6da4ea12dc68301c66e9ec188a97cd2bdc657e1970e33937e1df86ba3eb76d3d

Analysis

max time kernel
42s
max time network
37s
platform
windows10-2004_x64
resource
win10v2004-20250129-en
resource tags

arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
submitted
01-02-2025 11:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Timrex Perm/Timrex Perm/Serial checker/Timrex Serials.bat
Size

1KB
MD5

61642a48b84b0f8468ee36cf53cd07d8
SHA1

87117498362cb37d3cbdd2db9894f4d85a445dcd
SHA256

a1bea8a38f623f883dacbf4793c307d7a8347715a796ac93332cb3afb8188b6d
SHA512

3e1be534f810e87fa917f26e7797ef6adb3ec3c5572f6f1c74650449dbf22cd6bd4f6c39c4bab1ef1b13a4a67da9f0e461c6ec308cc1e55b8027d9830723271a

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	3476	WMIC.exe
Token: SeSecurityPrivilege	3476	WMIC.exe
Token: SeTakeOwnershipPrivilege	3476	WMIC.exe
Token: SeLoadDriverPrivilege	3476	WMIC.exe
Token: SeSystemProfilePrivilege	3476	WMIC.exe
Token: SeSystemtimePrivilege	3476	WMIC.exe
Token: SeProfSingleProcessPrivilege	3476	WMIC.exe
Token: SeIncBasePriorityPrivilege	3476	WMIC.exe
Token: SeCreatePagefilePrivilege	3476	WMIC.exe
Token: SeBackupPrivilege	3476	WMIC.exe
Token: SeRestorePrivilege	3476	WMIC.exe
Token: SeShutdownPrivilege	3476	WMIC.exe
Token: SeDebugPrivilege	3476	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3476	WMIC.exe
Token: SeRemoteShutdownPrivilege	3476	WMIC.exe
Token: SeUndockPrivilege	3476	WMIC.exe
Token: SeManageVolumePrivilege	3476	WMIC.exe
Token: 33	3476	WMIC.exe
Token: 34	3476	WMIC.exe
Token: 35	3476	WMIC.exe
Token: 36	3476	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3476	WMIC.exe
Token: SeSecurityPrivilege	3476	WMIC.exe
Token: SeTakeOwnershipPrivilege	3476	WMIC.exe
Token: SeLoadDriverPrivilege	3476	WMIC.exe
Token: SeSystemProfilePrivilege	3476	WMIC.exe
Token: SeSystemtimePrivilege	3476	WMIC.exe
Token: SeProfSingleProcessPrivilege	3476	WMIC.exe
Token: SeIncBasePriorityPrivilege	3476	WMIC.exe
Token: SeCreatePagefilePrivilege	3476	WMIC.exe
Token: SeBackupPrivilege	3476	WMIC.exe
Token: SeRestorePrivilege	3476	WMIC.exe
Token: SeShutdownPrivilege	3476	WMIC.exe
Token: SeDebugPrivilege	3476	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3476	WMIC.exe
Token: SeRemoteShutdownPrivilege	3476	WMIC.exe
Token: SeUndockPrivilege	3476	WMIC.exe
Token: SeManageVolumePrivilege	3476	WMIC.exe
Token: 33	3476	WMIC.exe
Token: 34	3476	WMIC.exe
Token: 35	3476	WMIC.exe
Token: 36	3476	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4316	WMIC.exe
Token: SeSecurityPrivilege	4316	WMIC.exe
Token: SeTakeOwnershipPrivilege	4316	WMIC.exe
Token: SeLoadDriverPrivilege	4316	WMIC.exe
Token: SeSystemProfilePrivilege	4316	WMIC.exe
Token: SeSystemtimePrivilege	4316	WMIC.exe
Token: SeProfSingleProcessPrivilege	4316	WMIC.exe
Token: SeIncBasePriorityPrivilege	4316	WMIC.exe
Token: SeCreatePagefilePrivilege	4316	WMIC.exe
Token: SeBackupPrivilege	4316	WMIC.exe
Token: SeRestorePrivilege	4316	WMIC.exe
Token: SeShutdownPrivilege	4316	WMIC.exe
Token: SeDebugPrivilege	4316	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4316	WMIC.exe
Token: SeRemoteShutdownPrivilege	4316	WMIC.exe
Token: SeUndockPrivilege	4316	WMIC.exe
Token: SeManageVolumePrivilege	4316	WMIC.exe
Token: 33	4316	WMIC.exe
Token: 34	4316	WMIC.exe
Token: 35	4316	WMIC.exe
Token: 36	4316	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4316	WMIC.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 3504 wrote to memory of 3476	3504	cmd.exe	86
PID 3504 wrote to memory of 3476	3504	cmd.exe	86
PID 3504 wrote to memory of 4316	3504	cmd.exe	88
PID 3504 wrote to memory of 4316	3504	cmd.exe	88
PID 3504 wrote to memory of 1284	3504	cmd.exe	90
PID 3504 wrote to memory of 1284	3504	cmd.exe	90
PID 3504 wrote to memory of 2100	3504	cmd.exe	91
PID 3504 wrote to memory of 2100	3504	cmd.exe	91
PID 3504 wrote to memory of 4572	3504	cmd.exe	92
PID 3504 wrote to memory of 4572	3504	cmd.exe	92
PID 3504 wrote to memory of 1524	3504	cmd.exe	93
PID 3504 wrote to memory of 1524	3504	cmd.exe	93
PID 3504 wrote to memory of 3120	3504	cmd.exe	94
PID 3504 wrote to memory of 3120	3504	cmd.exe	94
PID 3504 wrote to memory of 936	3504	cmd.exe	95
PID 3504 wrote to memory of 936	3504	cmd.exe	95

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Timrex Perm\Timrex Perm\Serial checker\Timrex Serials.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3504
- C:\Windows\System32\Wbem\WMIC.exe
  wmic diskdrive get serialnumber
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3476
- C:\Windows\System32\Wbem\WMIC.exe
  wmic baseboard get serialnumber
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4316
- C:\Windows\System32\Wbem\WMIC.exe
  wmic systemenclosure get serialnumber
  2⤵
  PID:1284
- C:\Windows\System32\Wbem\WMIC.exe
  wmic path win32_computersystemproduct get uuid
  2⤵
  PID:2100
- C:\Windows\System32\Wbem\WMIC.exe
  wmic bios get serialnumber
  2⤵
  PID:4572
- C:\Windows\System32\Wbem\WMIC.exe
  wmic cpu get serialnumber
  2⤵
  PID:1524
- C:\Windows\system32\reg.exe
  reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductID
  2⤵
  PID:3120
- C:\Windows\system32\getmac.exe
  getmac
  2⤵
  PID:936

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads