a15aad03c7d939baa3e149b8f41e7c0421986a1a1758ccac135ce097db34cf6b

Analysis

max time kernel
1151s
max time network
1142s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/10/2024, 14:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SearchFilterHost.exe
Size

1.3MB
MD5

963032914cce47a62034777a8cb7ab1c
SHA1

9e2bb12a1851e35f5bc09dcd248b91d22515ace9
SHA256

a15aad03c7d939baa3e149b8f41e7c0421986a1a1758ccac135ce097db34cf6b
SHA512

c100f3f0c75143883a6077c49d4f5cdfae5ac1ef3b84be96acbbfd346807cdc42cce81a330faf3700dbd850d590a0c8ebb73be6013ceea642865ec6f035761b2
SSDEEP

24576:LRk9s/X7y1j3jNPnHHgyV+3ED6T9wno0G9e/5AQrg:Fbzy1DRHAORiwo

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe
5032	SearchFilterHost.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5032	SearchFilterHost.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1444	winver.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89
PID 5032 wrote to memory of 1444	5032	SearchFilterHost.exe	89

C:\Users\Admin\AppData\Local\Temp\SearchFilterHost.exe
"C:\Users\Admin\AppData\Local\Temp\SearchFilterHost.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5032
- C:\Windows\System32\winver.exe
  "C:\Windows\System32\winver.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:1444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Public\Loader.log

Filesize
600B

MD5
8268c6ce0ef60d4032b99640e65a0de5

SHA1
9af2408e775493f75083467278b49dc20242f767

SHA256
9a05e008d25804e3c2946d220895e1a1455e08b01db12147fcf690f996229e18

SHA512
a1cc9b360cb80f3ae601b13b7d06deedc0047f85d44e2c550f1250fe5f8ddf6b26970df119508b64904dabbe94226cd361806168fa425b5fa4ed65e5fb074ad1

Download Submit
memory/1444-10-0x0000022EA5DD0000-0x0000022EA5DD1000-memory.dmp

Filesize
4KB

Download
memory/1444-19-0x0000022EA5DD0000-0x0000022EA5DD1000-memory.dmp

Filesize
4KB

Download
memory/1444-41-0x0000022EA5DD0000-0x0000022EA5DD1000-memory.dmp

Filesize
4KB

Download
memory/1444-63-0x0000022EA5DD0000-0x0000022EA5DD1000-memory.dmp

Filesize
4KB

Download
memory/1444-2859-0x0000022EA3990000-0x0000022EA3991000-memory.dmp

Filesize
4KB

Download
memory/1444-2897-0x0000022EA5DD0000-0x0000022EA5DD1000-memory.dmp

Filesize
4KB

Download
memory/5032-26-0x000001BA4C520000-0x000001BA4C521000-memory.dmp

Filesize
4KB

Download
memory/5032-42-0x000001BA4C5F0000-0x000001BA4C5F1000-memory.dmp

Filesize
4KB

Download
memory/5032-4-0x000001BA48F90000-0x000001BA48F91000-memory.dmp

Filesize
4KB

Download
memory/5032-5-0x000001BA48FA0000-0x000001BA48FA1000-memory.dmp

Filesize
4KB

Download
memory/5032-7-0x000001BA48FC0000-0x000001BA48FC1000-memory.dmp

Filesize
4KB

Download
memory/5032-11-0x000001BA48FF0000-0x000001BA48FF1000-memory.dmp

Filesize
4KB

Download
memory/5032-9-0x000001BA48FE0000-0x000001BA48FE1000-memory.dmp

Filesize
4KB

Download
memory/5032-8-0x000001BA48FD0000-0x000001BA48FD1000-memory.dmp

Filesize
4KB

Download
memory/5032-20-0x000001BA4C4D0000-0x000001BA4C4D1000-memory.dmp

Filesize
4KB

Download
memory/5032-18-0x000001BA4C4C0000-0x000001BA4C4C1000-memory.dmp

Filesize
4KB

Download
memory/5032-17-0x000001BA4C4B0000-0x000001BA4C4B1000-memory.dmp

Filesize
4KB

Download
memory/5032-16-0x000001BA4C4A0000-0x000001BA4C4A1000-memory.dmp

Filesize
4KB

Download
memory/5032-15-0x000001BA4C490000-0x000001BA4C491000-memory.dmp

Filesize
4KB

Download
memory/5032-14-0x000001BA49010000-0x000001BA49011000-memory.dmp

Filesize
4KB

Download
memory/5032-13-0x000001BA49000000-0x000001BA49001000-memory.dmp

Filesize
4KB

Download
memory/5032-6-0x000001BA48FB0000-0x000001BA48FB1000-memory.dmp

Filesize
4KB

Download
memory/5032-22-0x000001BA4C4E0000-0x000001BA4C4E1000-memory.dmp

Filesize
4KB

Download
memory/5032-33-0x000001BA4C580000-0x000001BA4C581000-memory.dmp

Filesize
4KB

Download
memory/5032-31-0x000001BA4C570000-0x000001BA4C571000-memory.dmp

Filesize
4KB

Download
memory/5032-30-0x000001BA4C560000-0x000001BA4C561000-memory.dmp

Filesize
4KB

Download
memory/5032-29-0x000001BA4C550000-0x000001BA4C551000-memory.dmp

Filesize
4KB

Download
memory/5032-28-0x000001BA4C540000-0x000001BA4C541000-memory.dmp

Filesize
4KB

Download
memory/5032-27-0x000001BA4C530000-0x000001BA4C531000-memory.dmp

Filesize
4KB

Download
memory/5032-1-0x000001BA48E60000-0x000001BA48E61000-memory.dmp

Filesize
4KB

Download
memory/5032-25-0x000001BA4C510000-0x000001BA4C511000-memory.dmp

Filesize
4KB

Download
memory/5032-24-0x000001BA4C500000-0x000001BA4C501000-memory.dmp

Filesize
4KB

Download
memory/5032-23-0x000001BA4C4F0000-0x000001BA4C4F1000-memory.dmp

Filesize
4KB

Download
memory/5032-3-0x000001BA48F80000-0x000001BA48F81000-memory.dmp

Filesize
4KB

Download
memory/5032-40-0x000001BA4C5E0000-0x000001BA4C5E1000-memory.dmp

Filesize
4KB

Download
memory/5032-39-0x000001BA4C5D0000-0x000001BA4C5D1000-memory.dmp

Filesize
4KB

Download
memory/5032-38-0x000001BA4C5C0000-0x000001BA4C5C1000-memory.dmp

Filesize
4KB

Download
memory/5032-37-0x000001BA4C5B0000-0x000001BA4C5B1000-memory.dmp

Filesize
4KB

Download
memory/5032-36-0x000001BA4C5A0000-0x000001BA4C5A1000-memory.dmp

Filesize
4KB

Download
memory/5032-35-0x000001BA4C590000-0x000001BA4C591000-memory.dmp

Filesize
4KB

Download
memory/5032-55-0x000001BA4C6A0000-0x000001BA4C6A1000-memory.dmp

Filesize
4KB

Download
memory/5032-53-0x000001BA4C690000-0x000001BA4C691000-memory.dmp

Filesize
4KB

Download
memory/5032-52-0x000001BA4C680000-0x000001BA4C681000-memory.dmp

Filesize
4KB

Download
memory/5032-51-0x000001BA4C670000-0x000001BA4C671000-memory.dmp

Filesize
4KB

Download
memory/5032-50-0x000001BA4C660000-0x000001BA4C661000-memory.dmp

Filesize
4KB

Download
memory/5032-49-0x000001BA4C650000-0x000001BA4C651000-memory.dmp

Filesize
4KB

Download
memory/5032-48-0x000001BA4C640000-0x000001BA4C641000-memory.dmp

Filesize
4KB

Download
memory/5032-47-0x000001BA4C630000-0x000001BA4C631000-memory.dmp

Filesize
4KB

Download
memory/5032-57-0x000001BA4C6B0000-0x000001BA4C6B1000-memory.dmp

Filesize
4KB

Download
memory/5032-62-0x000001BA4C700000-0x000001BA4C701000-memory.dmp

Filesize
4KB

Download
memory/5032-61-0x000001BA4C6F0000-0x000001BA4C6F1000-memory.dmp

Filesize
4KB

Download
memory/5032-60-0x000001BA4C6E0000-0x000001BA4C6E1000-memory.dmp

Filesize
4KB

Download
memory/5032-59-0x000001BA4C6D0000-0x000001BA4C6D1000-memory.dmp

Filesize
4KB

Download
memory/5032-58-0x000001BA4C6C0000-0x000001BA4C6C1000-memory.dmp

Filesize
4KB

Download
memory/5032-46-0x000001BA4C620000-0x000001BA4C621000-memory.dmp

Filesize
4KB

Download
memory/5032-45-0x000001BA4C610000-0x000001BA4C611000-memory.dmp

Filesize
4KB

Download
memory/5032-2-0x000001BA48F70000-0x000001BA48F71000-memory.dmp

Filesize
4KB

Download
memory/5032-0-0x000001BA48E50000-0x000001BA48E51000-memory.dmp

Filesize
4KB

Download
memory/5032-44-0x000001BA4C600000-0x000001BA4C601000-memory.dmp

Filesize
4KB

Download