3233ffe20fd5990997ff00ba941b69577dc8a8a4a4975d8b47ae29cb7a8300ef

General

Target

SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Size

85KB
MD5

878dbb0eaf5733b4e9fd0cd851409140
SHA1

aaeffa6050298a03a881997181ab3afcf15a778a
SHA256

3233ffe20fd5990997ff00ba941b69577dc8a8a4a4975d8b47ae29cb7a8300ef
SHA512

ea82bb494b4bcfba286bd9c65ab8f82117aa40a78b4a4fe08fe12fee78c36b834983b55ec761a79e3647eaf690b0dfedd30e677357030c4a9aed24eb9cee379e

Score

1^/10

Malware Config

Signatures

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe

pid process

3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe

pid	process
3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe

Suspicious use of AdjustPrivilegeToken 2700 IoCs

Processes:

SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe

description	pid	process
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: 33	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Token: SeIncBasePriorityPrivilege	3848	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of AdjustPrivilegeToken
- Checks processor information in registry
PID:3848

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads