2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2

General

Target

2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Size

25KB
MD5

b643e854869ce64b307f9ce421eeee7b
SHA1

b3925d9b96de5b093be8fcaefc2dc5e0392dc84f
SHA256

2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2
SHA512

80b9e8c6fedba284a1bfa350ed9fe7638397c0a47e537831cf9606529a5271f272eefec9f507f434ed1c4e24a5771e3faad43ad65ce55f2ceb35a0878cca5afe

Score

7^/10

Malware Config

Signatures

Drops startup file 2 IoCs

Processes:

2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Java update.exe	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe

pid process

3356 2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe

pid	process
3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe

Suspicious use of AdjustPrivilegeToken 37 IoCs

Processes:

2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe

description	pid	process
Token: SeDebugPrivilege	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: 33	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: SeIncBasePriorityPrivilege	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: 33	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: SeIncBasePriorityPrivilege	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: 33	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: SeIncBasePriorityPrivilege	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: 33	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: SeIncBasePriorityPrivilege	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: 33	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: SeIncBasePriorityPrivilege	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: 33	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: SeIncBasePriorityPrivilege	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: 33	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: SeIncBasePriorityPrivilege	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: 33	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: SeIncBasePriorityPrivilege	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: 33	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: SeIncBasePriorityPrivilege	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: 33	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: SeIncBasePriorityPrivilege	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: 33	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: SeIncBasePriorityPrivilege	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: 33	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: SeIncBasePriorityPrivilege	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: 33	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: SeIncBasePriorityPrivilege	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: 33	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: SeIncBasePriorityPrivilege	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: 33	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: SeIncBasePriorityPrivilege	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: 33	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: SeIncBasePriorityPrivilege	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: 33	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: SeIncBasePriorityPrivilege	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: 33	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
Token: SeIncBasePriorityPrivilege	3356	2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe

C:\Users\Admin\AppData\Local\Temp\2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe
"C:\Users\Admin\AppData\Local\Temp\2236a34c715e3c1a901a568fc44c8a4a3b8f7a0acee7d17eae7b386dd9f41aa2.exe"
1⤵
- Drops startup file
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:3356

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3356-130-0x0000000000040000-0x0000000000048000-memory.dmp

Filesize
32KB

Download
memory/3356-131-0x00007FFF18FC0000-0x00007FFF19A81000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing