Analysis
-
max time kernel
150s -
max time network
138s -
platform
windows10_x64 -
resource
win10 -
submitted
07-07-2020 05:47
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Resource
win7v200430
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Resource
win10
windows10_x64
0 signatures
0 seconds
General
-
Target
SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
-
Size
85KB
-
MD5
878dbb0eaf5733b4e9fd0cd851409140
-
SHA1
aaeffa6050298a03a881997181ab3afcf15a778a
-
SHA256
3233ffe20fd5990997ff00ba941b69577dc8a8a4a4975d8b47ae29cb7a8300ef
-
SHA512
ea82bb494b4bcfba286bd9c65ab8f82117aa40a78b4a4fe08fe12fee78c36b834983b55ec761a79e3647eaf690b0dfedd30e677357030c4a9aed24eb9cee379e
Score
1/10
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exepid process 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe -
Suspicious use of AdjustPrivilegeToken 2700 IoCs
Processes:
SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exedescription pid process Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: 33 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Token: SeIncBasePriorityPrivilege 3848 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exedescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Gen.Variant.Jacard.168030.24574.11515.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of AdjustPrivilegeToken
- Checks processor information in registry