Overview

overview

7

Static

static

3

files.zip

windows10-2004-x64

1

HorizonXbe...PF.dll

windows10-2004-x64

1

HorizonXbe...IX.exe

windows10-2004-x64

7

HorizionXbetaFIX.pyc

windows10-2004-x64

3

HorizonXbe...UI.dll

windows10-2004-x64

1

HorizonXbe...up.exe

windows10-2004-x64

7

HorizonXbe...up.exe

windows10-2004-x64

7

HorizonXbe...st.exe

windows10-2004-x64

6

HorizonXbe...64.exe

windows10-2004-x64

7

HorizonXbe...86.exe

windows10-2004-x64

7

HorizonXbe...64.exe

windows10-2004-x64

7

HorizonXbe...86.exe

windows10-2004-x64

7

HorizonXbe...st.msi

windows10-2004-x64

6

HorizonXbe....0.dll

windows10-2004-x64

1

HorizonXbe...50.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    1735s
  • max time network
    1173s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-04-2024 09:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    files.zip

  • Size

    68.3MB

  • MD5

    3fd27b37ad201d867bbd49fd8eef92e4

  • SHA1

    030c3c6bb5afd32d89ae0bad8cc1ae9a9164deac

  • SHA256

    625c6bec52405dc8028322799222b5871253d4f71f5ee29e9155499a823fac1f

  • SHA512

    8afee14bef73c0a5c058fb22e27910ece9308c5903d3f6c65e9713607df0b5d92a1cb474f271ebf268b4edc28e9801895332b3ca3f31ac489a1e9fce56d7a3f0

  • SSDEEP

    1572864:qwrrGYnyZTBWFjqs0K1pT9dLU0BJ5/SrGaYBeGDDZwrpVh93+2B4fFQ:xrPny5BWFO6dw0BrqpUBwF9u2B4NQ

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\files.zip
    1⤵
      PID:3036
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
      1⤵
        PID:4900
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k UnistackSvcGroup
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:3660

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
        Filesize

        16KB

        MD5

        19c48c8181072a7f9201938c0f8529dd

        SHA1

        cf0cfd8b13e56c85ad8c031effbbada25e86ebec

        SHA256

        19462938102695280e1d74138a5989c00a3e4663e8f6e64b60090f9295fc567c

        SHA512

        05403ba4b0ba36e43689cfc1d7d2208be5db63bfa6bdef3b806f1d54e3d321a8e9616bfb4b996b1e98b5a3f46153412bd275be36ffce39149c50c97e8dc2a652

        Download Submit
      • memory/3660-40-0x000001C76EFE0000-0x000001C76EFE1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/3660-33-0x000001C76EFE0000-0x000001C76EFE1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/3660-42-0x000001C76EFE0000-0x000001C76EFE1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/3660-34-0x000001C76EFE0000-0x000001C76EFE1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/3660-35-0x000001C76EFE0000-0x000001C76EFE1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/3660-36-0x000001C76EFE0000-0x000001C76EFE1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/3660-37-0x000001C76EFE0000-0x000001C76EFE1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/3660-38-0x000001C76EFE0000-0x000001C76EFE1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/3660-43-0x000001C76EC10000-0x000001C76EC11000-memory.dmp
        Filesize

        4KB

        Download
      • memory/3660-0-0x000001C766940000-0x000001C766950000-memory.dmp
        Filesize

        64KB

        Download
      • memory/3660-67-0x000001C76ED50000-0x000001C76ED51000-memory.dmp
        Filesize

        4KB

        Download
      • memory/3660-32-0x000001C76EFC0000-0x000001C76EFC1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/3660-39-0x000001C76EFE0000-0x000001C76EFE1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/3660-44-0x000001C76EC00000-0x000001C76EC01000-memory.dmp
        Filesize

        4KB

        Download
      • memory/3660-46-0x000001C76EC10000-0x000001C76EC11000-memory.dmp
        Filesize

        4KB

        Download
      • memory/3660-49-0x000001C76EC00000-0x000001C76EC01000-memory.dmp
        Filesize

        4KB

        Download
      • memory/3660-52-0x000001C76EB40000-0x000001C76EB41000-memory.dmp
        Filesize

        4KB

        Download
      • memory/3660-16-0x000001C766A40000-0x000001C766A50000-memory.dmp
        Filesize

        64KB

        Download
      • memory/3660-64-0x000001C76ED40000-0x000001C76ED41000-memory.dmp
        Filesize

        4KB

        Download
      • memory/3660-66-0x000001C76ED50000-0x000001C76ED51000-memory.dmp
        Filesize

        4KB

        Download
      • memory/3660-68-0x000001C76EE60000-0x000001C76EE61000-memory.dmp
        Filesize

        4KB

        Download
      • memory/3660-41-0x000001C76EFE0000-0x000001C76EFE1000-memory.dmp
        Filesize

        4KB

        Download