Analysis Overview
SHA256
9b8a5b0a45adf843e24214b46c285e44e73bc6eaf9e2a3b2c14a6d93ae541363
Threat Level: Known bad
The file jdhw.exe was found to be: Known bad.
Malicious Activity Summary
Banload
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Checks BIOS information in registry
Event Triggered Execution: Component Object Model Hijacking
Modifies registry class
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-09 08:56
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-09 08:56
Reported
2024-08-09 08:57
Platform
win10v2004-20240802-en
Max time kernel
43s
Max time network
36s
Command Line
Signatures
Banload
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\26\XPath = "./SearchableContent/SettingInformation/Keywords" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\InProcServer32\ = "%SystemRoot%\\System32\\shell32.dll" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\ResourceStrings = "1" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C} | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\6\XPath = "./SearchableContent/SettingIdentity/Condition" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{6B8DA074-3B5C-43BC-886F-0A2CDCE00B6F} | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\24\VT = "31" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\2\XPath = "./SearchableContent/SettingIdentity/HostID" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\3\VT = "31" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\3\XPath = "./SearchableContent/SettingIdentity/SettingID" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\05\XPath = "./SearchableContent/ApplicationInformation/AppID" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{B725F130-47EF-101A-A5F1-02608C9EEBAC}\10\VT = "31" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\2\VT = "72" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\5\XPath = "./SearchableContent/SettingIdentity/GroupID" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{B725F130-47EF-101A-A5F1-02608C9EEBAC}\10 | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\25\VT = "31" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\6\XPath = "./SearchableContent/SettingInformation/Description" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\CLSID = "{AF9F2C0D-6B9F-4e32-A94D-A3E235A31BF7}" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{6B8DA074-3B5C-43BC-886F-0A2CDCE00B6F}\100\VT = "31" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\OverrideFileSystemProperties\System.ItemNameDisplay = "1" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\ = "CLSID_SettingContentXmlPropertyStore" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\InProcServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3} | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\24\XPath = "./SearchableContent/SettingInformation/HighKeywords" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3} | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\25\XPath = "./SearchableContent/SettingInformation/LowKeywords" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\6 | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\3\XPath = "./SearchableContent/ApplicationInformation/Icon" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\OverrideFileSystemProperties | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\24 | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\2 | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\3 | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\5 | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\5\VT = "31" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{6B8DA074-3B5C-43BC-886F-0A2CDCE00B6F}\100 | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{6B8DA074-3B5C-43BC-886F-0A2CDCE00B6F}\100\XPath = "./SearchableContent/SettingInformation/Name" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\InitPropertyBag | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\6 | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\20\VT = "31" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\3 | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\3\VT = "31" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{B725F130-47EF-101A-A5F1-02608C9EEBAC}\10\XPath = "./SearchableContent/SettingInformation/Description" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\Schema = "%SystemRoot%\\system32\\shell32.dll,2" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\4 | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\2 | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\2\XPath = "./SearchableContent/SettingInformation/Name" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\26 | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\26\VT = "31" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\4\VT = "31" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\05 | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9} | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\6\VT = "31" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\InitPropertyBag\LoadWithSax = "1" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\Namespace = "http://schemas.microsoft.com/Search/2013/SettingContent" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\4\XPath = "./SearchableContent/SettingIdentity/PageID" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\05\VT = "31" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{B725F130-47EF-101A-A5F1-02608C9EEBAC} | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{5AB5C75F-15E1-4D65-924A-04754567243C}\6\VT = "31" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{F29F85E0-4FF9-1068-AB91-08002B27B3D9}\2\VT = "31" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\InProcServer32 | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\20 | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{6EEAF7AB-9B86-0A4B-E9E8-6422E70DF8B3}\Instance\PropertySetStorage\{9F4C2855-9F79-4B39-A8D0-E1D42DE1D5F3}\20\XPath = "./SearchableContent/ApplicationInformation/DeepLink" | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\jdhw.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\jdhw.exe
"C:\Users\Admin\AppData\Local\Temp\jdhw.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.99.105.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 183.59.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
memory/4680-0-0x0000000003E80000-0x0000000004068000-memory.dmp
memory/4680-10-0x0000000000400000-0x0000000001CF7000-memory.dmp
memory/4680-12-0x0000000000400000-0x0000000001CF7000-memory.dmp
memory/4680-14-0x0000000000400000-0x0000000001CF7000-memory.dmp
memory/4680-15-0x0000000000400000-0x0000000001CF7000-memory.dmp
memory/4680-16-0x0000000000400000-0x0000000001CF7000-memory.dmp
memory/4680-17-0x0000000000400000-0x0000000001CF7000-memory.dmp
memory/4680-19-0x0000000000400000-0x0000000001CF7000-memory.dmp