Overview

overview

10

Static

static

SkyBlade/M...tle.js

windows10-2004_x64

1

SkyBlade/M...min.js

windows10-2004_x64

1

SkyBlade/M...rap.js

windows10-2004_x64

1

SkyBlade/M...min.js

windows10-2004_x64

1

SkyBlade/M...ter.js

windows10-2004_x64

1

SkyBlade/M...x.html

windows10-2004_x64

1

SkyBlade/M...dex.js

windows10-2004_x64

1

SkyBlade/M...min.js

windows10-2004_x64

1

SkyBlade/M...nav.js

windows10-2004_x64

1

SkyBlade/M...e.html

windows10-2004_x64

1

SkyBlade/M...o.html

windows10-2004_x64

1

SkyBlade/M...b.html

windows10-2004_x64

1

SkyBlade/M...s.html

windows10-2004_x64

1

SkyBlade/M...a.html

windows10-2004_x64

1

SkyBlade/M...e.html

windows10-2004_x64

1

SkyBlade/M...m.html

windows10-2004_x64

1

SkyBlade/M...t.html

windows10-2004_x64

1

SkyBlade/S...me.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    114s
  • max time network
    108s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    24-03-2022 15:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SkyBlade/ModTools/Scripts/TechnicalDocumentation/index.html

  • Size

    3KB

  • MD5

    f588e93768556e1043c11f1385056395

  • SHA1

    604cd2cc502d4d3e3d4fcd802e3f1b777b3f9294

  • SHA256

    35ecc9bc5fc2316732cfc2d53af352e150d39ec6f09ff575f1dec1aa23c48765

  • SHA512

    4b43e5e1171762caec221e21cda6a9001a96709dad23825f6bc07e3ae4204d964a6017f1ea15269f6e8772b1becd0a3cac37b7cc9d5e5cd4217ac721ee418827

Score
1/10

Malware Config

Signatures

  • Modifies Internet Explorer settings 1 TTPs 32 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\SkyBlade\ModTools\Scripts\TechnicalDocumentation\index.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2260
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2260 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1956

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    dbf72784fc2dad614fa8cac21cccbf74

    SHA1

    ef07eb1c2a31d64401e1a6b12b49e3b3a2b5d28e

    SHA256

    54ea764e102ff6ff8e07082da488bb5504a4fe5400fdbdccffab18d1aa313886

    SHA512

    0bbc2e638e39b3da131783bce54e36ff671f399775af8faa316d480edc4edb214f116c078577825d5cc29520f8d660469d5a4a5d5c73bbc86c3255e172508d70

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
    MD5

    430c6c5a84e5cc6140e605d04e329ab8

    SHA1

    94f50628622b2c4ce9b3cc2d3ef7c84aa15a168a

    SHA256

    d0bd860f1f2624281d60319234042742e15971e50c04ee36b02fccd347c5c627

    SHA512

    d4b8a115fe1ea69ee73a00a40eefbe283bce21e0d8ab9b220ea26c31c495573f785d0b902ccb8a8e2d5855293228f3e5a76ff7fc7e55931543687ce855cb76a2

    Download Submit