3233ffe20fd5990997ff00ba941b69577dc8a8a4a4975d8b47ae29cb7a8300ef

General

Target

SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Size

85KB
MD5

878dbb0eaf5733b4e9fd0cd851409140
SHA1

aaeffa6050298a03a881997181ab3afcf15a778a
SHA256

3233ffe20fd5990997ff00ba941b69577dc8a8a4a4975d8b47ae29cb7a8300ef
SHA512

ea82bb494b4bcfba286bd9c65ab8f82117aa40a78b4a4fe08fe12fee78c36b834983b55ec761a79e3647eaf690b0dfedd30e677357030c4a9aed24eb9cee379e

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe

pid process

272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe

pid	process
272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe

Suspicious use of AdjustPrivilegeToken 2552 IoCs

Processes:

SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe

description	pid	process
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe

pid process

272 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe

pid	process
272	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

Processes:

SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Main	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Key created	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-910373003-3952921535-3480519689-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of AdjustPrivilegeToken
- Suspicious behavior: GetForegroundWindowSpam
- Modifies Internet Explorer settings
PID:272

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads