894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0

General

Target

894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Size

43KB
MD5

28c3f61294f4e7f30725de6515474e51
SHA1

e678e3e8680a039784cc370c642a679980f96333
SHA256

894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0
SHA512

3bd62061931cf9d4a14c239e023fc0d7d25a39a68817a9bbefec944facf561a23d4dd122d62047f85ac8a1de35e7196817b78af04de1ae66993165ddace78de7

Score

7^/10

Malware Config

Signatures

Drops startup file 2 IoCs

Processes:

894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe

pid process

2300 894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe

pid	process
2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe

Suspicious use of AdjustPrivilegeToken 35 IoCs

Processes:

894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe

description	pid	process
Token: SeDebugPrivilege	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: 33	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: SeIncBasePriorityPrivilege	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: 33	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: SeIncBasePriorityPrivilege	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: 33	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: SeIncBasePriorityPrivilege	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: 33	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: SeIncBasePriorityPrivilege	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: 33	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: SeIncBasePriorityPrivilege	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: 33	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: SeIncBasePriorityPrivilege	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: 33	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: SeIncBasePriorityPrivilege	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: 33	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: SeIncBasePriorityPrivilege	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: 33	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: SeIncBasePriorityPrivilege	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: 33	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: SeIncBasePriorityPrivilege	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: 33	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: SeIncBasePriorityPrivilege	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: 33	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: SeIncBasePriorityPrivilege	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: 33	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: SeIncBasePriorityPrivilege	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: 33	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: SeIncBasePriorityPrivilege	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: 33	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: SeIncBasePriorityPrivilege	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: 33	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: SeIncBasePriorityPrivilege	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: 33	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
Token: SeIncBasePriorityPrivilege	2300	894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe

C:\Users\Admin\AppData\Local\Temp\894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe
"C:\Users\Admin\AppData\Local\Temp\894b6b2ba32dbcb980882299ae7b0389b2182accc27feda5d356a4ef749b27e0.exe"
1⤵
- Drops startup file
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:2300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2300-115-0x00000000005C0000-0x00000000005C1000-memory.dmp

Filesize
4KB

Download
memory/2300-117-0x0000000004E20000-0x0000000004E21000-memory.dmp

Filesize
4KB

Download
memory/2300-118-0x0000000005630000-0x0000000005631000-memory.dmp

Filesize
4KB

Download
memory/2300-119-0x0000000005200000-0x0000000005201000-memory.dmp

Filesize
4KB

Download
memory/2300-120-0x0000000005020000-0x0000000005021000-memory.dmp

Filesize
4KB

Download
memory/2300-121-0x00000000051C0000-0x00000000051C1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing