Analysis
-
max time kernel
0s -
max time network
116s -
platform
windows11-21h2_x64 -
resource
win11-20231129-en -
resource tags
arch:x64arch:x86image:win11-20231129-enlocale:en-usos:windows11-21h2-x64system -
submitted
06/12/2023, 16:27
Behavioral task
behavioral1
Sample
hwid-spoofer.exe
Resource
win10v2004-20231130-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
hwid-spoofer.exe
Resource
win11-20231129-en
3 signatures
150 seconds
General
-
Target
hwid-spoofer.exe
-
Size
266KB
-
MD5
322f7016ccf0835c39375dfc42370222
-
SHA1
701a2e8c1d8976c7b5b6a49d6449a4ff92dba6ee
-
SHA256
9945aca9c51b2d420585e28adcb500631f27e4322e07afc1f13b7b690d177d0c
-
SHA512
82fc8db901bd68ba322635d8a1d7d515f3b61cdf2a65d0c5f132ce7f0a3b74dd4545ed7c762707510a225e0adb91516a468019b264bd7ac625fe24ffc6e6aefb
-
SSDEEP
6144:amBvRxy3LhH3R8QG18lS8kjdiWNAYot/lKyy8rw/8E/lx1q:BxfeZk1oGNyy8rwUE/8
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral2/memory/2452-0-0x0000000000C80000-0x0000000000CF4000-memory.dmp vmprotect -
Program crash 1 IoCs
pid pid_target Process procid_target 1040 2452 WerFault.exe 18 -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2452 hwid-spoofer.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\hwid-spoofer.exe"C:\Users\Admin\AppData\Local\Temp\hwid-spoofer.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2452 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 19242⤵
- Program crash
PID:1040
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 352 -p 2452 -ip 24521⤵PID:3972