Overview

overview

7

Static

static

3

HwidSpoofer.exe

windows10-1703-x64

7

HwidSpoofer.exe

windows11-21h2-x64

5

Resubmissions

09/08/2024, 05:29

240809-f6txfs1ckb 7

09/08/2024, 05:25

240809-f4m15a1cjf 5

Sharing

Copy URL Twitter E-mail

General

  • Target

    HwidSpoofer.exe

  • Size

    10.6MB

  • Sample

    240809-f6txfs1ckb

  • MD5

    65aabd9125a89fca26afa46b03f0b443

  • SHA1

    158539e69c5b9a89e920c4c3a8663a2d834ba829

  • SHA256

    55322ec17470fd1146269ae4443d6fa1a527ae9591d328a6c033f5987b520769

  • SHA512

    ebf62377a88b736f6985a8b524cd1bd6a5a2ab319b548d613a21e8d517cf61f22439a84575b367208ec6449f252696d4bff493eb59ed87b79cf4f22b6e1befa3

  • SSDEEP

    196608:54tAcRPhZLzp2qBZT+6lKLIzkJKf+IP6NFGngWd5srJ0fB:5CPTp2qj+l8+psgWd2rQ

Score
7/10
discovery

Malware Config

Targets

    • Target

      HwidSpoofer.exe

    • Size

      10.6MB

    • MD5

      65aabd9125a89fca26afa46b03f0b443

    • SHA1

      158539e69c5b9a89e920c4c3a8663a2d834ba829

    • SHA256

      55322ec17470fd1146269ae4443d6fa1a527ae9591d328a6c033f5987b520769

    • SHA512

      ebf62377a88b736f6985a8b524cd1bd6a5a2ab319b548d613a21e8d517cf61f22439a84575b367208ec6449f252696d4bff493eb59ed87b79cf4f22b6e1befa3

    • SSDEEP

      196608:54tAcRPhZLzp2qBZT+6lKLIzkJKf+IP6NFGngWd5srJ0fB:5CPTp2qj+l8+psgWd2rQ

    Score
    7/10
    discovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks