Overview

overview

3

Static

static

3

HorionInjector_1.exe

windows11-21h2-x64

1

Analysis

  • max time kernel
    17s
  • max time network
    20s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    04-08-2024 18:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HorionInjector_1.exe

  • Size

    147KB

  • MD5

    6b5b6e625de774e5c285712b7c4a0da7

  • SHA1

    317099aef530afbe3a0c5d6a2743d51e04805267

  • SHA256

    2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d

  • SHA512

    104609adf666588af4e152ec7891cedafd89ad8d427063d03fb42a228babefc59428b0c8b1430cb3fc319a5014d2ee1083ff2b74fa585cab2d86cdad346e8b08

  • SSDEEP

    3072:ckgHqUGSCoEslON/q178+oO3BAE4T/DvueX:cNHqUGSCPBh+7VST/Ke

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies registry class 18 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HorionInjector_1.exe
    "C:\Users\Admin\AppData\Local\Temp\HorionInjector_1.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3640
    • C:\Windows\explorer.exe
      explorer.exe shell:appsFolder\Microsoft.MinecraftUWP_8wekyb3d8bbwe!App
      2⤵
        PID:3436
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:4940

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3640-0-0x00007FFBD72C3000-0x00007FFBD72C5000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3640-1-0x00000254449A0000-0x00000254449C8000-memory.dmp

      Filesize

      160KB

      Download

    • memory/3640-2-0x00007FFBD72C0000-0x00007FFBD7D82000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/3640-3-0x000002545F220000-0x000002545F2DA000-memory.dmp

      Filesize

      744KB

      Download

    • memory/3640-4-0x00007FFBD72C0000-0x00007FFBD7D82000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/3640-5-0x00007FFBD72C0000-0x00007FFBD7D82000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/3640-6-0x000002545F200000-0x000002545F208000-memory.dmp

      Filesize

      32KB

      Download

    • memory/3640-8-0x0000025463230000-0x000002546323E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/3640-7-0x0000025463270000-0x00000254632A8000-memory.dmp

      Filesize

      224KB

      Download

    • memory/3640-9-0x00007FFBD72C0000-0x00007FFBD7D82000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/3640-14-0x00007FFBD72C3000-0x00007FFBD72C5000-memory.dmp

      Filesize

      8KB

      Download

    • memory/3640-15-0x00007FFBD72C0000-0x00007FFBD7D82000-memory.dmp

      Filesize

      10.8MB

      Download