Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 00:20
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
horizon-v1.exe
Resource
win7-20240221-en
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
horizon-v1.exe
Resource
win10v2004-20240611-en
4 signatures
150 seconds
General
-
Target
horizon-v1.exe
-
Size
747KB
-
MD5
620d287e064a027cbe13add8c11e4b89
-
SHA1
f9b5c4c2e004270df3ebdbdfa98163573d38c882
-
SHA256
0311b5477bc39170650081678bf2fc85371e7c901dac2d88836d6a810cc6e06c
-
SHA512
11aed3efe85cc8f187dc6dabd8118b5f506ebdf12d1797a240f0fbd53184ee527de35e48ff821ed5298525e3cbd7dbd64f71fcfbe2348b762b288432bbb41bd8
-
SSDEEP
12288:kO6WhtAM7wgW95/7xqFwIxp6bPGmxKTCz:h7wT/7xqFz6bPGuKTC
Score
8/10
Malware Config
Signatures
-
Sets service image path in registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\frAQBc8Wsa1xVPfv\ImagePath = "\\??\\C:\\Users\\Admin\\AppData\\Local\\Temp\\frAQBc8Wsa1xVPfv" horizon-v1.exe -
Suspicious behavior: LoadsDriver 1 IoCs
pid Process 2320 horizon-v1.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeLoadDriverPrivilege 2320 horizon-v1.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 2320 wrote to memory of 2748 2320 horizon-v1.exe 29 PID 2320 wrote to memory of 2748 2320 horizon-v1.exe 29 PID 2320 wrote to memory of 2748 2320 horizon-v1.exe 29 PID 2320 wrote to memory of 2992 2320 horizon-v1.exe 30 PID 2320 wrote to memory of 2992 2320 horizon-v1.exe 30 PID 2320 wrote to memory of 2992 2320 horizon-v1.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\horizon-v1.exe"C:\Users\Admin\AppData\Local\Temp\horizon-v1.exe"1⤵
- Sets service image path in registry
- Suspicious behavior: LoadsDriver
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2320 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c color B2⤵PID:2748
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2320 -s 5602⤵PID:2992
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2452