Analysis
-
max time kernel
153s -
max time network
31s -
platform
windows7_x64 -
resource
win7v200430 -
submitted
07-07-2020 05:47
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
-
Size
85KB
-
MD5
878dbb0eaf5733b4e9fd0cd851409140
-
SHA1
aaeffa6050298a03a881997181ab3afcf15a778a
-
SHA256
3233ffe20fd5990997ff00ba941b69577dc8a8a4a4975d8b47ae29cb7a8300ef
-
SHA512
ea82bb494b4bcfba286bd9c65ab8f82117aa40a78b4a4fe08fe12fee78c36b834983b55ec761a79e3647eaf690b0dfedd30e677357030c4a9aed24eb9cee379e
Score
1/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exepid process 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe -
Suspicious use of AdjustPrivilegeToken 2552 IoCs
Processes:
SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exedescription pid process Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exepid process 272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe -
Processes:
SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Main SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Key created \REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Set value (str) \REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: GetForegroundWindowSpam
- Modifies Internet Explorer settings