Overview
overview
10Static
static
3AridekVM-P...s..scr
windows7-x64
6AridekVM-P...s..scr
windows10-2004-x64
10AridekVM-P...64.dll
windows7-x64
1AridekVM-P...64.dll
windows10-2004-x64
1AridekVM-P...86.dll
windows7-x64
1AridekVM-P...86.dll
windows10-2004-x64
1AridekVM-P...s..scr
windows7-x64
6AridekVM-P...s..scr
windows10-2004-x64
10AridekVM-P...ver.js
windows7-x64
1AridekVM-P...ver.js
windows10-2004-x64
1Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
14-03-2024 14:37
Static task
static1
Behavioral task
behavioral1
Sample
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/HWID Spoofer Resounls..scr
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/HWID Spoofer Resounls..scr
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/lib/MinHook.x64.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/lib/MinHook.x64.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/lib/MinHook.x86.dll
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/lib/MinHook.x86.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/main/HWID Spoofer Resounls..scr
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/main/HWID Spoofer Resounls..scr
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/main/intel_driver.js
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/main/intel_driver.js
Resource
win10v2004-20240226-en
General
-
Target
AridekVM-Permanted-Hwid-Spoofer-Changer-main/HWIDSpoofer/main/HWID Spoofer Resounls..scr
-
Size
351KB
-
MD5
13d1fc17b74fdbe39d0141d4f5e2b6db
-
SHA1
0c48d2d21eff6bc55fefe111b25e81fcc27e25a5
-
SHA256
194c0a05958c8ead4bfa916ace6e1a5acdb7f433ce57c1d48abc9160a6bca4e5
-
SHA512
3eaf731772e1c1386a84eae459ca1d8cb81fa8d79be1cb91f5e8678e9861a687178007e881a0fd03d116c597918e3a5f580a5060e32dc0faeeee22ebe1ac3b0c
-
SSDEEP
6144:haxxiw0qvLJXnlUGujCtjno6itQl+REw6FMG/UHQS8PUHIRA8yVYtFm6axHUZ:hukqjVnl36ud0zR/6CtQ9PUHIG8Dn
Malware Config
Signatures
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 2 ipinfo.io 3 ipinfo.io -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
HWID Spoofer Resounls..scrdescription pid process Token: SeDebugPrivilege 2368 HWID Spoofer Resounls..scr
Processes
-
C:\Users\Admin\AppData\Local\Temp\AridekVM-Permanted-Hwid-Spoofer-Changer-main\HWIDSpoofer\main\HWID Spoofer Resounls..scr"C:\Users\Admin\AppData\Local\Temp\AridekVM-Permanted-Hwid-Spoofer-Changer-main\HWIDSpoofer\main\HWID Spoofer Resounls..scr" /S1⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2368-0-0x0000000000060000-0x00000000000BA000-memory.dmpFilesize
360KB
-
memory/2368-1-0x00000000744C0000-0x0000000074BAE000-memory.dmpFilesize
6.9MB
-
memory/2368-2-0x00000000006D0000-0x0000000000710000-memory.dmpFilesize
256KB
-
memory/2368-3-0x0000000004270000-0x0000000004322000-memory.dmpFilesize
712KB
-
memory/2368-4-0x00000000744C0000-0x0000000074BAE000-memory.dmpFilesize
6.9MB