Overview
overview
10Static
static
SkyBlade/M...tle.js
windows10-2004_x64
1SkyBlade/M...min.js
windows10-2004_x64
1SkyBlade/M...rap.js
windows10-2004_x64
1SkyBlade/M...min.js
windows10-2004_x64
1SkyBlade/M...ter.js
windows10-2004_x64
1SkyBlade/M...x.html
windows10-2004_x64
1SkyBlade/M...dex.js
windows10-2004_x64
1SkyBlade/M...min.js
windows10-2004_x64
1SkyBlade/M...nav.js
windows10-2004_x64
1SkyBlade/M...e.html
windows10-2004_x64
1SkyBlade/M...o.html
windows10-2004_x64
1SkyBlade/M...b.html
windows10-2004_x64
1SkyBlade/M...s.html
windows10-2004_x64
1SkyBlade/M...a.html
windows10-2004_x64
1SkyBlade/M...e.html
windows10-2004_x64
1SkyBlade/M...m.html
windows10-2004_x64
1SkyBlade/M...t.html
windows10-2004_x64
1SkyBlade/S...me.exe
windows10-2004_x64
10Analysis
-
max time kernel
132s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20220310-en -
submitted
24-03-2022 15:54
Static task
static1
Behavioral task
behavioral1
Sample
SkyBlade/ModTools/CastleDB/castle.js
Resource
win10v2004-20220310-en
windows10-2004_x64
Behavioral task
behavioral2
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/bootstrap/js/bootstrap-select.min.js
Resource
win10v2004-en-20220113
windows10-2004_x64
Behavioral task
behavioral3
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/bootstrap/js/bootstrap.js
Resource
win10v2004-en-20220113
windows10-2004_x64
Behavioral task
behavioral4
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/bootstrap/js/bootstrap.min.js
Resource
win10v2004-20220310-en
windows10-2004_x64
Behavioral task
behavioral5
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/highlighter.js
Resource
win10v2004-en-20220113
windows10-2004_x64
Behavioral task
behavioral6
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/index.html
Resource
win10v2004-en-20220113
windows10-2004_x64
Behavioral task
behavioral7
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/index.js
Resource
win10v2004-en-20220113
windows10-2004_x64
Behavioral task
behavioral8
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/jquery-1.9.1.min.js
Resource
win10v2004-20220310-en
windows10-2004_x64
Behavioral task
behavioral9
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/nav.js
Resource
win10v2004-en-20220113
windows10-2004_x64
Behavioral task
behavioral10
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/ExitNode.html
Resource
win10v2004-en-20220113
windows10-2004_x64
Behavioral task
behavioral11
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/LevelInfo.html
Resource
win10v2004-20220310-en
windows10-2004_x64
Behavioral task
behavioral12
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/LevelMob.html
Resource
win10v2004-20220310-en
windows10-2004_x64
Behavioral task
behavioral13
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/LevelProps.html
Resource
win10v2004-20220310-en
windows10-2004_x64
Behavioral task
behavioral14
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/Meta.html
Resource
win10v2004-en-20220113
windows10-2004_x64
Behavioral task
behavioral15
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/RoomNode.html
Resource
win10v2004-en-20220113
windows10-2004_x64
Behavioral task
behavioral16
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/SeededRandom.html
Resource
win10v2004-en-20220113
windows10-2004_x64
Behavioral task
behavioral17
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/Struct.html
Resource
win10v2004-en-20220113
windows10-2004_x64
Behavioral task
behavioral18
Sample
SkyBlade/StartGame.exe
Resource
win10v2004-20220310-en
windows10-2004_x64
General
-
Target
SkyBlade/ModTools/Scripts/TechnicalDocumentation/bootstrap/js/bootstrap.min.js
-
Size
27KB
-
MD5
47d7deee36d6699afccf40741f45b228
-
SHA1
4d3e1a615349c7a0dea8e057b20db271a1afc5d4
-
SHA256
e530c947198bbfe4980daa799e9f23f94b2d46bd7a9163422a19be30a76ad4bf
-
SHA512
7392becfc608e3c0608b42956a0c17bb27c6fade0fb69dd44ac0207e0e27e37fd9869c22a5d050a9c5d212244eff2995bbbf6fb7055f1c964bfd43e45506a287
Malware Config
Signatures
-
Modifies data under HKEY_USERS 6 IoCs
Processes:
svchost.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{D6D5A677-0872-4AB0-9442-BB792FCE85C5}\DeviceId = "0018400665F7ED28" svchost.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{D6D5A677-0872-4AB0-9442-BB792FCE85C5}\ApplicationFlags = "1" svchost.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\IdentityCRL\Immersive\production\Property svchost.exe Set value (data) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property\0018400665F7ED28 = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb01000000d79ef4adb8e2df4e96c16fb9ef12577e00000000020000000000106600000001000020000000732fbbacb57532dfbb33e55f7a6ca36242b55935d3608839d94d895deeb9e680000000000e80000000020000200000009e0c959868d30b14062c7de84fd1473c85b6593d2b89262ffc77f28352564a9d800000009a6e7cd304c8db32b94b6705e9e58b901c543dd7b4722db6d1171e078a8caf2476effeb792dc25269d69003d84665a1f606e90f7bdc7d186bcf4c357a18d216aa55eeea09ab8a09c8d1182d4aee7634201ade8f768b230cc4414fdb5a5afd49b88571f3a6d754dc7b35c46d4a0cc5b465aabc36500430353d84e6d18e7828c1c400000001eb07de78bc6daea7f5174ba3119956626a00daf76164424378d74323731e7abc752796daf5a8fb504780c5792c845c51669c948419ac933aeec852fdbbd2d6f svchost.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\IdentityCRL\Immersive\production\Token\{D6D5A677-0872-4AB0-9442-BB792FCE85C5} svchost.exe Set value (data) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{D6D5A677-0872-4AB0-9442-BB792FCE85C5}\DeviceTicket = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb01000000d79ef4adb8e2df4e96c16fb9ef12577e00000000020000000000106600000001000020000000f05664fb8f9256408fad76693609e7967edd4121ddde23a9f531753b1814dffb000000000e80000000020000200000001e64939752130c6ea8a6872c5e41f16eb733c65cadb12f5c0fcee19fdb4c40e7100d000019e51d0049568a045972f99944e4b0d031c8a0d7860db8325408dd9d020643e70758bd83f8ea27dca3e642361f531dd334790d50a8e3db7ef612b5b6833b404cbe7c1d529a0964103f31a94e398e2e689d788bd6e544de3faee50b99d1cf65b3e03d223fcf21b80a3855112a970c87acd86fd426a3572ed905df479b9dcd8e9807d0df800601c24ed02afb4a00d46930be4006a24dd7fe961ac80449bb2731b58410257234cf9a31fb0c1a3cd440d612db6a5e2ed2ea838e697384ee5fed6ab4088571f7779ebbb415782683dbfa554998a6e830b45fec47ff3e36225e28c41373889bb49e027675991dccf944b027c357f48d44904728da11b7ad61b995ab9499d7656ec961bd3b3cb8fed972d8d095ae157e8b05024fa7d402d3f308af659831c7c70138eca3ba25b203d30c503b57785676481595632be2db032c18ff41459f9400fa04ad2f88e9d7776eb67938b8fb3630f57984a349dc61824fc02aa02c54c39ca063f23e552f05ae6e16b6fffe8571d7db7ee3574a4ee04f47b72c9acbaeb308ebabb3b4097e107f9c30b1cd8037b94c4bda86d2200674a9da9ceedac72d7a4fc68ca497e3a74a08c21b70815c938876b80a4f4b0835257cf593fd4fee8b47d678773e2592b0065f1760dce79f8210d256e1d219763d7711dcc1918d2832b08819cff62866a0cb062c1d86c49b234ce65eb64929a6551008196bc6d2751988c5840e6ed8ba7edddca66f3f09282e7de19e69894cfad253ad108b136f0db61682adc93e4ad43b7dfa59bca237f7a5b7acdb8f86023abe1242079a6e35ca611c0cfa7f46eafccab995322fdcef5b260b29c6378b656a3ce6b711bf33810ef5877ecef563e97f1c1dfb8dd2b0e62beb63061644b337ad59d870a94b59e98f838f70961b285dd7fdf6ec6a366272a27181023a590d6bceab7b94b0156b59f4886c29e4fca170625df35ac79f33a17012687e62219bc507a506628af01c054b18e3e4b5a16f7ce997dcc183b7c9fcc1112c2f53941c434326ab355681c8b8be876205fcd6995d267fda14fd4b42c79baf6d45f25b48f4c2ebdb0283dde0d1fba811fadbce6f3737fe2b1416c3ed80723c3bd635190ed766ad86c35bfa052c7fa3f868a0c070381dc23777263bf5a2710b2621daf08ea0807afb71e1e6ab1c68d66806ba9c1f6acc26f8bf67e0e9fc0db94f83a364c7bb1594d359a1822c8facff84c5e2b2079e89403d2790779ff8d1b24cbdc4789706910b6b541bf1be99d0cfb5a0385a5fbb4593c07fe14a4082bb8307eb728ad0083a518a449cb2e48ee586636df8a20a34377b433c5c244cce05a4015c3b47dcf7a10cef6f0ecea83d0b25c0632973e660076a08976a73b3cc689691f2ca238f4b016eb756146cd26ba170fb45879ebaf3f335f698cb4081bbb4cc45b8ef679c33391d25fa3670b3cfdf64b6414b7b82ecec184213eb4be5232325158202358d712dd731939bf396b86c5b357a53caf78ee4a061d25ad59fd20b5c98cd5216ccf2a24fe597f751184b973e11fc2c96cb84c7d19e1689b6883b633ba84ae31cb3b1053666c8289e081c2d352bcd64feec9ee7d650a52d3479239a9de08d7537489dd45c7b7a4eb1e80aad7615a7a6f5339d36407d38a7dbccf49668a6c0d112214b3b8eab5a127dedf45dfb0dabf9a905471caabfcdc9ffb08eecee48956be897ce0e2517596ea0d938bdc9221ee5bb2c4ae699acc2420b879c1549a93a623a130b7de6cc4ef37eaec1d9c52b2cc3d5f81ab9730c68ef9de7b71cee0670b03cb61eb47af30b62287c75dc2d71f5785a5c73ca2ea84e3332f5d4417047cc15be03e56a3aa6ef638f3fe954b65c024f160716f384f22cc72ec5c1218819f58354c6fcd91612d331f1ee26fc838d760ec4c61a1861d7eb7a90ca29ec16f0bfc4fa37cabcf54b5579f8b1f893825efefa7e095b5b4f2c9b6107a7551a80e4fbe09410820ac6b17cf97580ea0f51bc7476232ba20a4c7175ecdeedf98194240a879547da9021d335c5f225140cb1adb05c968a3a9db56c726354f148bca2921ef1a9c48f298da25de3982e0b10c736ff23ed111fde5c43877c53f6824d12fae7477799366c4601eee25317a00ee2f710edb251e8f1f7042779489c99ee0a85c044d0be4bc6f2d581675128dd72a28e6c5b0b2d6695023a672a07340278ff1a2fcd822a1a3e6857920595224ae7cbdefe4e9450eeb015e095005b11a57f11ddbbc59f2edaa29da3292e9fd9e75c4ce81603cd61475160402c769fcbf1c2af736a373406d5ce936f50b08a26869446b2d2f26fe6fc3cc94766f85b4eb924d605099bd85f18ce080e56d186efeb0ca332e6cb3c1b30f4b33e9b9936a5adcc594d4acdeb2105c203094d8f48d82c9251c73c39a8e243624963e8146f03edd8608ed899828bd01750d8bc3a69173227ffebe1c988775345ee26961b2a26a703a59596dca7d234144834acd6df7ceb56b1f9628b40e04af155716a8e0676744093ca07da21034016c3276cdb61b363b63685282e5d1b3a04ad668f5c53024258de038b313a1f3600c315141cd088633dc639433707227988339123b3cba608ad2de0d7c66551c221b39bd8896bceb2c77a3b0051dbc99b6fe87b429729d9a4d7e03972af67f73353feaa28ee0960b7ab0c17b588f5143857d42369023f2fc662ab08e56255fd5a8efbfd67965b3de028311cc2f1f5230a5e1f01ea90bd2786b6f1e7ea579acd047934c450e01b6ab039bbe5c8f2a4141da93cb30070a6eb6ebfdbc631ab61b79e505aba10a2ba6767546d863495a205da4ee7c9a1e2a6dd6db84b936835aa8d556e8908c6c4752433ef0cf755e5300fae087bd8447ec95d0edeb27b5eba597f4594ef7aab32ceec3c9f0e7364a5796ef7a714f183d87ce6db02b484533c9df4c1ecad5abdd4fd21aceec7042d00fbcab8caf345c5ca6f9780a4fb9aa2e94f540a8adb73b7504bfdae08d94e2e345433653bf322c42b84aaec36494c6f2f00bf8878c9ccf22f8a2bddeddc117811b157369b8d5b4a58dd35befb8d74a155faf69ffd187c00d45cc598ffb930e320842d48c3543127bfe88b5bc5f4b8c3e6987712c9aac498268fe315e49d9f9ca09c3f7020d41a0d629868c6bfe8acaf2bbdd70926c23d1e07f42b1f5a4823773dfb5453a76df8f49c7472b2c88982dc85164540f694979da970f701ef787eef09ebaebd16843ad618062fdec7072d0126cff819900e2a9274da5a162f5aa4eabf4a92627a74b2d7fec4a283757261622820ff282849ebed45cd33bd21009798f1b451657377eb67e73eb180169d98757c8587d55e1eddc099e7277b575e95c5a0939e3cf800ff5c6f2c103bf55c33bb8bf789aa43e17fc092c1b434d401da03852ad71d9a3c9ca9db6f08f3cc71dd17eebe2e9d89b2f89ed037103e8d46659ab18a37382080a750e4fe67c7d2b9d9abe734f1acb8b5bec625d3319706f4b6c51b987ebfe4a5f4f1c9db7cf6600e7643d72444be86d39ef7d66c0b63f7ac07de9ef19e018835a61f470ea0dc6fc235154883599a6f9a90c136582010f61c19511694360ef81bc4034f11fc27c167b03fae0ac226f94feba650e762ca96dd0bd8e06328fe06fe4cb5024b7598a5c58a3a0f2fa1d7eab15d6dc4a6ddb2c3d3a256e4eece1c843817084fbe5c5d54513e7bb2ac5def93e1ffef6a10e0efed9f5e5147bceb61a165a0822736d2dea6a92fe84a428db7bbcfc11a6a142d66e1c203e9d647947333632ffbf5b83bb70adc6a5cf9fddb75d2947368b761f38e4a51bdf7bd4dffcef7f30797025c50ea2598907efc7f6a1b85fb0cc288453804c63cd7381f6c56d215873a5ae60fe80ed4381b4d26bfed3ab3834c57d447b29aac9ef38c920ec21b717bb254ecd1d741e248a4a13c9547bd1745d2947c0617bd496e6cfe1020446d2ef316ce4eaadbf30a90c65e96ce2bd02eb445feadf2eb0e0f3a9ac75f03cc152440acd16c6518563c6409c7d3f98bd245c7d033566a4e0fe6c4cb5324a8bfd009e4550eba56c7c8a1546e1d79416d09938feda88be36b45ee8e59198575dcc1a781864a74c7feb4dd04c9e06f48a7cf18206e937d001d679f5444a9f4b1ff81db42bb30148a462c89486d2b884f453335855a087fc8c8a030776aef2501874268c1b72d7b28f298acfa8422857e2064016869e72703a5f7910e5c9a8d98c6ece88c7b2692b2d00649b7542e24295228f9b512e676a665a0e22a7bce603ada72638457334476d5bf070c584b2950bade71e74e7d7cee49c11203e579e886ada618b1f5122232f38138e12278cf01ee43520c262547259859aff76de290933e7bf0bf35f314170be4e9783e3682dcb16c496e392a0e156478beb5230ccd2d7744f4170ee85c08b8712e9b3aedd800b4116db121bc9790aaf564701577096e917c81ec7f00f49f51396ecebbd92dfcc98e7b3108290109eebeb85df63f625740278018f38de4c3c0c42d5272b1ba9bf87fec426093d0f66b41a9fd463eae8792c70720d94c160079c8b7b4960163c30923fcc5b507a07da9e358a02ec3e453ec51584dd802998d54781a858913d3d53b534345d47a624c93cde28ee192c92b1236d0cfc6cef74f5606b746c838de1564a977c519d0783e7dd990aa20900348ba6130809df657a5f8fa563ec93b6664f1b7fd1c42c09d69572225f8bb0ca0d549a3990a29f03e8459517d40000000832400fa256506c913b22bd563505676d834c0f6dce95810b204b215a11074f499cc7f842781a2e48c1ed02270425e650e476f08e38ada912164a7818eb74a84 svchost.exe
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\SkyBlade\ModTools\Scripts\TechnicalDocumentation\bootstrap\js\bootstrap.min.js1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager1⤵
- Modifies data under HKEY_USERS