145305bafb4a1f446

        SHA512

        bbf5b40ab5928fea18724e213aab6a61bb85331b12ec5c0d7eee27d6c38cbdbd983b03d5f0a52a58a9b0dc3eabea7826b7a21bffe0fda5819e29cfaccde253a3

        Download Submit

      • memory/1772-0-0x000000013F7E0000-0x000000013F808000-memory.dmp

        Filesize

        160KB

        Download

      • memory/1772-1-0x000007FEF5190000-0x000007FEF5B7C000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/1772-2-0x000000001AE90000-0x000000001AF10000-memory.dmp

        Filesize

        512KB

        Download

      • memory/1772-3-0x000000001AE90000-0x000000001AF10000-memory.dmp

        Filesize

        512KB

        Download

      • memory/1772-4-0x00000000004F0000-0x00000000004FA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/1772-5-0x000007FEF5190000-0x000007FEF5B7C000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/1772-6-0x000000001AE90000-0x000000001AF10000-memory.dmp

        Filesize

        512KB

        Download

      • memory/1772-7-0x00000000004F0000-0x00000000004FA000-memory.dmp

        Filesize

        40KB

        Download