63a2c64048216bf5e83e2a539616cddcaf5b3c781770ff8606e08ffcaad4294b

Submit
Reports

Overview

overview

Static

static

HWID Bypas...er.url

windows7-x64

HWID Bypas...er.url

windows10-2004-x64

HWID Bypas...rs.lnk

windows7-x64

HWID Bypas...rs.lnk

windows10-2004-x64

HWID Bypas...rs.lnk

windows7-x64

HWID Bypas...rs.lnk

windows10-2004-x64

HWID Bypas...er.lnk

windows7-x64

HWID Bypas...er.lnk

windows10-2004-x64

HWID Bypas...er.lnk

windows7-x64

HWID Bypas...er.lnk

windows10-2004-x64

HWID Bypas...er.lnk

windows7-x64

HWID Bypas...er.lnk

windows10-2004-x64

HWID Bypas...er.lnk

windows7-x64

HWID Bypas...er.lnk

windows10-2004-x64

HWID Bypas...er.lnk

windows7-x64

HWID Bypas...er.lnk

windows10-2004-x64

HWID Bypas...er.lnk

windows7-x64

HWID Bypas...er.lnk

windows10-2004-x64

HWID Bypas...it.lnk

windows7-x64

HWID Bypas...it.lnk

windows10-2004-x64

HWID Bypas...or.lnk

windows7-x64

HWID Bypas...or.lnk

windows10-2004-x64

HWID Bypas...te.url

windows7-x64

HWID Bypas...te.url

windows10-2004-x64

HWID Bypas...PN.url

windows7-x64

HWID Bypas...PN.url

windows10-2004-x64

HWID Bypas...Ds.cmd

windows7-x64

HWID Bypas...Ds.cmd

windows10-2004-x64

HWID Bypas...Ds.cmd

windows7-x64

HWID Bypas...Ds.cmd

windows10-2004-x64

HWID Bypas...64.exe

windows7-x64

HWID Bypas...64.exe

windows10-2004-x64

Analysis

max time kernel
64s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
15/05/2023, 15:38

Sharing

Copy URL

Twitter E-mail

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

HWID Bypass/STEP 1 - Uninstall & Clear Traces/1. Uninstall the Game & Launcher.url

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

HWID Bypass/STEP 1 - Uninstall & Clear Traces/1. Uninstall the Game & Launcher.url

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

HWID Bypass/STEP 1 - Uninstall & Clear Traces/2. Delete Game,Launcher Folders.lnk

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

HWID Bypass/STEP 1 - Uninstall & Clear Traces/2. Delete Game,Launcher Folders.lnk

Resource

win10v2004-20230221-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

HWID Bypass/STEP 1 - Uninstall & Clear Traces/3. Delete Game,Launcher Folders.lnk

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral6

Sample

HWID Bypass/STEP 1 - Uninstall & Clear Traces/3. Delete Game,Launcher Folders.lnk

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

HWID Bypass/STEP 1 - Uninstall & Clear Traces/4.1Delete Anything Related to Game and Launcher.lnk

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

HWID Bypass/STEP 1 - Uninstall & Clear Traces/4.1Delete Anything Related to Game and Launcher.lnk

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

HWID Bypass/STEP 1 - Uninstall & Clear Traces/4.2 Delete Anything Related to Game and Launcher.lnk

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

HWID Bypass/STEP 1 - Uninstall & Clear Traces/4.2 Delete Anything Related to Game and Launcher.lnk

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

HWID Bypass/STEP 1 - Uninstall & Clear Traces/4.3 Delete Anything Related to Game and Launcher.lnk

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

HWID Bypass/STEP 1 - Uninstall & Clear Traces/4.3 Delete Anything Related to Game and Launcher.lnk

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

HWID Bypass/STEP 1 - Uninstall & Clear Traces/4.4 Delete Anything Related to Game and Launcher.lnk

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

HWID Bypass/STEP 1 - Uninstall & Clear Traces/4.4 Delete Anything Related to Game and Launcher.lnk

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

HWID Bypass/STEP 1 - Uninstall & Clear Traces/4.5 Delete Anything Related to Game and Launcher.lnk

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

HWID Bypass/STEP 1 - Uninstall & Clear Traces/4.5 Delete Anything Related to Game and Launcher.lnk

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

HWID Bypass/STEP 1 - Uninstall & Clear Traces/4.6 Delete Anything Related to Game and Launcher.lnk

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

HWID Bypass/STEP 1 - Uninstall & Clear Traces/4.6 Delete Anything Related to Game and Launcher.lnk

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

HWID Bypass/STEP 1 - Uninstall & Clear Traces/5. Open Registry Edit.lnk

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral20

Sample

HWID Bypass/STEP 1 - Uninstall & Clear Traces/5. Open Registry Edit.lnk

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

HWID Bypass/STEP 2 - Edit HWID Registry keys/1. Registry Editor.lnk

Resource

win7-20230220-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral22

Sample

HWID Bypass/STEP 2 - Edit HWID Registry keys/1. Registry Editor.lnk

Resource

win10v2004-20230220-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral23

Sample

HWID Bypass/STEP 2 - Edit HWID Registry keys/3. GUID Generator Website.url

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

HWID Bypass/STEP 2 - Edit HWID Registry keys/3. GUID Generator Website.url

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

HWID Bypass/STEP 3 - Mask & Setup your IP Address/1. Download NordVPN.url

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

HWID Bypass/STEP 3 - Mask & Setup your IP Address/1. Download NordVPN.url

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

HWID Bypass/STEP 4 - Change your Disk's Serial NumberID/1. Change Disk IDs.cmd

Resource

win7-20230220-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral28

Sample

HWID Bypass/STEP 4 - Change your Disk's Serial NumberID/1. Change Disk IDs.cmd

Resource

win10v2004-20230220-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral29

Sample

HWID Bypass/STEP 5 - Change the HWIDs of everything/1. Change ALL HWIDs.cmd

Resource

win7-20230220-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

HWID Bypass/STEP 5 - Change the HWIDs of everything/1. Change ALL HWIDs.cmd

Resource

win10v2004-20230220-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

HWID Bypass/STEP 5 - Change the HWIDs of everything/_/AMIDEWINx64.exe

Resource

win7-20230220-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral32

Sample

HWID Bypass/STEP 5 - Change the HWIDs of everything/_/AMIDEWINx64.exe

Resource

win10v2004-20230220-en

windows10-2004-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

HWID Bypass/STEP 2 - Edit HWID Registry keys/1. Registry Editor.lnk
Size

1KB
MD5

0e2092f136d0e7f155a6c688e34533dc
SHA1

33f71faf7585c7a4a450b91f794334f200bf15f7
SHA256

64aa810fa77628dc199f75f54dd764c142b0a479cdb62e24f853a707ca3a2db5
SHA512

8057d335d66ca0257d7c53b3fd681efbd9123c7c5cb955c1b49cbca243e8550cc5210de9044b4481c311873c28fd79ad79f1d32905b473005584631fe61c4f92

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Runs regedit.exe 1 IoCs

pid	Process
1436	regedit.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1436	regedit.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 1436	2040	cmd.exe	29
PID 2040 wrote to memory of 1436	2040	cmd.exe	29
PID 2040 wrote to memory of 1436	2040	cmd.exe	29

Processes

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\HWID Bypass\STEP 2 - Edit HWID Registry keys\1. Registry Editor.lnk"
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\regedit.exe
  "C:\Windows\regedit.exe"
  2⤵
  - Runs regedit.exe
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1436

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads