4501fe468f8e5d810963707711485a62c2dbe71aeba2a88d476249494550d1d6

Analysis

max time kernel
141s
max time network
143s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
21-04-2024 14:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Oper.exe
Size

270KB
MD5

52c6d40e549cbd1bf63759f245b32876
SHA1

1f23c0c4f005479fcd675f45a10dc46e271d26ae
SHA256

4501fe468f8e5d810963707711485a62c2dbe71aeba2a88d476249494550d1d6
SHA512

785fad2152942dcb2c3ff02f57186d0039e4ecad4730c7e896ea011c3836d2f05a28d54639e9cae94d5d285c788e25b36fe160d647f63a0aa515443dbdb2c6ad
SSDEEP

6144:VeGfQSgpltxe6VlWT8b9IFU3XvfQvbRZU:cGfQSgplHPVle86Uffk

Score

1^/10

Malware Config

Signatures

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-801765966-3955847401-2235691403-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
472	Oper.exe
472	Oper.exe
472	Oper.exe
472	Oper.exe
472	Oper.exe
472	Oper.exe
472	Oper.exe
472	Oper.exe
472	Oper.exe
472	Oper.exe
472	Oper.exe
472	Oper.exe
472	Oper.exe
472	Oper.exe
472	Oper.exe
472	Oper.exe
472	Oper.exe
472	Oper.exe
472	Oper.exe
472	Oper.exe
472	Oper.exe
472	Oper.exe
472	Oper.exe
472	Oper.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	472	Oper.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2692	MiniSearchHost.exe

C:\Users\Admin\AppData\Local\Temp\Oper.exe
"C:\Users\Admin\AppData\Local\Temp\Oper.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:472

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
e23e7738a77157383b36aac373c94c3d

SHA1
3267e2189c3c333359cfa01fa683c1660020f8e3

SHA256
7792fd4bed6991f5096eefe2c6931e987a660a4739cd88fdcee38b2d4874d034

SHA512
c3eeb483ab01b2bb3614c0294dc8a0324ed82ffd46edd8da4f6e5e522b974c2b0b4da30326e9b614cc32c039a137ea90501278ba8186a96f98e569bc6e4e5b67

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
56e3fb6b86eed4f6cfde301038fa951d

SHA1
ec8fef6dd06c6c660542f68bfb85f2ec0bed4bca

SHA256
4fcfe3cc282c5bd1a352f09c60d562dafa87e7b36de965467ff170c4d6e910fc

SHA512
86e843da42072bcc88f70449dd52c8fc6a00f7c4ec7dc38eb85f0a655c8b9e95c881584d6b72cf51b2c1aa0ccd60b0cf6c738a40b21e0b934a25efa2d3d5fd5f

Download Submit
memory/472-23-0x000000001CFC0000-0x000000001D036000-memory.dmp

Filesize
472KB

Download
memory/472-2-0x000000001BEB0000-0x000000001BEC0000-memory.dmp

Filesize
64KB

Download
memory/472-1-0x00007FFDA6590000-0x00007FFDA7052000-memory.dmp

Filesize
10.8MB

Download
memory/472-22-0x00007FFDA6590000-0x00007FFDA7052000-memory.dmp

Filesize
10.8MB

Download
memory/472-0-0x0000000000B90000-0x0000000000BDA000-memory.dmp

Filesize
296KB

Download
memory/472-24-0x000000001BDD0000-0x000000001BDDC000-memory.dmp

Filesize
48KB

Download
memory/472-25-0x000000001BE00000-0x000000001BE1E000-memory.dmp

Filesize
120KB

Download
memory/472-26-0x000000001BEB0000-0x000000001BEC0000-memory.dmp

Filesize
64KB

Download
memory/472-27-0x000000001BDE0000-0x000000001BDEA000-memory.dmp

Filesize
40KB

Download
memory/472-32-0x000000001BEB0000-0x000000001BEC0000-memory.dmp

Filesize
64KB

Download
memory/472-34-0x000000001BEB0000-0x000000001BEC0000-memory.dmp

Filesize
64KB

Download