95978fcb67a1110a96f207d752ed46ef5fe0a150247ddd043bc5ae6ed67fc4ac

Analysis

max time kernel
421s
max time network
430s
platform
windows10-2004_x64
resource
win10v2004-20241007-fr
resource tags

arch:x64arch:x86image:win10v2004-20241007-frlocale:fr-fros:windows10-2004-x64systemwindows
submitted
01-01-2025 13:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

spoofer/Serials_Checker.bat
Size

771B
MD5

f7f6aab3d1c377eb69e9b786cd22a50b
SHA1

e6f9c2b61c6df03bd3818ede183b6aacdfafa1ba
SHA256

f95d45eb40e7e4ce5f81c5cfca4232d81e9210a3b6743bbe196b4443cf5783d9
SHA512

9322513e26aab226ca9a35e5bc3793a9f580712be284970d381917f0f953b95587707d37e4a09927db97149f5310b73be0dc46262be83b53205ef4ddf4778b8a

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	956	WMIC.exe
Token: SeSecurityPrivilege	956	WMIC.exe
Token: SeTakeOwnershipPrivilege	956	WMIC.exe
Token: SeLoadDriverPrivilege	956	WMIC.exe
Token: SeSystemProfilePrivilege	956	WMIC.exe
Token: SeSystemtimePrivilege	956	WMIC.exe
Token: SeProfSingleProcessPrivilege	956	WMIC.exe
Token: SeIncBasePriorityPrivilege	956	WMIC.exe
Token: SeCreatePagefilePrivilege	956	WMIC.exe
Token: SeBackupPrivilege	956	WMIC.exe
Token: SeRestorePrivilege	956	WMIC.exe
Token: SeShutdownPrivilege	956	WMIC.exe
Token: SeDebugPrivilege	956	WMIC.exe
Token: SeSystemEnvironmentPrivilege	956	WMIC.exe
Token: SeRemoteShutdownPrivilege	956	WMIC.exe
Token: SeUndockPrivilege	956	WMIC.exe
Token: SeManageVolumePrivilege	956	WMIC.exe
Token: 33	956	WMIC.exe
Token: 34	956	WMIC.exe
Token: 35	956	WMIC.exe
Token: 36	956	WMIC.exe
Token: SeIncreaseQuotaPrivilege	956	WMIC.exe
Token: SeSecurityPrivilege	956	WMIC.exe
Token: SeTakeOwnershipPrivilege	956	WMIC.exe
Token: SeLoadDriverPrivilege	956	WMIC.exe
Token: SeSystemProfilePrivilege	956	WMIC.exe
Token: SeSystemtimePrivilege	956	WMIC.exe
Token: SeProfSingleProcessPrivilege	956	WMIC.exe
Token: SeIncBasePriorityPrivilege	956	WMIC.exe
Token: SeCreatePagefilePrivilege	956	WMIC.exe
Token: SeBackupPrivilege	956	WMIC.exe
Token: SeRestorePrivilege	956	WMIC.exe
Token: SeShutdownPrivilege	956	WMIC.exe
Token: SeDebugPrivilege	956	WMIC.exe
Token: SeSystemEnvironmentPrivilege	956	WMIC.exe
Token: SeRemoteShutdownPrivilege	956	WMIC.exe
Token: SeUndockPrivilege	956	WMIC.exe
Token: SeManageVolumePrivilege	956	WMIC.exe
Token: 33	956	WMIC.exe
Token: 34	956	WMIC.exe
Token: 35	956	WMIC.exe
Token: 36	956	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2524	WMIC.exe
Token: SeSecurityPrivilege	2524	WMIC.exe
Token: SeTakeOwnershipPrivilege	2524	WMIC.exe
Token: SeLoadDriverPrivilege	2524	WMIC.exe
Token: SeSystemProfilePrivilege	2524	WMIC.exe
Token: SeSystemtimePrivilege	2524	WMIC.exe
Token: SeProfSingleProcessPrivilege	2524	WMIC.exe
Token: SeIncBasePriorityPrivilege	2524	WMIC.exe
Token: SeCreatePagefilePrivilege	2524	WMIC.exe
Token: SeBackupPrivilege	2524	WMIC.exe
Token: SeRestorePrivilege	2524	WMIC.exe
Token: SeShutdownPrivilege	2524	WMIC.exe
Token: SeDebugPrivilege	2524	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2524	WMIC.exe
Token: SeRemoteShutdownPrivilege	2524	WMIC.exe
Token: SeUndockPrivilege	2524	WMIC.exe
Token: SeManageVolumePrivilege	2524	WMIC.exe
Token: 33	2524	WMIC.exe
Token: 34	2524	WMIC.exe
Token: 35	2524	WMIC.exe
Token: 36	2524	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2524	WMIC.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 4076 wrote to memory of 2872	4076	cmd.exe	84
PID 4076 wrote to memory of 2872	4076	cmd.exe	84
PID 4076 wrote to memory of 956	4076	cmd.exe	85
PID 4076 wrote to memory of 956	4076	cmd.exe	85
PID 4076 wrote to memory of 2524	4076	cmd.exe	87
PID 4076 wrote to memory of 2524	4076	cmd.exe	87
PID 4076 wrote to memory of 468	4076	cmd.exe	88
PID 4076 wrote to memory of 468	4076	cmd.exe	88
PID 4076 wrote to memory of 1992	4076	cmd.exe	89
PID 4076 wrote to memory of 1992	4076	cmd.exe	89
PID 4076 wrote to memory of 396	4076	cmd.exe	90
PID 4076 wrote to memory of 396	4076	cmd.exe	90
PID 4076 wrote to memory of 3268	4076	cmd.exe	91
PID 4076 wrote to memory of 3268	4076	cmd.exe	91
PID 4076 wrote to memory of 1488	4076	cmd.exe	92
PID 4076 wrote to memory of 1488	4076	cmd.exe	92

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\spoofer\Serials_Checker.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4076
- C:\Windows\system32\mode.com
  mode con: cols=90 lines=40
  2⤵
  PID:2872
- C:\Windows\System32\Wbem\WMIC.exe
  wmic bios get serialnumber
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:956
- C:\Windows\System32\Wbem\WMIC.exe
  wmic csproduct get uuid
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2524
- C:\Windows\System32\Wbem\WMIC.exe
  wmic cpu get serialnumber
  2⤵
  PID:468
- C:\Windows\System32\Wbem\WMIC.exe
  wmic diskdrive get serialnumber
  2⤵
  PID:1992
- C:\Windows\System32\Wbem\WMIC.exe
  wmic baseboard get serialnumber
  2⤵
  PID:396
- C:\Windows\System32\Wbem\WMIC.exe
  wmic path Win32_NetworkAdapter where "PNPDeviceID like '%PCI%' AND NetConnectionStatus=2 AND AdapterTypeID='0'" get MacAddress
  2⤵
  PID:3268
- C:\Windows\System32\Wbem\WMIC.exe
  wmic PATH Win32_VideoController GET Description,PNPDeviceID
  2⤵
  PID:1488

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads