2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d

Analysis

max time kernel
86s
max time network
84s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
15/01/2025, 14:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HorionInjector.exe
Size

147KB
MD5

6b5b6e625de774e5c285712b7c4a0da7
SHA1

317099aef530afbe3a0c5d6a2743d51e04805267
SHA256

2d79af8e1ff3465703e1dc73d3ef2182fd269ea2609c8afabdf1b80693405c1d
SHA512

104609adf666588af4e152ec7891cedafd89ad8d427063d03fb42a228babefc59428b0c8b1430cb3fc319a5014d2ee1083ff2b74fa585cab2d86cdad346e8b08
SSDEEP

3072:ckgHqUGSCoEslON/q178+oO3BAE4T/DvueX:cNHqUGSCPBh+7VST/Ke

Score

1^/10

Malware Config

Signatures

Modifies registry class 4 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3164	HorionInjector.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4620	MiniSearchHost.exe

C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe
"C:\Users\Admin\AppData\Local\Temp\HorionInjector.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3164

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\6cbee5cc3a6a4bee8a58cd58c5ab5f6d /t 5100 /p 3164
1⤵
PID:3420

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4620

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:2012

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\e4a36cc7f3db40beaf65ac421acf7097 /t 5100 /p 3164
1⤵
PID:4932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
069c37bf9e39b121efb7a28ece933aee

SHA1
eaef2e55b66e543a14a6780c23bb83fe60f2f04d

SHA256
485db8db6b497d31d428aceea416da20d88f7bde88dbfd6d59e3e7eee0a75ae8

SHA512
f4562071143c2ebc259a20cbb45b133c863f127a5750672b7a2af47783c7cdc56dcf1064ae83f54e5fc0bb4e93826bf2ab4ef6e604f955bf594f2cbd641db796

Download Submit
memory/3164-6-0x00007FFE74F73000-0x00007FFE74F75000-memory.dmp

Filesize
8KB

Download
memory/3164-8-0x0000023DDB290000-0x0000023DDB298000-memory.dmp

Filesize
32KB

Download
memory/3164-3-0x0000023DDB2F0000-0x0000023DDB3AA000-memory.dmp

Filesize
744KB

Download
memory/3164-4-0x00007FFE74F70000-0x00007FFE75A32000-memory.dmp

Filesize
10.8MB

Download
memory/3164-5-0x00007FFE74F70000-0x00007FFE75A32000-memory.dmp

Filesize
10.8MB

Download
memory/3164-0-0x00007FFE74F73000-0x00007FFE74F75000-memory.dmp

Filesize
8KB

Download
memory/3164-7-0x00007FFE74F70000-0x00007FFE75A32000-memory.dmp

Filesize
10.8MB

Download
memory/3164-2-0x00007FFE74F70000-0x00007FFE75A32000-memory.dmp

Filesize
10.8MB

Download
memory/3164-10-0x0000023DDB2A0000-0x0000023DDB2AE000-memory.dmp

Filesize
56KB

Download
memory/3164-9-0x0000023DDF2D0000-0x0000023DDF308000-memory.dmp

Filesize
224KB

Download
memory/3164-11-0x00007FFE74F70000-0x00007FFE75A32000-memory.dmp

Filesize
10.8MB

Download
memory/3164-12-0x00007FFE74F70000-0x00007FFE75A32000-memory.dmp

Filesize
10.8MB

Download
memory/3164-1-0x0000023DC09F0000-0x0000023DC0A18000-memory.dmp

Filesize
160KB

Download
memory/3164-20-0x00007FFE74F70000-0x00007FFE75A32000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads