da8fb699ccaf005e0277d8794547ce80c61262a00039cab8ccc87e1420abb1ee

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
15-11-2023 18:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cracked-hwid-spoofer-master/swind2.exe
Size

19KB
MD5

5a553b1c9a9dd4a03331d9b33951adad
SHA1

c26e3652ef52539924d873631295a0bd74f4791f
SHA256

9dd7c4d245afd85ca1fbaf786d629e1a941616c6f6fb8cb55300d3fa5cacdb79
SHA512

f02709fb20e4646e8b7342983d3ba9428f824cde84d9223d55be300d74e8a2d60388ee603eb25e52f92a412e0467d6cc9ff603f3b506afb1fb286e391d82a567
SSDEEP

192:iG6ETVvDoPrBerUrNEkZfv4+xWu95+2GP5A+7iVYIE97Tf1oM7Fdq8c6f3b0BFnP:iVEJEPGUrNJhxWuPwP5AJqbxxinRmW

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	3524	svchost.exe

C:\Users\Admin\AppData\Local\Temp\cracked-hwid-spoofer-master\swind2.exe
"C:\Users\Admin\AppData\Local\Temp\cracked-hwid-spoofer-master\swind2.exe"
1⤵
PID:4056

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:1212

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
56fed5b042dba9506b4efdfee65f312d

SHA1
e0ef4efbb005d2d8f78e0747e22f8cc768b46b52

SHA256
c2893987f1969f9f5e53f775e55ed149f8640e3d954459032e103cfa479d66be

SHA512
fb07e6c4d7fcc36fda902ad95432c37f5c6143bad4528d61aa44fcb857eefe7189565b3e9a21cbd085d2115b86a153667627ef6096889f09f179cfeff0deb6fa

Download Submit
memory/3524-40-0x0000022D5C1A0000-0x0000022D5C1A1000-memory.dmp

Filesize
4KB

Download
memory/3524-33-0x0000022D5C190000-0x0000022D5C191000-memory.dmp

Filesize
4KB

Download
memory/3524-42-0x0000022D5C1A0000-0x0000022D5C1A1000-memory.dmp

Filesize
4KB

Download
memory/3524-34-0x0000022D5C190000-0x0000022D5C191000-memory.dmp

Filesize
4KB

Download
memory/3524-35-0x0000022D5C190000-0x0000022D5C191000-memory.dmp

Filesize
4KB

Download
memory/3524-36-0x0000022D5C190000-0x0000022D5C191000-memory.dmp

Filesize
4KB

Download
memory/3524-37-0x0000022D5C190000-0x0000022D5C191000-memory.dmp

Filesize
4KB

Download
memory/3524-38-0x0000022D5C190000-0x0000022D5C191000-memory.dmp

Filesize
4KB

Download
memory/3524-43-0x0000022D5BDD0000-0x0000022D5BDD1000-memory.dmp

Filesize
4KB

Download
memory/3524-0-0x0000022D53A90000-0x0000022D53AA0000-memory.dmp

Filesize
64KB

Download
memory/3524-68-0x0000022D5C020000-0x0000022D5C021000-memory.dmp

Filesize
4KB

Download
memory/3524-32-0x0000022D5C180000-0x0000022D5C181000-memory.dmp

Filesize
4KB

Download
memory/3524-39-0x0000022D5C190000-0x0000022D5C191000-memory.dmp

Filesize
4KB

Download
memory/3524-44-0x0000022D5BDC0000-0x0000022D5BDC1000-memory.dmp

Filesize
4KB

Download
memory/3524-46-0x0000022D5BDD0000-0x0000022D5BDD1000-memory.dmp

Filesize
4KB

Download
memory/3524-49-0x0000022D5BDC0000-0x0000022D5BDC1000-memory.dmp

Filesize
4KB

Download
memory/3524-52-0x0000022D5BD00000-0x0000022D5BD01000-memory.dmp

Filesize
4KB

Download
memory/3524-16-0x0000022D53B90000-0x0000022D53BA0000-memory.dmp

Filesize
64KB

Download
memory/3524-64-0x0000022D5BF00000-0x0000022D5BF01000-memory.dmp

Filesize
4KB

Download
memory/3524-66-0x0000022D5BF10000-0x0000022D5BF11000-memory.dmp

Filesize
4KB

Download
memory/3524-67-0x0000022D5BF10000-0x0000022D5BF11000-memory.dmp

Filesize
4KB

Download
memory/3524-41-0x0000022D5C1A0000-0x0000022D5C1A1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads