Overview

overview

3

Static

static

3

Hwid Checker.exe

windows7-x64

1

Hwid Checker.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/05/2024, 14:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Hwid Checker.exe

  • Size

    90KB

  • MD5

    2504ff93b1398134958c996b1f31d35d

  • SHA1

    a803f865f6f80206273c67731701ac090c936940

  • SHA256

    d14cf0df3829a005c3270ef79def0f4b5ad8114a53c3dd70dcb8f27745f829c2

  • SHA512

    e5aa6a9aaea44622acae795fd81447deaa1b62772f89d890e1bb2e04837e03e4a22d8e3cb554a72c96d05f4bd81c5f094cd465201192b3dacb80e8a0d274fc62

  • SSDEEP

    1536:v7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfswgOa:D7DhdC6kzWypvaQ0FxyNTBfsr

Score
1/10

Malware Config

Signatures

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Hwid Checker.exe
    "C:\Users\Admin\AppData\Local\Temp\Hwid Checker.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4544
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\2FCA.tmp\2FCB.tmp\2FCC.bat "C:\Users\Admin\AppData\Local\Temp\Hwid Checker.exe""
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4872
      • C:\Windows\System32\Wbem\WMIC.exe
        wmic bios get serialnumber
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:3460
      • C:\Windows\System32\Wbem\WMIC.exe
        wmic baseboard get serialnumber
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:1740
      • C:\Windows\System32\Wbem\WMIC.exe
        wmic path win32_computersystemproduct get uuid
        3⤵
          PID:3368
        • C:\Windows\system32\getmac.exe
          getmac
          3⤵
            PID:4912
      • C:\Windows\system32\taskmgr.exe
        "C:\Windows\system32\taskmgr.exe" /4
        1⤵
        • Checks SCSI registry key(s)
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:2936

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Temp\2FCA.tmp\2FCB.tmp\2FCC.bat
        Filesize

        539B

        MD5

        8196f772d992703d45de9b2820381da0

        SHA1

        f28f3745fdeb961f91546db4053c8386dd2533ad

        SHA256

        171136fd6cb1bfbdecb02f221c84e8591dfec16c4031d9b78ad577313146d3dd

        SHA512

        8e6a0ce60f4c81e00ff12f9175202b2bb460f20875a6098bef6cc03d54d15b93e1f51a23bda408a80f67a32bff631a2af7b1a5e14357e72422ca9c1c178f453b

        Download Submit

      • memory/2936-4-0x0000026B3CD00000-0x0000026B3CD01000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2936-3-0x0000026B3CD00000-0x0000026B3CD01000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2936-2-0x0000026B3CD00000-0x0000026B3CD01000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2936-9-0x0000026B3CD00000-0x0000026B3CD01000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2936-14-0x0000026B3CD00000-0x0000026B3CD01000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2936-13-0x0000026B3CD00000-0x0000026B3CD01000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2936-12-0x0000026B3CD00000-0x0000026B3CD01000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2936-11-0x0000026B3CD00000-0x0000026B3CD01000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2936-10-0x0000026B3CD00000-0x0000026B3CD01000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2936-8-0x0000026B3CD00000-0x0000026B3CD01000-memory.dmp

        Filesize

        4KB

        Download