a15aad03c7d939baa3e149b8f41e7c0421986a1a1758ccac135ce097db34cf6b

Analysis

max time kernel
36s
max time network
37s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/10/2024, 14:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

SearchFilterHost.exe
Size

1.3MB
MD5

963032914cce47a62034777a8cb7ab1c
SHA1

9e2bb12a1851e35f5bc09dcd248b91d22515ace9
SHA256

a15aad03c7d939baa3e149b8f41e7c0421986a1a1758ccac135ce097db34cf6b
SHA512

c100f3f0c75143883a6077c49d4f5cdfae5ac1ef3b84be96acbbfd346807cdc42cce81a330faf3700dbd850d590a0c8ebb73be6013ceea642865ec6f035761b2
SSDEEP

24576:LRk9s/X7y1j3jNPnHHgyV+3ED6T9wno0G9e/5AQrg:Fbzy1DRHAORiwo

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe
2192	SearchFilterHost.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2192	SearchFilterHost.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2932	notepad.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31
PID 2192 wrote to memory of 2932	2192	SearchFilterHost.exe	31

C:\Users\Admin\AppData\Local\Temp\SearchFilterHost.exe
"C:\Users\Admin\AppData\Local\Temp\SearchFilterHost.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Public\Loader.log

Filesize
600B

MD5
66e96ee91dfa6cd917605760a99e592e

SHA1
bc69856883724b04479a095fb1fe5d99259884c8

SHA256
5f1f8edbd02938595f19368ba0e5e2a7646cd55cb229fb9c26f38b7d844dc0ef

SHA512
6894c6df9ca443bb637f25664c0058c2065500aaabf1d616b71cfb705e4233f2d49778bd4bb2c62b4f24da2173379c72f1196774786825ac0701817cfb9aa49b

Download Submit
memory/2192-30-0x0000000001CB0000-0x0000000001CB1000-memory.dmp

Filesize
4KB

Download
memory/2192-47-0x0000000002250000-0x0000000002251000-memory.dmp

Filesize
4KB

Download
memory/2192-3-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2192-4-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2192-5-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/2192-6-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/2192-7-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/2192-9-0x0000000000370000-0x0000000000371000-memory.dmp

Filesize
4KB

Download
memory/2192-8-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/2192-11-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2192-14-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/2192-13-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/2192-15-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2192-16-0x00000000003C0000-0x00000000003C1000-memory.dmp

Filesize
4KB

Download
memory/2192-17-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2192-18-0x0000000001C10000-0x0000000001C11000-memory.dmp

Filesize
4KB

Download
memory/2192-20-0x0000000001C20000-0x0000000001C21000-memory.dmp

Filesize
4KB

Download
memory/2192-23-0x0000000001C40000-0x0000000001C41000-memory.dmp

Filesize
4KB

Download
memory/2192-37-0x0000000002150000-0x0000000002151000-memory.dmp

Filesize
4KB

Download
memory/2192-24-0x0000000001C50000-0x0000000001C51000-memory.dmp

Filesize
4KB

Download
memory/2192-25-0x0000000001C60000-0x0000000001C61000-memory.dmp

Filesize
4KB

Download
memory/2192-27-0x0000000001C80000-0x0000000001C81000-memory.dmp

Filesize
4KB

Download
memory/2192-26-0x0000000001C70000-0x0000000001C71000-memory.dmp

Filesize
4KB

Download
memory/2192-28-0x0000000001C90000-0x0000000001C91000-memory.dmp

Filesize
4KB

Download
memory/2192-35-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/2192-33-0x0000000001CD0000-0x0000000001CD1000-memory.dmp

Filesize
4KB

Download
memory/2192-31-0x0000000001CC0000-0x0000000001CC1000-memory.dmp

Filesize
4KB

Download
memory/2192-0-0x0000000000070000-0x0000000000071000-memory.dmp

Filesize
4KB

Download
memory/2192-1-0x0000000000080000-0x0000000000081000-memory.dmp

Filesize
4KB

Download
memory/2192-29-0x0000000001CA0000-0x0000000001CA1000-memory.dmp

Filesize
4KB

Download
memory/2192-22-0x0000000001C30000-0x0000000001C31000-memory.dmp

Filesize
4KB

Download
memory/2192-38-0x0000000002160000-0x0000000002161000-memory.dmp

Filesize
4KB

Download
memory/2192-40-0x0000000002200000-0x0000000002201000-memory.dmp

Filesize
4KB

Download
memory/2192-39-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download
memory/2192-42-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/2192-45-0x0000000002230000-0x0000000002231000-memory.dmp

Filesize
4KB

Download
memory/2192-44-0x0000000002220000-0x0000000002221000-memory.dmp

Filesize
4KB

Download
memory/2192-2-0x0000000000200000-0x0000000000201000-memory.dmp

Filesize
4KB

Download
memory/2192-36-0x0000000002140000-0x0000000002141000-memory.dmp

Filesize
4KB

Download
memory/2192-46-0x0000000002240000-0x0000000002241000-memory.dmp

Filesize
4KB

Download
memory/2192-48-0x0000000002260000-0x0000000002261000-memory.dmp

Filesize
4KB

Download
memory/2192-49-0x0000000002270000-0x0000000002271000-memory.dmp

Filesize
4KB

Download
memory/2192-51-0x0000000002290000-0x0000000002291000-memory.dmp

Filesize
4KB

Download
memory/2192-50-0x0000000002280000-0x0000000002281000-memory.dmp

Filesize
4KB

Download
memory/2192-55-0x00000000024C0000-0x00000000024C1000-memory.dmp

Filesize
4KB

Download
memory/2192-57-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/2192-53-0x00000000024B0000-0x00000000024B1000-memory.dmp

Filesize
4KB

Download
memory/2192-52-0x00000000023A0000-0x00000000023A1000-memory.dmp

Filesize
4KB

Download
memory/2192-58-0x00000000024E0000-0x00000000024E1000-memory.dmp

Filesize
4KB

Download
memory/2192-60-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/2192-59-0x00000000024F0000-0x00000000024F1000-memory.dmp

Filesize
4KB

Download
memory/2192-62-0x0000000002620000-0x0000000002621000-memory.dmp

Filesize
4KB

Download
memory/2192-61-0x0000000002610000-0x0000000002611000-memory.dmp

Filesize
4KB

Download
memory/2932-19-0x0000000001B30000-0x0000000001B31000-memory.dmp

Filesize
4KB

Download
memory/2932-41-0x0000000001B30000-0x0000000001B31000-memory.dmp

Filesize
4KB

Download
memory/2932-63-0x0000000001B30000-0x0000000001B31000-memory.dmp

Filesize
4KB

Download
memory/2932-2859-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/2932-10-0x0000000001B30000-0x0000000001B31000-memory.dmp

Filesize
4KB

Download