Overview
overview
10Static
static
7Spoofer.exe
windows10-2004-x64
10cleaners/a...er.exe
windows10-2004-x64
9cleaners/cleaner.bat
windows10-2004-x64
10spoofers/C...32.exe
windows10-2004-x64
1spoofers/C...64.exe
windows10-2004-x64
1spoofers/C...64.sys
windows10-2004-x64
1spoofers/g...64.sys
windows10-2004-x64
1spoofers/s...er.bat
windows10-2004-x64
1Resubmissions
10-07-2024 02:30
240710-czl2gstcke 1020-06-2024 12:39
240620-pvzs1axflf 1020-06-2024 12:36
240620-pswcss1hrr 720-06-2024 12:35
240620-psqgjs1hrm 1020-06-2024 12:33
240620-prd25axdpg 10Analysis
-
max time kernel
1794s -
max time network
1804s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
20-06-2024 12:33
Behavioral task
behavioral1
Sample
Spoofer.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
cleaners/applecleaner.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
cleaners/cleaner.bat
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
spoofers/CupFixerx32.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
spoofers/CupFixerx64.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
spoofers/CupFixerx64.sys
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
spoofers/gsoftgmx64.sys
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
spoofers/serial_checker.bat
Resource
win10v2004-20240611-en
windows10-2004-x64
General
-
Target
spoofers/serial_checker.bat
-
Size
437B
-
MD5
0c088b6adc55c20fc375badef6f7e9a7
-
SHA1
37c865ebfe537b94534844281e9086462f3e2462
-
SHA256
51f783d41ad3a807344eb9550d65cb4638793aac71f4eb4a1a11414b24e339e1
-
SHA512
7f82c647413f997a537148ab7d1e8a5cff9fef18561783f329485dbb67ab76a2a8defa0a7304feb7e1e79645b50b8cb2d4a069ff3ec668542fdefb1adbde6f5d
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 2576 WMIC.exe Token: SeSecurityPrivilege 2576 WMIC.exe Token: SeTakeOwnershipPrivilege 2576 WMIC.exe Token: SeLoadDriverPrivilege 2576 WMIC.exe Token: SeSystemProfilePrivilege 2576 WMIC.exe Token: SeSystemtimePrivilege 2576 WMIC.exe Token: SeProfSingleProcessPrivilege 2576 WMIC.exe Token: SeIncBasePriorityPrivilege 2576 WMIC.exe Token: SeCreatePagefilePrivilege 2576 WMIC.exe Token: SeBackupPrivilege 2576 WMIC.exe Token: SeRestorePrivilege 2576 WMIC.exe Token: SeShutdownPrivilege 2576 WMIC.exe Token: SeDebugPrivilege 2576 WMIC.exe Token: SeSystemEnvironmentPrivilege 2576 WMIC.exe Token: SeRemoteShutdownPrivilege 2576 WMIC.exe Token: SeUndockPrivilege 2576 WMIC.exe Token: SeManageVolumePrivilege 2576 WMIC.exe Token: 33 2576 WMIC.exe Token: 34 2576 WMIC.exe Token: 35 2576 WMIC.exe Token: 36 2576 WMIC.exe Token: SeIncreaseQuotaPrivilege 2576 WMIC.exe Token: SeSecurityPrivilege 2576 WMIC.exe Token: SeTakeOwnershipPrivilege 2576 WMIC.exe Token: SeLoadDriverPrivilege 2576 WMIC.exe Token: SeSystemProfilePrivilege 2576 WMIC.exe Token: SeSystemtimePrivilege 2576 WMIC.exe Token: SeProfSingleProcessPrivilege 2576 WMIC.exe Token: SeIncBasePriorityPrivilege 2576 WMIC.exe Token: SeCreatePagefilePrivilege 2576 WMIC.exe Token: SeBackupPrivilege 2576 WMIC.exe Token: SeRestorePrivilege 2576 WMIC.exe Token: SeShutdownPrivilege 2576 WMIC.exe Token: SeDebugPrivilege 2576 WMIC.exe Token: SeSystemEnvironmentPrivilege 2576 WMIC.exe Token: SeRemoteShutdownPrivilege 2576 WMIC.exe Token: SeUndockPrivilege 2576 WMIC.exe Token: SeManageVolumePrivilege 2576 WMIC.exe Token: 33 2576 WMIC.exe Token: 34 2576 WMIC.exe Token: 35 2576 WMIC.exe Token: 36 2576 WMIC.exe Token: SeIncreaseQuotaPrivilege 2432 WMIC.exe Token: SeSecurityPrivilege 2432 WMIC.exe Token: SeTakeOwnershipPrivilege 2432 WMIC.exe Token: SeLoadDriverPrivilege 2432 WMIC.exe Token: SeSystemProfilePrivilege 2432 WMIC.exe Token: SeSystemtimePrivilege 2432 WMIC.exe Token: SeProfSingleProcessPrivilege 2432 WMIC.exe Token: SeIncBasePriorityPrivilege 2432 WMIC.exe Token: SeCreatePagefilePrivilege 2432 WMIC.exe Token: SeBackupPrivilege 2432 WMIC.exe Token: SeRestorePrivilege 2432 WMIC.exe Token: SeShutdownPrivilege 2432 WMIC.exe Token: SeDebugPrivilege 2432 WMIC.exe Token: SeSystemEnvironmentPrivilege 2432 WMIC.exe Token: SeRemoteShutdownPrivilege 2432 WMIC.exe Token: SeUndockPrivilege 2432 WMIC.exe Token: SeManageVolumePrivilege 2432 WMIC.exe Token: 33 2432 WMIC.exe Token: 34 2432 WMIC.exe Token: 35 2432 WMIC.exe Token: 36 2432 WMIC.exe Token: SeIncreaseQuotaPrivilege 2432 WMIC.exe -
Suspicious use of WriteProcessMemory 12 IoCs
description pid Process procid_target PID 2944 wrote to memory of 2576 2944 cmd.exe 91 PID 2944 wrote to memory of 2576 2944 cmd.exe 91 PID 2944 wrote to memory of 2432 2944 cmd.exe 93 PID 2944 wrote to memory of 2432 2944 cmd.exe 93 PID 2944 wrote to memory of 5040 2944 cmd.exe 94 PID 2944 wrote to memory of 5040 2944 cmd.exe 94 PID 2944 wrote to memory of 4460 2944 cmd.exe 96 PID 2944 wrote to memory of 4460 2944 cmd.exe 96 PID 2944 wrote to memory of 1920 2944 cmd.exe 97 PID 2944 wrote to memory of 1920 2944 cmd.exe 97 PID 2944 wrote to memory of 4164 2944 cmd.exe 99 PID 2944 wrote to memory of 4164 2944 cmd.exe 99
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\spoofers\serial_checker.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:2944 -
C:\Windows\System32\Wbem\WMIC.exewmic diskdrive get model, serialnumber2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2576
-
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get serialnumber2⤵
- Suspicious use of AdjustPrivilegeToken
PID:2432
-
-
C:\Windows\System32\Wbem\WMIC.exewmic bios get serialnumber2⤵PID:5040
-
-
C:\Windows\System32\Wbem\WMIC.exewmic baseboard get serialnumber2⤵PID:4460
-
-
C:\Windows\System32\Wbem\WMIC.exewmic path win32_computersystemproduct get uuid2⤵PID:1920
-
-
C:\Windows\system32\getmac.exegetmac2⤵PID:4164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4064,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=4308 /prefetch:81⤵PID:3004
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1312,i,3595107284059830391,18018199024659337217,262144 --variations-seed-version --mojo-platform-channel-handle=1292 /prefetch:81⤵PID:180