838ca1cdcb23140679f6bf04273976d9e736a7cb0ef23adccba727f741585fe7

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Veax Free/serial.bat
Size

496B
MD5

7a5d295e468a75dd7272c7642b1a269f
SHA1

efaf4e7994cb38ea78aceed95b00cac1918984d0
SHA256

230e6a26c9feabb1d82f27845290942db22fbe2877faf05c093bc139edeeb7f0
SHA512

f23b628243601e1c3a9014dd3c735188be6b669be1772d39acbdb9f63486ceb2b374989f7e39bf8d04391d6f977d0e064ac79b263a0ff4e76a775e323f052b64

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

WMIC.exeWMIC.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	3528	WMIC.exe
Token: SeSecurityPrivilege	3528	WMIC.exe
Token: SeTakeOwnershipPrivilege	3528	WMIC.exe
Token: SeLoadDriverPrivilege	3528	WMIC.exe
Token: SeSystemProfilePrivilege	3528	WMIC.exe
Token: SeSystemtimePrivilege	3528	WMIC.exe
Token: SeProfSingleProcessPrivilege	3528	WMIC.exe
Token: SeIncBasePriorityPrivilege	3528	WMIC.exe
Token: SeCreatePagefilePrivilege	3528	WMIC.exe
Token: SeBackupPrivilege	3528	WMIC.exe
Token: SeRestorePrivilege	3528	WMIC.exe
Token: SeShutdownPrivilege	3528	WMIC.exe
Token: SeDebugPrivilege	3528	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3528	WMIC.exe
Token: SeRemoteShutdownPrivilege	3528	WMIC.exe
Token: SeUndockPrivilege	3528	WMIC.exe
Token: SeManageVolumePrivilege	3528	WMIC.exe
Token: 33	3528	WMIC.exe
Token: 34	3528	WMIC.exe
Token: 35	3528	WMIC.exe
Token: 36	3528	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3528	WMIC.exe
Token: SeSecurityPrivilege	3528	WMIC.exe
Token: SeTakeOwnershipPrivilege	3528	WMIC.exe
Token: SeLoadDriverPrivilege	3528	WMIC.exe
Token: SeSystemProfilePrivilege	3528	WMIC.exe
Token: SeSystemtimePrivilege	3528	WMIC.exe
Token: SeProfSingleProcessPrivilege	3528	WMIC.exe
Token: SeIncBasePriorityPrivilege	3528	WMIC.exe
Token: SeCreatePagefilePrivilege	3528	WMIC.exe
Token: SeBackupPrivilege	3528	WMIC.exe
Token: SeRestorePrivilege	3528	WMIC.exe
Token: SeShutdownPrivilege	3528	WMIC.exe
Token: SeDebugPrivilege	3528	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3528	WMIC.exe
Token: SeRemoteShutdownPrivilege	3528	WMIC.exe
Token: SeUndockPrivilege	3528	WMIC.exe
Token: SeManageVolumePrivilege	3528	WMIC.exe
Token: 33	3528	WMIC.exe
Token: 34	3528	WMIC.exe
Token: 35	3528	WMIC.exe
Token: 36	3528	WMIC.exe
Token: SeIncreaseQuotaPrivilege	888	WMIC.exe
Token: SeSecurityPrivilege	888	WMIC.exe
Token: SeTakeOwnershipPrivilege	888	WMIC.exe
Token: SeLoadDriverPrivilege	888	WMIC.exe
Token: SeSystemProfilePrivilege	888	WMIC.exe
Token: SeSystemtimePrivilege	888	WMIC.exe
Token: SeProfSingleProcessPrivilege	888	WMIC.exe
Token: SeIncBasePriorityPrivilege	888	WMIC.exe
Token: SeCreatePagefilePrivilege	888	WMIC.exe
Token: SeBackupPrivilege	888	WMIC.exe
Token: SeRestorePrivilege	888	WMIC.exe
Token: SeShutdownPrivilege	888	WMIC.exe
Token: SeDebugPrivilege	888	WMIC.exe
Token: SeSystemEnvironmentPrivilege	888	WMIC.exe
Token: SeRemoteShutdownPrivilege	888	WMIC.exe
Token: SeUndockPrivilege	888	WMIC.exe
Token: SeManageVolumePrivilege	888	WMIC.exe
Token: 33	888	WMIC.exe
Token: 34	888	WMIC.exe
Token: 35	888	WMIC.exe
Token: 36	888	WMIC.exe
Token: SeIncreaseQuotaPrivilege	888	WMIC.exe

Suspicious use of WriteProcessMemory 24 IoCs

Processes:

cmd.exe

description	pid	process	target process
PID 3476 wrote to memory of 3528	3476	cmd.exe	WMIC.exe
PID 3476 wrote to memory of 3528	3476	cmd.exe	WMIC.exe
PID 3476 wrote to memory of 888	3476	cmd.exe	WMIC.exe
PID 3476 wrote to memory of 888	3476	cmd.exe	WMIC.exe
PID 3476 wrote to memory of 672	3476	cmd.exe	WMIC.exe
PID 3476 wrote to memory of 672	3476	cmd.exe	WMIC.exe
PID 3476 wrote to memory of 2572	3476	cmd.exe	WMIC.exe
PID 3476 wrote to memory of 2572	3476	cmd.exe	WMIC.exe
PID 3476 wrote to memory of 1856	3476	cmd.exe	WMIC.exe
PID 3476 wrote to memory of 1856	3476	cmd.exe	WMIC.exe
PID 3476 wrote to memory of 4056	3476	cmd.exe	getmac.exe
PID 3476 wrote to memory of 4056	3476	cmd.exe	getmac.exe
PID 3476 wrote to memory of 2852	3476	cmd.exe	WMIC.exe
PID 3476 wrote to memory of 2852	3476	cmd.exe	WMIC.exe
PID 3476 wrote to memory of 860	3476	cmd.exe	WMIC.exe
PID 3476 wrote to memory of 860	3476	cmd.exe	WMIC.exe
PID 3476 wrote to memory of 3300	3476	cmd.exe	WMIC.exe
PID 3476 wrote to memory of 3300	3476	cmd.exe	WMIC.exe
PID 3476 wrote to memory of 3224	3476	cmd.exe	WMIC.exe
PID 3476 wrote to memory of 3224	3476	cmd.exe	WMIC.exe
PID 3476 wrote to memory of 5112	3476	cmd.exe	WMIC.exe
PID 3476 wrote to memory of 5112	3476	cmd.exe	WMIC.exe
PID 3476 wrote to memory of 536	3476	cmd.exe	getmac.exe
PID 3476 wrote to memory of 536	3476	cmd.exe	getmac.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Veax Free\serial.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:3476

C:\Windows\System32\Wbem\WMIC.exe
wmic diskdrive get model, serialnumber
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:3528

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get serialnumber
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:888

C:\Windows\System32\Wbem\WMIC.exe
wmic bios get serialnumber
2⤵
PID:672

C:\Windows\System32\Wbem\WMIC.exe
wmic baseboard get serialnumber
2⤵
PID:2572

C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_computersystemproduct get uuid
2⤵
PID:1856

C:\Windows\system32\getmac.exe
getmac
2⤵
PID:4056

C:\Windows\System32\Wbem\WMIC.exe
wmic diskdrive get model, serialnumber
2⤵
PID:2852

C:\Windows\System32\Wbem\WMIC.exe
wmic cpu get serialnumber
2⤵
PID:860

C:\Windows\System32\Wbem\WMIC.exe
wmic bios get serialnumber
2⤵
PID:3300

C:\Windows\System32\Wbem\WMIC.exe
wmic baseboard get serialnumber
2⤵
PID:3224

C:\Windows\System32\Wbem\WMIC.exe
wmic path win32_computersystemproduct get uuid
2⤵
PID:5112

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads