Malware Analysis Report

2025-01-18 00:33

Sample ID 240613-l9hlgsybrp
Target av8ErYlLcOYm.exe
SHA256 d16f4df6d0a0b0993748bd01ffd6f4ef8bdf1a57399f4310583986b9fbf0be40
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

d16f4df6d0a0b0993748bd01ffd6f4ef8bdf1a57399f4310583986b9fbf0be40

Threat Level: Likely benign

The file av8ErYlLcOYm.exe was found to be: Likely benign.

Malicious Activity Summary


Unsigned PE

Modifies registry class

Suspicious use of SetWindowsHookEx

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-13 10:13

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-13 10:13

Reported

2024-06-13 10:15

Platform

win11-20240611-en

Max time kernel

2s

Command Line

"C:\Users\Admin\AppData\Local\Temp\av8ErYlLcOYm.exe"

Signatures

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-1276817940-128734381-631578427-1000_Classes\Local Settings\MuiCache C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\av8ErYlLcOYm.exe

"C:\Users\Admin\AppData\Local\Temp\av8ErYlLcOYm.exe"

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe

"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca

Network

N/A

Files

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

MD5 e0236413295e49948baeeb46d884acef
SHA1 c24f80184264ef596722c1a84b8dedde9bdad557
SHA256 11af5d1895a6e5952ebf08f72ad5121d828a5e2f8dc0656875d527e886ca54e8
SHA512 d99fd945c37dee141ea4e4f2e2460f482230bb679d8a63131348685a7dbebce074c9543161672fc525cd0c84d41d29e2ee78f6e3a7b8f7d18ca40eefcb95e5c6