482ff0a56e294b684deb2ad2651b4a0f58505a5239f1a1a426588f5b9986d428

Resubmissions

20-05-2024 03:53

240520-efrtqsbb3w 8

20-05-2024 03:51

240520-eenexsad49 8

Analysis

max time kernel
51s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
20-05-2024 03:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

horizon-v1.exe
Size

1003KB
MD5

dc267f2b3ec4adc76458610e58542c94
SHA1

28d34090c51acb4887acc2ccd9d3759f3b67efed
SHA256

482ff0a56e294b684deb2ad2651b4a0f58505a5239f1a1a426588f5b9986d428
SHA512

f817a494fadbd08647919d32026bdc071542b2cd189d69a2665f82898c2b857c3f157587eaccb158b14ed245781900ba0fdeb79768c2aca367b53739ddf8ff35
SSDEEP

24576:Z+h1TYGg4vEQ2MQO4Du/SNltCOoUpH0T0E2h6ZKt7CBw:4h1TXZEQ2M7lSTtCOoUV0T0E2h6wCO

Score

8^/10

persistence

Malware Config

Signatures

Sets service image path in registry 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\frAQBc8Wsa1xVPfv\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\frAQBc8Wsa1xVPfv"	horizon-v1.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
5044	horizon-v1.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeLoadDriverPrivilege	5044	horizon-v1.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 5044 wrote to memory of 3480	5044	horizon-v1.exe	78
PID 5044 wrote to memory of 3480	5044	horizon-v1.exe	78

C:\Users\Admin\AppData\Local\Temp\horizon-v1.exe
"C:\Users\Admin\AppData\Local\Temp\horizon-v1.exe"
1⤵
- Sets service image path in registry
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5044
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color B
  2⤵
  PID:3480

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads