Analysis
-
max time kernel
909s -
max time network
913s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
06-09-2022 05:30
Behavioral task
behavioral1
Sample
lxJWhxw.exe
Resource
win7-20220812-en
windows7-x64
19 signatures
1200 seconds
Behavioral task
behavioral2
Sample
lxJWhxw.exe
Resource
win10v2004-20220812-en
windows10-2004-x64
31 signatures
1200 seconds
Behavioral task
behavioral3
Sample
serial_checker_hwids.bat
Resource
win7-20220812-en
windows7-x64
2 signatures
1200 seconds
Behavioral task
behavioral4
Sample
serial_checker_hwids.bat
Resource
win10v2004-20220901-en
windows10-2004-x64
2 signatures
1200 seconds
General
-
Target
serial_checker_hwids.bat
-
Size
314B
-
MD5
875694edd1569a7a9743e464d4c30f5d
-
SHA1
6bbf0f4df1ca90b30b5667252f08f79aae1deb63
-
SHA256
252fa4f2391ef928701e3984a55c8526258276b4e993f5f6a564756d3a7988d9
-
SHA512
2a45b4a4fa6030e157fd83512cc115c75ca22929b63b69c40753a861cfd5994d8e75a944cf1ccc8d760ce9a2f91984e9d4cf41ad0ea536d81c989d9264eeedad
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
WMIC.exeWMIC.exedescription pid process Token: SeIncreaseQuotaPrivilege 1144 WMIC.exe Token: SeSecurityPrivilege 1144 WMIC.exe Token: SeTakeOwnershipPrivilege 1144 WMIC.exe Token: SeLoadDriverPrivilege 1144 WMIC.exe Token: SeSystemProfilePrivilege 1144 WMIC.exe Token: SeSystemtimePrivilege 1144 WMIC.exe Token: SeProfSingleProcessPrivilege 1144 WMIC.exe Token: SeIncBasePriorityPrivilege 1144 WMIC.exe Token: SeCreatePagefilePrivilege 1144 WMIC.exe Token: SeBackupPrivilege 1144 WMIC.exe Token: SeRestorePrivilege 1144 WMIC.exe Token: SeShutdownPrivilege 1144 WMIC.exe Token: SeDebugPrivilege 1144 WMIC.exe Token: SeSystemEnvironmentPrivilege 1144 WMIC.exe Token: SeRemoteShutdownPrivilege 1144 WMIC.exe Token: SeUndockPrivilege 1144 WMIC.exe Token: SeManageVolumePrivilege 1144 WMIC.exe Token: 33 1144 WMIC.exe Token: 34 1144 WMIC.exe Token: 35 1144 WMIC.exe Token: SeIncreaseQuotaPrivilege 1144 WMIC.exe Token: SeSecurityPrivilege 1144 WMIC.exe Token: SeTakeOwnershipPrivilege 1144 WMIC.exe Token: SeLoadDriverPrivilege 1144 WMIC.exe Token: SeSystemProfilePrivilege 1144 WMIC.exe Token: SeSystemtimePrivilege 1144 WMIC.exe Token: SeProfSingleProcessPrivilege 1144 WMIC.exe Token: SeIncBasePriorityPrivilege 1144 WMIC.exe Token: SeCreatePagefilePrivilege 1144 WMIC.exe Token: SeBackupPrivilege 1144 WMIC.exe Token: SeRestorePrivilege 1144 WMIC.exe Token: SeShutdownPrivilege 1144 WMIC.exe Token: SeDebugPrivilege 1144 WMIC.exe Token: SeSystemEnvironmentPrivilege 1144 WMIC.exe Token: SeRemoteShutdownPrivilege 1144 WMIC.exe Token: SeUndockPrivilege 1144 WMIC.exe Token: SeManageVolumePrivilege 1144 WMIC.exe Token: 33 1144 WMIC.exe Token: 34 1144 WMIC.exe Token: 35 1144 WMIC.exe Token: SeIncreaseQuotaPrivilege 2044 WMIC.exe Token: SeSecurityPrivilege 2044 WMIC.exe Token: SeTakeOwnershipPrivilege 2044 WMIC.exe Token: SeLoadDriverPrivilege 2044 WMIC.exe Token: SeSystemProfilePrivilege 2044 WMIC.exe Token: SeSystemtimePrivilege 2044 WMIC.exe Token: SeProfSingleProcessPrivilege 2044 WMIC.exe Token: SeIncBasePriorityPrivilege 2044 WMIC.exe Token: SeCreatePagefilePrivilege 2044 WMIC.exe Token: SeBackupPrivilege 2044 WMIC.exe Token: SeRestorePrivilege 2044 WMIC.exe Token: SeShutdownPrivilege 2044 WMIC.exe Token: SeDebugPrivilege 2044 WMIC.exe Token: SeSystemEnvironmentPrivilege 2044 WMIC.exe Token: SeRemoteShutdownPrivilege 2044 WMIC.exe Token: SeUndockPrivilege 2044 WMIC.exe Token: SeManageVolumePrivilege 2044 WMIC.exe Token: 33 2044 WMIC.exe Token: 34 2044 WMIC.exe Token: 35 2044 WMIC.exe Token: SeIncreaseQuotaPrivilege 2044 WMIC.exe Token: SeSecurityPrivilege 2044 WMIC.exe Token: SeTakeOwnershipPrivilege 2044 WMIC.exe Token: SeLoadDriverPrivilege 2044 WMIC.exe -
Suspicious use of WriteProcessMemory 15 IoCs
Processes:
cmd.exedescription pid process target process PID 1920 wrote to memory of 1144 1920 cmd.exe WMIC.exe PID 1920 wrote to memory of 1144 1920 cmd.exe WMIC.exe PID 1920 wrote to memory of 1144 1920 cmd.exe WMIC.exe PID 1920 wrote to memory of 2044 1920 cmd.exe WMIC.exe PID 1920 wrote to memory of 2044 1920 cmd.exe WMIC.exe PID 1920 wrote to memory of 2044 1920 cmd.exe WMIC.exe PID 1920 wrote to memory of 924 1920 cmd.exe WMIC.exe PID 1920 wrote to memory of 924 1920 cmd.exe WMIC.exe PID 1920 wrote to memory of 924 1920 cmd.exe WMIC.exe PID 1920 wrote to memory of 612 1920 cmd.exe WMIC.exe PID 1920 wrote to memory of 612 1920 cmd.exe WMIC.exe PID 1920 wrote to memory of 612 1920 cmd.exe WMIC.exe PID 1920 wrote to memory of 1768 1920 cmd.exe getmac.exe PID 1920 wrote to memory of 1768 1920 cmd.exe getmac.exe PID 1920 wrote to memory of 1768 1920 cmd.exe getmac.exe
Processes
-
C:\Windows\system32\cmd.execmd /c "C:\Users\Admin\AppData\Local\Temp\serial_checker_hwids.bat"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\Wbem\WMIC.exewmic diskdrive get serialnumber2⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\Wbem\WMIC.exewmic bios get serialnumber2⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\Wbem\WMIC.exewmic baseboard get serialnumber2⤵
-
C:\Windows\System32\Wbem\WMIC.exewmic memorychip get serialnumber2⤵
-
C:\Windows\system32\getmac.exegetmac /v2⤵