a15aad03c7d939baa3e149b8f41e7c0421986a1a1758ccac135ce097db34cf6b

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2024 14:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SearchFilterHost.exe
Size

1.3MB
MD5

963032914cce47a62034777a8cb7ab1c
SHA1

9e2bb12a1851e35f5bc09dcd248b91d22515ace9
SHA256

a15aad03c7d939baa3e149b8f41e7c0421986a1a1758ccac135ce097db34cf6b
SHA512

c100f3f0c75143883a6077c49d4f5cdfae5ac1ef3b84be96acbbfd346807cdc42cce81a330faf3700dbd850d590a0c8ebb73be6013ceea642865ec6f035761b2
SSDEEP

24576:LRk9s/X7y1j3jNPnHHgyV+3ED6T9wno0G9e/5AQrg:Fbzy1DRHAORiwo

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe
3028	SearchFilterHost.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3028	SearchFilterHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87
PID 3028 wrote to memory of 1204	3028	SearchFilterHost.exe	87

C:\Users\Admin\AppData\Local\Temp\SearchFilterHost.exe
"C:\Users\Admin\AppData\Local\Temp\SearchFilterHost.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:1204

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Public\Loader.log

Filesize
600B

MD5
4d86e94ca23af49fb010e978ce6d7283

SHA1
62ebf704d19d1a22901c6a29f7e43fc7b37f9ae9

SHA256
8f2dda0584e285d4b379b555b5507024232da9382fdb03d5b083519026e98621

SHA512
e142d605582239dd71510191fd6e15e8087c53a2c46be3925e79b55ef69393b6112b814b7721abd5fd004d581ff273e421ba7173e60105679d569cc3738a7f9d

Download Submit
memory/1204-10-0x000002ADA3880000-0x000002ADA3881000-memory.dmp

Filesize
4KB

Download
memory/1204-19-0x000002ADA3880000-0x000002ADA3881000-memory.dmp

Filesize
4KB

Download
memory/1204-41-0x000002ADA3880000-0x000002ADA3881000-memory.dmp

Filesize
4KB

Download
memory/1204-65-0x000002ADA3880000-0x000002ADA3881000-memory.dmp

Filesize
4KB

Download
memory/1204-2325-0x000002ADA3880000-0x000002ADA3881000-memory.dmp

Filesize
4KB

Download
memory/1204-2904-0x000002ADA3880000-0x000002ADA3881000-memory.dmp

Filesize
4KB

Download
memory/1204-2896-0x000002ADA3880000-0x000002ADA3881000-memory.dmp

Filesize
4KB

Download
memory/1204-2862-0x000002ADA1270000-0x000002ADA1271000-memory.dmp

Filesize
4KB

Download
memory/1204-2288-0x000002ADA3880000-0x000002ADA3881000-memory.dmp

Filesize
4KB

Download
memory/3028-25-0x000001B8230A0000-0x000001B8230A1000-memory.dmp

Filesize
4KB

Download
memory/3028-38-0x000001B823150000-0x000001B823151000-memory.dmp

Filesize
4KB

Download
memory/3028-4-0x000001B81FCB0000-0x000001B81FCB1000-memory.dmp

Filesize
4KB

Download
memory/3028-3-0x000001B81FCA0000-0x000001B81FCA1000-memory.dmp

Filesize
4KB

Download
memory/3028-2-0x000001B81FC90000-0x000001B81FC91000-memory.dmp

Filesize
4KB

Download
memory/3028-1-0x000001B81FC80000-0x000001B81FC81000-memory.dmp

Filesize
4KB

Download
memory/3028-13-0x000001B823000000-0x000001B823001000-memory.dmp

Filesize
4KB

Download
memory/3028-15-0x000001B823020000-0x000001B823021000-memory.dmp

Filesize
4KB

Download
memory/3028-14-0x000001B823010000-0x000001B823011000-memory.dmp

Filesize
4KB

Download
memory/3028-17-0x000001B823040000-0x000001B823041000-memory.dmp

Filesize
4KB

Download
memory/3028-16-0x000001B823030000-0x000001B823031000-memory.dmp

Filesize
4KB

Download
memory/3028-18-0x000001B823050000-0x000001B823051000-memory.dmp

Filesize
4KB

Download
memory/3028-23-0x000001B823080000-0x000001B823081000-memory.dmp

Filesize
4KB

Download
memory/3028-33-0x000001B823110000-0x000001B823111000-memory.dmp

Filesize
4KB

Download
memory/3028-31-0x000001B823100000-0x000001B823101000-memory.dmp

Filesize
4KB

Download
memory/3028-30-0x000001B8230F0000-0x000001B8230F1000-memory.dmp

Filesize
4KB

Download
memory/3028-29-0x000001B8230E0000-0x000001B8230E1000-memory.dmp

Filesize
4KB

Download
memory/3028-28-0x000001B8230D0000-0x000001B8230D1000-memory.dmp

Filesize
4KB

Download
memory/3028-27-0x000001B8230C0000-0x000001B8230C1000-memory.dmp

Filesize
4KB

Download
memory/3028-26-0x000001B8230B0000-0x000001B8230B1000-memory.dmp

Filesize
4KB

Download
memory/3028-6-0x000001B822FB0000-0x000001B822FB1000-memory.dmp

Filesize
4KB

Download
memory/3028-24-0x000001B823090000-0x000001B823091000-memory.dmp

Filesize
4KB

Download
memory/3028-22-0x000001B823070000-0x000001B823071000-memory.dmp

Filesize
4KB

Download
memory/3028-20-0x000001B823060000-0x000001B823061000-memory.dmp

Filesize
4KB

Download
memory/3028-35-0x000001B823120000-0x000001B823121000-memory.dmp

Filesize
4KB

Download
memory/3028-37-0x000001B823140000-0x000001B823141000-memory.dmp

Filesize
4KB

Download
memory/3028-36-0x000001B823130000-0x000001B823131000-memory.dmp

Filesize
4KB

Download
memory/3028-5-0x000001B822FA0000-0x000001B822FA1000-memory.dmp

Filesize
4KB

Download
memory/3028-40-0x000001B823170000-0x000001B823171000-memory.dmp

Filesize
4KB

Download
memory/3028-39-0x000001B823160000-0x000001B823161000-memory.dmp

Filesize
4KB

Download
memory/3028-44-0x000001B823190000-0x000001B823191000-memory.dmp

Filesize
4KB

Download
memory/3028-55-0x000001B823230000-0x000001B823231000-memory.dmp

Filesize
4KB

Download
memory/3028-53-0x000001B823220000-0x000001B823221000-memory.dmp

Filesize
4KB

Download
memory/3028-52-0x000001B823210000-0x000001B823211000-memory.dmp

Filesize
4KB

Download
memory/3028-51-0x000001B823200000-0x000001B823201000-memory.dmp

Filesize
4KB

Download
memory/3028-50-0x000001B8231F0000-0x000001B8231F1000-memory.dmp

Filesize
4KB

Download
memory/3028-49-0x000001B8231E0000-0x000001B8231E1000-memory.dmp

Filesize
4KB

Download
memory/3028-48-0x000001B8231D0000-0x000001B8231D1000-memory.dmp

Filesize
4KB

Download
memory/3028-47-0x000001B8231C0000-0x000001B8231C1000-memory.dmp

Filesize
4KB

Download
memory/3028-46-0x000001B8231B0000-0x000001B8231B1000-memory.dmp

Filesize
4KB

Download
memory/3028-62-0x000001B823290000-0x000001B823291000-memory.dmp

Filesize
4KB

Download
memory/3028-61-0x000001B823280000-0x000001B823281000-memory.dmp

Filesize
4KB

Download
memory/3028-60-0x000001B823270000-0x000001B823271000-memory.dmp

Filesize
4KB

Download
memory/3028-59-0x000001B823260000-0x000001B823261000-memory.dmp

Filesize
4KB

Download
memory/3028-58-0x000001B823250000-0x000001B823251000-memory.dmp

Filesize
4KB

Download
memory/3028-57-0x000001B823240000-0x000001B823241000-memory.dmp

Filesize
4KB

Download
memory/3028-45-0x000001B8231A0000-0x000001B8231A1000-memory.dmp

Filesize
4KB

Download
memory/3028-7-0x000001B822FC0000-0x000001B822FC1000-memory.dmp

Filesize
4KB

Download
memory/3028-8-0x000001B822FD0000-0x000001B822FD1000-memory.dmp

Filesize
4KB

Download
memory/3028-9-0x000001B822FE0000-0x000001B822FE1000-memory.dmp

Filesize
4KB

Download
memory/3028-11-0x000001B822FF0000-0x000001B822FF1000-memory.dmp

Filesize
4KB

Download
memory/3028-0-0x000001B81FC70000-0x000001B81FC71000-memory.dmp

Filesize
4KB

Download
memory/3028-42-0x000001B823180000-0x000001B823181000-memory.dmp

Filesize
4KB

Download