a62b13cb228c827c16f600bf018c25fa677f5de4e3a1da892b8b2e9860f05d04

Analysis

max time kernel
12s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
01/09/2024, 14:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DriverFN_Cracked/Serials Checker/Serials Checker.bat
Size

403B
MD5

4d39b88edb3ed7282a587c4805928ecd
SHA1

a7399a397a341f6e7048c4376faba21ed4e4a87c
SHA256

e4d3e8598d39e70e7005292a9594a90af6ed91488670d47998d8a8f248f7ce9e
SHA512

c9607fed93087b6f2d97c5101afc2b6a0410f94f6cf40443efebb811fab7773dc4c529c0214850dae8b0c38b0287fe9cd5b6ecec400a41eb8f1b06facdc40253

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	2952	WMIC.exe
Token: SeSecurityPrivilege	2952	WMIC.exe
Token: SeTakeOwnershipPrivilege	2952	WMIC.exe
Token: SeLoadDriverPrivilege	2952	WMIC.exe
Token: SeSystemProfilePrivilege	2952	WMIC.exe
Token: SeSystemtimePrivilege	2952	WMIC.exe
Token: SeProfSingleProcessPrivilege	2952	WMIC.exe
Token: SeIncBasePriorityPrivilege	2952	WMIC.exe
Token: SeCreatePagefilePrivilege	2952	WMIC.exe
Token: SeBackupPrivilege	2952	WMIC.exe
Token: SeRestorePrivilege	2952	WMIC.exe
Token: SeShutdownPrivilege	2952	WMIC.exe
Token: SeDebugPrivilege	2952	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2952	WMIC.exe
Token: SeRemoteShutdownPrivilege	2952	WMIC.exe
Token: SeUndockPrivilege	2952	WMIC.exe
Token: SeManageVolumePrivilege	2952	WMIC.exe
Token: 33	2952	WMIC.exe
Token: 34	2952	WMIC.exe
Token: 35	2952	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2952	WMIC.exe
Token: SeSecurityPrivilege	2952	WMIC.exe
Token: SeTakeOwnershipPrivilege	2952	WMIC.exe
Token: SeLoadDriverPrivilege	2952	WMIC.exe
Token: SeSystemProfilePrivilege	2952	WMIC.exe
Token: SeSystemtimePrivilege	2952	WMIC.exe
Token: SeProfSingleProcessPrivilege	2952	WMIC.exe
Token: SeIncBasePriorityPrivilege	2952	WMIC.exe
Token: SeCreatePagefilePrivilege	2952	WMIC.exe
Token: SeBackupPrivilege	2952	WMIC.exe
Token: SeRestorePrivilege	2952	WMIC.exe
Token: SeShutdownPrivilege	2952	WMIC.exe
Token: SeDebugPrivilege	2952	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2952	WMIC.exe
Token: SeRemoteShutdownPrivilege	2952	WMIC.exe
Token: SeUndockPrivilege	2952	WMIC.exe
Token: SeManageVolumePrivilege	2952	WMIC.exe
Token: 33	2952	WMIC.exe
Token: 34	2952	WMIC.exe
Token: 35	2952	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2876	WMIC.exe
Token: SeSecurityPrivilege	2876	WMIC.exe
Token: SeTakeOwnershipPrivilege	2876	WMIC.exe
Token: SeLoadDriverPrivilege	2876	WMIC.exe
Token: SeSystemProfilePrivilege	2876	WMIC.exe
Token: SeSystemtimePrivilege	2876	WMIC.exe
Token: SeProfSingleProcessPrivilege	2876	WMIC.exe
Token: SeIncBasePriorityPrivilege	2876	WMIC.exe
Token: SeCreatePagefilePrivilege	2876	WMIC.exe
Token: SeBackupPrivilege	2876	WMIC.exe
Token: SeRestorePrivilege	2876	WMIC.exe
Token: SeShutdownPrivilege	2876	WMIC.exe
Token: SeDebugPrivilege	2876	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2876	WMIC.exe
Token: SeRemoteShutdownPrivilege	2876	WMIC.exe
Token: SeUndockPrivilege	2876	WMIC.exe
Token: SeManageVolumePrivilege	2876	WMIC.exe
Token: 33	2876	WMIC.exe
Token: 34	2876	WMIC.exe
Token: 35	2876	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2876	WMIC.exe
Token: SeSecurityPrivilege	2876	WMIC.exe
Token: SeTakeOwnershipPrivilege	2876	WMIC.exe
Token: SeLoadDriverPrivilege	2876	WMIC.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 2952	2304	cmd.exe	30
PID 2304 wrote to memory of 2952	2304	cmd.exe	30
PID 2304 wrote to memory of 2952	2304	cmd.exe	30
PID 2304 wrote to memory of 2876	2304	cmd.exe	32
PID 2304 wrote to memory of 2876	2304	cmd.exe	32
PID 2304 wrote to memory of 2876	2304	cmd.exe	32
PID 2304 wrote to memory of 3044	2304	cmd.exe	33
PID 2304 wrote to memory of 3044	2304	cmd.exe	33
PID 2304 wrote to memory of 3044	2304	cmd.exe	33
PID 2304 wrote to memory of 2372	2304	cmd.exe	34
PID 2304 wrote to memory of 2372	2304	cmd.exe	34
PID 2304 wrote to memory of 2372	2304	cmd.exe	34
PID 2304 wrote to memory of 2668	2304	cmd.exe	35
PID 2304 wrote to memory of 2668	2304	cmd.exe	35
PID 2304 wrote to memory of 2668	2304	cmd.exe	35

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\DriverFN_Cracked\Serials Checker\Serials Checker.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Windows\System32\Wbem\WMIC.exe
  wmic cpu get serialnumber
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2952
- C:\Windows\System32\Wbem\WMIC.exe
  wmic bios get serialnumber
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2876
- C:\Windows\System32\Wbem\WMIC.exe
  wmic baseboard get serialnumber
  2⤵
  PID:3044
- C:\Windows\System32\Wbem\WMIC.exe
  wmic path win32_computersystemproduct get uuid
  2⤵
  PID:2372
- C:\Windows\system32\getmac.exe
  getmac
  2⤵
  PID:2668

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads