Analysis
-
max time kernel
51s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
13-11-2024 14:02
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
proxy's woofer/HWID Checker.bat
Resource
win7-20241010-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
proxy's woofer/HWID Checker.bat
Resource
win10v2004-20241007-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral3
Sample
proxy's woofer/Proxy's Spoofer V2.exe
Resource
win7-20240903-en
asyncratstormkittyxwormproxydefense_evasiondiscoveryevasionexecutionpersistenceprivilege_escalationratspywarestealertrojan
windows7-x64
48 signatures
150 seconds
Behavioral task
behavioral4
Sample
proxy's woofer/Proxy's Spoofer V2.exe
Resource
win10v2004-20241007-en
asyncratstormkittyxwormproxydefense_evasiondiscoveryevasionexecutionimpactpersistenceprivilege_escalationransomwareratspywarestealertrojan
windows10-2004-x64
54 signatures
150 seconds
General
-
Target
proxy's woofer/HWID Checker.bat
-
Size
1KB
-
MD5
b4ed08e55abc091d58a99bfcef1cffa2
-
SHA1
6bda510a1b877ca337c4653143d5de7316a502ca
-
SHA256
6351f92bd290ad479d1746f1083fa52bd75df3e7b4046694688ac9b4fd13f803
-
SHA512
888dd221195599042a1d5c12574137c66099c3610afee268886cdf0fd6568758cb2c06533f8e09c6be1266e0a4f1df3ede861f51e3bfa0dfd15bf57a566fb0a2
Score
1/10
Malware Config
Signatures
-
Delays execution with timeout.exe 1 IoCs
pid Process 628 timeout.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeIncreaseQuotaPrivilege 1492 WMIC.exe Token: SeSecurityPrivilege 1492 WMIC.exe Token: SeTakeOwnershipPrivilege 1492 WMIC.exe Token: SeLoadDriverPrivilege 1492 WMIC.exe Token: SeSystemProfilePrivilege 1492 WMIC.exe Token: SeSystemtimePrivilege 1492 WMIC.exe Token: SeProfSingleProcessPrivilege 1492 WMIC.exe Token: SeIncBasePriorityPrivilege 1492 WMIC.exe Token: SeCreatePagefilePrivilege 1492 WMIC.exe Token: SeBackupPrivilege 1492 WMIC.exe Token: SeRestorePrivilege 1492 WMIC.exe Token: SeShutdownPrivilege 1492 WMIC.exe Token: SeDebugPrivilege 1492 WMIC.exe Token: SeSystemEnvironmentPrivilege 1492 WMIC.exe Token: SeRemoteShutdownPrivilege 1492 WMIC.exe Token: SeUndockPrivilege 1492 WMIC.exe Token: SeManageVolumePrivilege 1492 WMIC.exe Token: 33 1492 WMIC.exe Token: 34 1492 WMIC.exe Token: 35 1492 WMIC.exe Token: 36 1492 WMIC.exe Token: SeIncreaseQuotaPrivilege 1492 WMIC.exe Token: SeSecurityPrivilege 1492 WMIC.exe Token: SeTakeOwnershipPrivilege 1492 WMIC.exe Token: SeLoadDriverPrivilege 1492 WMIC.exe Token: SeSystemProfilePrivilege 1492 WMIC.exe Token: SeSystemtimePrivilege 1492 WMIC.exe Token: SeProfSingleProcessPrivilege 1492 WMIC.exe Token: SeIncBasePriorityPrivilege 1492 WMIC.exe Token: SeCreatePagefilePrivilege 1492 WMIC.exe Token: SeBackupPrivilege 1492 WMIC.exe Token: SeRestorePrivilege 1492 WMIC.exe Token: SeShutdownPrivilege 1492 WMIC.exe Token: SeDebugPrivilege 1492 WMIC.exe Token: SeSystemEnvironmentPrivilege 1492 WMIC.exe Token: SeRemoteShutdownPrivilege 1492 WMIC.exe Token: SeUndockPrivilege 1492 WMIC.exe Token: SeManageVolumePrivilege 1492 WMIC.exe Token: 33 1492 WMIC.exe Token: 34 1492 WMIC.exe Token: 35 1492 WMIC.exe Token: 36 1492 WMIC.exe Token: SeIncreaseQuotaPrivilege 1920 WMIC.exe Token: SeSecurityPrivilege 1920 WMIC.exe Token: SeTakeOwnershipPrivilege 1920 WMIC.exe Token: SeLoadDriverPrivilege 1920 WMIC.exe Token: SeSystemProfilePrivilege 1920 WMIC.exe Token: SeSystemtimePrivilege 1920 WMIC.exe Token: SeProfSingleProcessPrivilege 1920 WMIC.exe Token: SeIncBasePriorityPrivilege 1920 WMIC.exe Token: SeCreatePagefilePrivilege 1920 WMIC.exe Token: SeBackupPrivilege 1920 WMIC.exe Token: SeRestorePrivilege 1920 WMIC.exe Token: SeShutdownPrivilege 1920 WMIC.exe Token: SeDebugPrivilege 1920 WMIC.exe Token: SeSystemEnvironmentPrivilege 1920 WMIC.exe Token: SeRemoteShutdownPrivilege 1920 WMIC.exe Token: SeUndockPrivilege 1920 WMIC.exe Token: SeManageVolumePrivilege 1920 WMIC.exe Token: 33 1920 WMIC.exe Token: 34 1920 WMIC.exe Token: 35 1920 WMIC.exe Token: 36 1920 WMIC.exe Token: SeIncreaseQuotaPrivilege 1920 WMIC.exe -
Suspicious use of WriteProcessMemory 14 IoCs
description pid Process procid_target PID 1020 wrote to memory of 1492 1020 cmd.exe 85 PID 1020 wrote to memory of 1492 1020 cmd.exe 85 PID 1020 wrote to memory of 1920 1020 cmd.exe 88 PID 1020 wrote to memory of 1920 1020 cmd.exe 88 PID 1020 wrote to memory of 3396 1020 cmd.exe 89 PID 1020 wrote to memory of 3396 1020 cmd.exe 89 PID 1020 wrote to memory of 2768 1020 cmd.exe 90 PID 1020 wrote to memory of 2768 1020 cmd.exe 90 PID 1020 wrote to memory of 2924 1020 cmd.exe 92 PID 1020 wrote to memory of 2924 1020 cmd.exe 92 PID 1020 wrote to memory of 4160 1020 cmd.exe 93 PID 1020 wrote to memory of 4160 1020 cmd.exe 93 PID 1020 wrote to memory of 628 1020 cmd.exe 95 PID 1020 wrote to memory of 628 1020 cmd.exe 95
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\proxy's woofer\HWID Checker.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:1020 -
C:\Windows\System32\Wbem\WMIC.exewmic diskdrive get serialnumber, manufacturer2⤵
- Suspicious use of AdjustPrivilegeToken
PID:1492
-
-
C:\Windows\System32\Wbem\WMIC.exewmic baseboard get serialnumber, manufacturer2⤵
- Suspicious use of AdjustPrivilegeToken
PID:1920
-
-
C:\Windows\System32\Wbem\WMIC.exewmic bios get serialnumber, manufacturer2⤵PID:3396
-
-
C:\Windows\System32\Wbem\WMIC.exewmic cpu get ProcessorId, manufacturer2⤵PID:2768
-
-
C:\Windows\System32\Wbem\WMIC.exewmic csproduct get uuid, IdentifyingNumber2⤵PID:2924
-
-
C:\Windows\system32\getmac.exegetmac2⤵PID:4160
-
-
C:\Windows\system32\timeout.exetimeout /t -012⤵
- Delays execution with timeout.exe
PID:628
-