Overview

overview

10

Static

static

SkyBlade/M...tle.js

windows10-2004_x64

1

SkyBlade/M...min.js

windows10-2004_x64

1

SkyBlade/M...rap.js

windows10-2004_x64

1

SkyBlade/M...min.js

windows10-2004_x64

1

SkyBlade/M...ter.js

windows10-2004_x64

1

SkyBlade/M...x.html

windows10-2004_x64

1

SkyBlade/M...dex.js

windows10-2004_x64

1

SkyBlade/M...min.js

windows10-2004_x64

1

SkyBlade/M...nav.js

windows10-2004_x64

1

SkyBlade/M...e.html

windows10-2004_x64

1

SkyBlade/M...o.html

windows10-2004_x64

1

SkyBlade/M...b.html

windows10-2004_x64

1

SkyBlade/M...s.html

windows10-2004_x64

1

SkyBlade/M...a.html

windows10-2004_x64

1

SkyBlade/M...e.html

windows10-2004_x64

1

SkyBlade/M...m.html

windows10-2004_x64

1

SkyBlade/M...t.html

windows10-2004_x64

1

SkyBlade/S...me.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    116s
  • max time network
    177s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    24-03-2022 15:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/Struct.html

  • Size

    22KB

  • MD5

    8109e500d198e7ec31184f32430282b0

  • SHA1

    4763248cae5e6e45057eabd03d1d6f20c6d35fb3

  • SHA256

    80064bacd435d4aa4b924f63b9fa93602e175989bc0367fe461d00c78c6ca5e9

  • SHA512

    7153f4c9b8ccd1979e38ae090933f89ddedbe6f3b60cf22d85c172b3c104487ca72097ef8efbed0eb5473de1e67f411f6277f8c82a5dc607273df02c9490946f

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\SkyBlade\ModTools\Scripts\TechnicalDocumentation\tool\mod\script\Struct.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3048
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:4376

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    MD5

    f7dcb24540769805e5bb30d193944dce

    SHA1

    e26c583c562293356794937d9e2e6155d15449ee

    SHA256

    6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea

    SHA512

    cb5ad678b0ef642bf492f32079fe77e8be20c02de267f04b545df346b25f3e4eb98bb568c4c2c483bb88f7d1826863cb515b570d620766e52476c8ee2931ea94

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\69C6F6EC64E114822DF688DC12CDD86C
    MD5

    752f7e9c909981309db9dd655ce8e7ff

    SHA1

    efbbe41bf3cbfcf928c4cfeba151468031236f85

    SHA256

    a491d68517714e98220dff17e90b91966b2f97092d8ca4de460601cbec230f95

    SHA512

    f465f78989b17dfb3ff1423cf5c508bc24472467c3aff2cc965a0d21fb03d0810a90299b1b31fa2c767b22543dc4227a380d031154135023a05fab9033671f00

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
    MD5

    333a2fd8bcf8751483a130e50af8fba8

    SHA1

    4c5c46eded249827347d249d0714fb58c36a17b9

    SHA256

    720cd0ee7f94ed7dfaaf3a61cd1a409f35a98d649fc4796b0b509c2e3cf92c93

    SHA512

    952d15dcffcb6bffa62b8e25e8606925d4f494ba316d8d128782eb795ab47e25bf0730938902ee2cc6a5f0a7227586d42e2ad83fe9b9bb9c9d9672830fa80418

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\69C6F6EC64E114822DF688DC12CDD86C
    MD5

    fb26c238739590db4654f5aee774f435

    SHA1

    5dab901ce4d96059de9e73fd5d1556ee5b6e580e

    SHA256

    d88982d588cb7b69e69b9e0c965dc75615ad244228fa7cfd15629294c3c695b8

    SHA512

    5451e26adde5600cf21869b02841d24f63e541d64f991dd7acea6d0afad8634d6026d62825c238a0e6aa6fb5a64db9ed13e15a94d5e883ff038389e2ed4c0865

    Download Submit