Analysis
-
max time kernel
91s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231130-en -
resource tags
arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system -
submitted
06/12/2023, 16:27
Behavioral task
behavioral1
Sample
hwid-spoofer.exe
Resource
win10v2004-20231130-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
hwid-spoofer.exe
Resource
win11-20231129-en
3 signatures
150 seconds
General
-
Target
hwid-spoofer.exe
-
Size
266KB
-
MD5
322f7016ccf0835c39375dfc42370222
-
SHA1
701a2e8c1d8976c7b5b6a49d6449a4ff92dba6ee
-
SHA256
9945aca9c51b2d420585e28adcb500631f27e4322e07afc1f13b7b690d177d0c
-
SHA512
82fc8db901bd68ba322635d8a1d7d515f3b61cdf2a65d0c5f132ce7f0a3b74dd4545ed7c762707510a225e0adb91516a468019b264bd7ac625fe24ffc6e6aefb
-
SSDEEP
6144:amBvRxy3LhH3R8QG18lS8kjdiWNAYot/lKyy8rw/8E/lx1q:BxfeZk1oGNyy8rwUE/8
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2204-0-0x0000000000BA0000-0x0000000000C14000-memory.dmp vmprotect -
Program crash 1 IoCs
pid pid_target Process procid_target 4956 2204 WerFault.exe 15 -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2204 hwid-spoofer.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\hwid-spoofer.exe"C:\Users\Admin\AppData\Local\Temp\hwid-spoofer.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2204 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 18762⤵
- Program crash
PID:4956
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 2204 -ip 22041⤵PID:3672