36882fc0c24de7aebb0a0949e60fc3f4768a79d908fac9c8464e72e958fd9a3b

Analysis

max time kernel
909s
max time network
913s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-09-2022 05:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

serial_checker_hwids.bat
Size

314B
MD5

875694edd1569a7a9743e464d4c30f5d
SHA1

6bbf0f4df1ca90b30b5667252f08f79aae1deb63
SHA256

252fa4f2391ef928701e3984a55c8526258276b4e993f5f6a564756d3a7988d9
SHA512

2a45b4a4fa6030e157fd83512cc115c75ca22929b63b69c40753a861cfd5994d8e75a944cf1ccc8d760ce9a2f91984e9d4cf41ad0ea536d81c989d9264eeedad

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

WMIC.exeWMIC.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	1144	WMIC.exe
Token: SeSecurityPrivilege	1144	WMIC.exe
Token: SeTakeOwnershipPrivilege	1144	WMIC.exe
Token: SeLoadDriverPrivilege	1144	WMIC.exe
Token: SeSystemProfilePrivilege	1144	WMIC.exe
Token: SeSystemtimePrivilege	1144	WMIC.exe
Token: SeProfSingleProcessPrivilege	1144	WMIC.exe
Token: SeIncBasePriorityPrivilege	1144	WMIC.exe
Token: SeCreatePagefilePrivilege	1144	WMIC.exe
Token: SeBackupPrivilege	1144	WMIC.exe
Token: SeRestorePrivilege	1144	WMIC.exe
Token: SeShutdownPrivilege	1144	WMIC.exe
Token: SeDebugPrivilege	1144	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1144	WMIC.exe
Token: SeRemoteShutdownPrivilege	1144	WMIC.exe
Token: SeUndockPrivilege	1144	WMIC.exe
Token: SeManageVolumePrivilege	1144	WMIC.exe
Token: 33	1144	WMIC.exe
Token: 34	1144	WMIC.exe
Token: 35	1144	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1144	WMIC.exe
Token: SeSecurityPrivilege	1144	WMIC.exe
Token: SeTakeOwnershipPrivilege	1144	WMIC.exe
Token: SeLoadDriverPrivilege	1144	WMIC.exe
Token: SeSystemProfilePrivilege	1144	WMIC.exe
Token: SeSystemtimePrivilege	1144	WMIC.exe
Token: SeProfSingleProcessPrivilege	1144	WMIC.exe
Token: SeIncBasePriorityPrivilege	1144	WMIC.exe
Token: SeCreatePagefilePrivilege	1144	WMIC.exe
Token: SeBackupPrivilege	1144	WMIC.exe
Token: SeRestorePrivilege	1144	WMIC.exe
Token: SeShutdownPrivilege	1144	WMIC.exe
Token: SeDebugPrivilege	1144	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1144	WMIC.exe
Token: SeRemoteShutdownPrivilege	1144	WMIC.exe
Token: SeUndockPrivilege	1144	WMIC.exe
Token: SeManageVolumePrivilege	1144	WMIC.exe
Token: 33	1144	WMIC.exe
Token: 34	1144	WMIC.exe
Token: 35	1144	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2044	WMIC.exe
Token: SeSecurityPrivilege	2044	WMIC.exe
Token: SeTakeOwnershipPrivilege	2044	WMIC.exe
Token: SeLoadDriverPrivilege	2044	WMIC.exe
Token: SeSystemProfilePrivilege	2044	WMIC.exe
Token: SeSystemtimePrivilege	2044	WMIC.exe
Token: SeProfSingleProcessPrivilege	2044	WMIC.exe
Token: SeIncBasePriorityPrivilege	2044	WMIC.exe
Token: SeCreatePagefilePrivilege	2044	WMIC.exe
Token: SeBackupPrivilege	2044	WMIC.exe
Token: SeRestorePrivilege	2044	WMIC.exe
Token: SeShutdownPrivilege	2044	WMIC.exe
Token: SeDebugPrivilege	2044	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2044	WMIC.exe
Token: SeRemoteShutdownPrivilege	2044	WMIC.exe
Token: SeUndockPrivilege	2044	WMIC.exe
Token: SeManageVolumePrivilege	2044	WMIC.exe
Token: 33	2044	WMIC.exe
Token: 34	2044	WMIC.exe
Token: 35	2044	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2044	WMIC.exe
Token: SeSecurityPrivilege	2044	WMIC.exe
Token: SeTakeOwnershipPrivilege	2044	WMIC.exe
Token: SeLoadDriverPrivilege	2044	WMIC.exe

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 1920 wrote to memory of 1144	1920	cmd.exe	WMIC.exe
PID 1920 wrote to memory of 1144	1920	cmd.exe	WMIC.exe
PID 1920 wrote to memory of 1144	1920	cmd.exe	WMIC.exe
PID 1920 wrote to memory of 2044	1920	cmd.exe	WMIC.exe
PID 1920 wrote to memory of 2044	1920	cmd.exe	WMIC.exe
PID 1920 wrote to memory of 2044	1920	cmd.exe	WMIC.exe
PID 1920 wrote to memory of 924	1920	cmd.exe	WMIC.exe
PID 1920 wrote to memory of 924	1920	cmd.exe	WMIC.exe
PID 1920 wrote to memory of 924	1920	cmd.exe	WMIC.exe
PID 1920 wrote to memory of 612	1920	cmd.exe	WMIC.exe
PID 1920 wrote to memory of 612	1920	cmd.exe	WMIC.exe
PID 1920 wrote to memory of 612	1920	cmd.exe	WMIC.exe
PID 1920 wrote to memory of 1768	1920	cmd.exe	getmac.exe
PID 1920 wrote to memory of 1768	1920	cmd.exe	getmac.exe
PID 1920 wrote to memory of 1768	1920	cmd.exe	getmac.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\serial_checker_hwids.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1920

C:\Windows\System32\Wbem\WMIC.exe
wmic diskdrive get serialnumber
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:1144

C:\Windows\System32\Wbem\WMIC.exe
wmic bios get serialnumber
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2044

C:\Windows\System32\Wbem\WMIC.exe
wmic baseboard get serialnumber
2⤵
PID:924

C:\Windows\System32\Wbem\WMIC.exe
wmic memorychip get serialnumber
2⤵
PID:612

C:\Windows\system32\getmac.exe
getmac /v
2⤵
PID:1768

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/612-57-0x0000000000000000-mapping.dmp

Download
memory/924-56-0x0000000000000000-mapping.dmp

Download
memory/1144-54-0x0000000000000000-mapping.dmp

Download
memory/1768-58-0x0000000000000000-mapping.dmp

Download
memory/2044-55-0x0000000000000000-mapping.dmp

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads