7c234430fd1c5eb32070d34f5e924e41cbc758b5ad03138168109a48a74fc986

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
14-03-2024 14:37

Target

AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/main/HWID Spoofer Resou‮nls..scr
Size

351KB
MD5

13d1fc17b74fdbe39d0141d4f5e2b6db
SHA1

0c48d2d21eff6bc55fefe111b25e81fcc27e25a5
SHA256

194c0a05958c8ead4bfa916ace6e1a5acdb7f433ce57c1d48abc9160a6bca4e5
SHA512

3eaf731772e1c1386a84eae459ca1d8cb81fa8d79be1cb91f5e8678e9861a687178007e881a0fd03d116c597918e3a5f580a5060e32dc0faeeee22ebe1ac3b0c
SSDEEP

6144:haxxiw0qvLJXnlUGujCtjno6itQl+REw6FMG/UHQS8PUHIRA8yVYtFm6axHUZ:hukqjVnl36ud0zR/6CtQ9PUHIG8Dn

Score

6^/10

Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

2 ipinfo.io
3 ipinfo.io
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

HWID Spoofer Resou‮nls..scr

description pid process

Token: SeDebugPrivilege 2368 HWID Spoofer Resou‮nls..scr

flow	ioc
2	ipinfo.io
3	ipinfo.io

description	pid	process
Token: SeDebugPrivilege	2368	HWID Spoofer Resou‮nls..scr

C:\Users\Admin\AppData\Local\Temp\AridekVM-Permanted-Hwid-Spoofer-Changer-main\HWIDSpoofer\main\HWID Spoofer Resou‮nls..scr
"C:\Users\Admin\AppData\Local\Temp\AridekVM-Permanted-Hwid-Spoofer-Changer-main\HWIDSpoofer\main\HWID Spoofer Resou‮nls..scr" /S
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2368

memory/2368-0-0x0000000000060000-0x00000000000BA000-memory.dmp

Filesize
360KB

Download
memory/2368-1-0x00000000744C0000-0x0000000074BAE000-memory.dmp

Filesize
6.9MB

Download
memory/2368-2-0x00000000006D0000-0x0000000000710000-memory.dmp

Filesize
256KB

Download
memory/2368-3-0x0000000004270000-0x0000000004322000-memory.dmp

Filesize
712KB

Download
memory/2368-4-0x00000000744C0000-0x0000000074BAE000-memory.dmp

Filesize
6.9MB

Download