a15aad03c7d939baa3e149b8f41e7c0421986a1a1758ccac135ce097db34cf6b

Analysis

max time kernel
840s
max time network
840s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
13/10/2024, 14:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SearchFilterHost.exe
Size

1.3MB
MD5

963032914cce47a62034777a8cb7ab1c
SHA1

9e2bb12a1851e35f5bc09dcd248b91d22515ace9
SHA256

a15aad03c7d939baa3e149b8f41e7c0421986a1a1758ccac135ce097db34cf6b
SHA512

c100f3f0c75143883a6077c49d4f5cdfae5ac1ef3b84be96acbbfd346807cdc42cce81a330faf3700dbd850d590a0c8ebb73be6013ceea642865ec6f035761b2
SSDEEP

24576:LRk9s/X7y1j3jNPnHHgyV+3ED6T9wno0G9e/5AQrg:Fbzy1DRHAORiwo

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe
2268	SearchFilterHost.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2708	2268	SearchFilterHost.exe	32
PID 2268 wrote to memory of 2708	2268	SearchFilterHost.exe	32
PID 2268 wrote to memory of 2708	2268	SearchFilterHost.exe	32

C:\Users\Admin\AppData\Local\Temp\SearchFilterHost.exe
"C:\Users\Admin\AppData\Local\Temp\SearchFilterHost.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Windows\System32\winver.exe
  "C:\Windows\System32\winver.exe"
  2⤵
  PID:2708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2268-0-0x0000000000070000-0x0000000000071000-memory.dmp

Filesize
4KB

Download