2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d

Analysis

max time kernel
48s
max time network
48s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
27/04/2024, 14:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HorionInjector.exe
Size

147KB
MD5

6b5b6e625de774e5c285712b7c4a0da7
SHA1

317099aef530afbe3a0c5d6a2743d51e04805267
SHA256

2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d
SHA512

104609adf666588af4e152ec7891cedafd89ad8d427063d03fb42a228babefc59428b0c8b1430cb3fc319a5014d2ee1083ff2b74fa585cab2d86cdad346e8b08
SSDEEP

3072:ckgHqUGSCoEslON/q178+oO3BAE4T/DvueX:cNHqUGSCPBh+7VST/Ke

Score

1^/10

Malware Config

Signatures

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1856190483-1022094809-400023910-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2316	HorionInjector.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1016	MiniSearchHost.exe

C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe
"C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2316

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
6519b69aeadb8f25058aed2681fbd97f

SHA1
f21546b140466c5d52d38b02e7dfe62b6765b40e

SHA256
45914858706e80a162abdfc7b47fa3c896f79f3a7b4b9e5ad4899b77dac7792b

SHA512
acc0dd275ca3789ef9682bfdb40f08ea3769589ed95e4c1fc8db16e4525012166950cef0cb25210137df8a40556187ed5e473f3b1ecaa3d2be1f991b5caa622b

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
0b2d5d2c6553a5f86147f7974bee36d2

SHA1
cda036b4c1947222396ba108d724d6e64e3e0b39

SHA256
9bca17ed41399191411fb7f18a5b9107df396765e8d4dd38d0d69b2d68979596

SHA512
e7960159b399313a25f0204135369c968a828b764e9006387e9bf294ac8382521d33644f9d4c008b5443e2abc44a30400f32091ce66419327f66f9943c4fef1f

Download Submit
memory/2316-6-0x00000243B1830000-0x00000243B1838000-memory.dmp

Filesize
32KB

Download
memory/2316-3-0x00000243AD7C0000-0x00000243AD87A000-memory.dmp

Filesize
744KB

Download
memory/2316-4-0x00000243AD5C0000-0x00000243AD5D0000-memory.dmp

Filesize
64KB

Download
memory/2316-5-0x00007FF8231D0000-0x00007FF823C92000-memory.dmp

Filesize
10.8MB

Download
memory/2316-0-0x0000024392FC0000-0x0000024392FE8000-memory.dmp

Filesize
160KB

Download
memory/2316-7-0x00000243AD5C0000-0x00000243AD5D0000-memory.dmp

Filesize
64KB

Download
memory/2316-8-0x00000243AD5C0000-0x00000243AD5D0000-memory.dmp

Filesize
64KB

Download
memory/2316-9-0x00000243B1880000-0x00000243B18B8000-memory.dmp

Filesize
224KB

Download
memory/2316-10-0x00000243B1840000-0x00000243B184E000-memory.dmp

Filesize
56KB

Download
memory/2316-11-0x00000243AD5C0000-0x00000243AD5D0000-memory.dmp

Filesize
64KB

Download
memory/2316-13-0x00007FF8231D0000-0x00007FF823C92000-memory.dmp

Filesize
10.8MB

Download
memory/2316-2-0x00000243AD5C0000-0x00000243AD5D0000-memory.dmp

Filesize
64KB

Download
memory/2316-1-0x00007FF8231D0000-0x00007FF823C92000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads