Malware Analysis Report

2024-10-16 03:30

Sample ID 240809-kwfdjaydmk
Target jdhw.exe
SHA256 9b8a5b0a45adf843e24214b46c285e44e73bc6eaf9e2a3b2c14a6d93ae541363
Tags
banload downloader dropper evasion persistence privilege_escalation trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

9b8a5b0a45adf843e24214b46c285e44e73bc6eaf9e2a3b2c14a6d93ae541363

Threat Level: Known bad

The file jdhw.exe was found to be: Known bad.

Malicious Activity Summary

banload downloader dropper evasion persistence privilege_escalation trojan

Banload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Checks BIOS information in registry

Event Triggered Execution: Component Object Model Hijacking

Modifies registry class

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-09 08:56

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-09 08:56

Reported

2024-08-09 08:57

Platform

win10v2004-20240802-en

Max time kernel

43s

Max time network

36s

Command Line

"C:\Users\Admin\AppData\Local\Temp\jdhw.exe"

Signatures

Banload

trojan dropper downloader banload

Identifies VirtualBox via ACPI registry values (likely anti-VM)

evasion
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\26\XPath = "./SearchableContent/SettingInformation/Keywords" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\InProcServer32\ = "%SystemRoot%\\System32\\shell32.dll" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\ResourceStrings = "1" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C} C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\6\XPath = "./SearchableContent/SettingIdentity/Condition" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{6B8DA074-3B5C-43BC-886F-0A2CDCE00B6F} C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\24\VT = "31" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\2\XPath = "./SearchableContent/SettingIdentity/HostID" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\3\VT = "31" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\3\XPath = "./SearchableContent/SettingIdentity/SettingID" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\05\XPath = "./SearchableContent/ApplicationInformation/AppID" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{B725F130-47EF-101A-A5F1-02608C9EEBAC}\10\VT = "31" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\2\VT = "72" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\5\XPath = "./SearchableContent/SettingIdentity/GroupID" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{B725F130-47EF-101A-A5F1-02608C9EEBAC}\10 C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\25\VT = "31" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\6\XPath = "./SearchableContent/SettingInformation/Description" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\CLSID = "{AF9F2C0D-6B9F-4e32-A94D-A3E235A31BF7}" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{6B8DA074-3B5C-43BC-886F-0A2CDCE00B6F}\100\VT = "31" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\OverrideFileSystemProperties\System.ItemNameDisplay = "1" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\ = "CLSID_SettingContentXmlPropertyStore" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\InProcServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3} C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\24\XPath = "./SearchableContent/SettingInformation/HighKeywords" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3} C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\25\XPath = "./SearchableContent/SettingInformation/LowKeywords" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\6 C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\3\XPath = "./SearchableContent/ApplicationInformation/Icon" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\OverrideFileSystemProperties C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\24 C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\2 C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\3 C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\5 C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\5\VT = "31" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{6B8DA074-3B5C-43BC-886F-0A2CDCE00B6F}\100 C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{6B8DA074-3B5C-43BC-886F-0A2CDCE00B6F}\100\XPath = "./SearchableContent/SettingInformation/Name" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\InitPropertyBag C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\6 C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\20\VT = "31" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\3 C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\3\VT = "31" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{B725F130-47EF-101A-A5F1-02608C9EEBAC}\10\XPath = "./SearchableContent/SettingInformation/Description" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\Schema = "%SystemRoot%\\system32\\shell32.dll,2" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\4 C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\2 C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\2\XPath = "./SearchableContent/SettingInformation/Name" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\26 C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\26\VT = "31" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\4\VT = "31" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\05 C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9} C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\6\VT = "31" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\InitPropertyBag\LoadWithSax = "1" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\Namespace = "http://schemas.microsoft.com/Search/2013/SettingContent" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\4\XPath = "./SearchableContent/SettingIdentity/PageID" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\05\VT = "31" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{B725F130-47EF-101A-A5F1-02608C9EEBAC} C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\6\VT = "31" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\2\VT = "31" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\InProcServer32 C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\20 C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\20\XPath = "./SearchableContent/ApplicationInformation/DeepLink" C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\jdhw.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\jdhw.exe

"C:\Users\Admin\AppData\Local\Temp\jdhw.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 68.32.126.40.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 73.144.22.2.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

memory/4680-0-0x0000000003E80000-0x0000000004068000-memory.dmp

memory/4680-10-0x0000000000400000-0x0000000001CF7000-memory.dmp

memory/4680-12-0x0000000000400000-0x0000000001CF7000-memory.dmp

memory/4680-14-0x0000000000400000-0x0000000001CF7000-memory.dmp

memory/4680-15-0x0000000000400000-0x0000000001CF7000-memory.dmp

memory/4680-16-0x0000000000400000-0x0000000001CF7000-memory.dmp

memory/4680-17-0x0000000000400000-0x0000000001CF7000-memory.dmp

memory/4680-19-0x0000000000400000-0x0000000001CF7000-memory.dmp