Overview
overview
10Static
static
SkyBlade/M...ter.js
windows7_x64
1SkyBlade/M...ter.js
windows10-2004_x64
1SkyBlade/M...x.html
windows7_x64
1SkyBlade/M...x.html
windows10-2004_x64
1SkyBlade/M...dex.js
windows7_x64
1SkyBlade/M...dex.js
windows10-2004_x64
1SkyBlade/M...nav.js
windows7_x64
1SkyBlade/M...nav.js
windows10-2004_x64
1SkyBlade/M...e.html
windows7_x64
1SkyBlade/M...e.html
windows10-2004_x64
1SkyBlade/M...o.html
windows7_x64
1SkyBlade/M...o.html
windows10-2004_x64
1SkyBlade/M...b.html
windows7_x64
1SkyBlade/M...b.html
windows10-2004_x64
1SkyBlade/M...s.html
windows7_x64
1SkyBlade/M...s.html
windows10-2004_x64
1SkyBlade/M...a.html
windows7_x64
1SkyBlade/M...a.html
windows10-2004_x64
1SkyBlade/M...m.html
windows7_x64
1SkyBlade/M...m.html
windows10-2004_x64
1SkyBlade/M...t.html
windows7_x64
1SkyBlade/M...t.html
windows10-2004_x64
1SkyBlade/S...me.exe
windows7_x64
SkyBlade/S...me.exe
windows10-2004_x64
10Analysis
-
max time kernel
132s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-en-20220113 -
submitted
14-04-2022 13:39
Static task
static1
Behavioral task
behavioral1
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/highlighter.js
Resource
win7-20220310-en
windows7_x64
Behavioral task
behavioral2
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/highlighter.js
Resource
win10v2004-en-20220113
windows10-2004_x64
Behavioral task
behavioral3
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/index.html
Resource
win7-20220311-en
windows7_x64
Behavioral task
behavioral4
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/index.html
Resource
win10v2004-en-20220113
windows10-2004_x64
Behavioral task
behavioral5
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/index.js
Resource
win7-20220311-en
windows7_x64
Behavioral task
behavioral6
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/index.js
Resource
win10v2004-20220310-en
windows10-2004_x64
Behavioral task
behavioral7
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/nav.js
Resource
win7-20220311-en
windows7_x64
Behavioral task
behavioral8
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/nav.js
Resource
win10v2004-20220310-en
windows10-2004_x64
Behavioral task
behavioral9
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/ExitNode.html
Resource
win7-20220331-en
windows7_x64
Behavioral task
behavioral10
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/ExitNode.html
Resource
win10v2004-20220331-en
windows10-2004_x64
Behavioral task
behavioral11
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/LevelInfo.html
Resource
win7-20220311-en
windows7_x64
Behavioral task
behavioral12
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/LevelInfo.html
Resource
win10v2004-20220310-en
windows10-2004_x64
Behavioral task
behavioral13
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/LevelMob.html
Resource
win7-20220331-en
windows7_x64
Behavioral task
behavioral14
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/LevelMob.html
Resource
win10v2004-20220331-en
windows10-2004_x64
Behavioral task
behavioral15
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/LevelProps.html
Resource
win7-20220310-en
windows7_x64
Behavioral task
behavioral16
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/LevelProps.html
Resource
win10v2004-20220331-en
windows10-2004_x64
Behavioral task
behavioral17
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/Meta.html
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral18
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/Meta.html
Resource
win10v2004-20220331-en
windows10-2004_x64
Behavioral task
behavioral19
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/SeededRandom.html
Resource
win7-20220414-en
windows7_x64
Behavioral task
behavioral20
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/SeededRandom.html
Resource
win10v2004-20220331-en
windows10-2004_x64
Behavioral task
behavioral21
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/Struct.html
Resource
win7-20220310-en
windows7_x64
Behavioral task
behavioral22
Sample
SkyBlade/ModTools/Scripts/TechnicalDocumentation/tool/mod/script/Struct.html
Resource
win10v2004-20220331-en
windows10-2004_x64
Behavioral task
behavioral23
Sample
SkyBlade/StartGame.exe
Resource
win7-20220311-en
windows7_x64
Behavioral task
behavioral24
Sample
SkyBlade/StartGame.exe
Resource
win10v2004-20220310-en
windows10-2004_x64
General
-
Target
SkyBlade/ModTools/Scripts/TechnicalDocumentation/index.html
-
Size
3KB
-
MD5
f588e93768556e1043c11f1385056395
-
SHA1
604cd2cc502d4d3e3d4fcd802e3f1b777b3f9294
-
SHA256
35ecc9bc5fc2316732cfc2d53af352e150d39ec6f09ff575f1dec1aa23c48765
-
SHA512
4b43e5e1171762caec221e21cda6a9001a96709dad23825f6bc07e3ae4204d964a6017f1ea15269f6e8772b1becd0a3cac37b7cc9d5e5cd4217ac721ee418827
Malware Config
Signatures
-
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30953477" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002c748c512714b748afba884a441d71e5000000000200000000001066000000010000200000008724465500551d5ab70773b7e48e9c4172714350989e4744f530db4b43ce94db000000000e80000000020000200000000138d1d606a53000459a9c8b8f5c97968c53cb4b1c08529075744b78969a2b072000000066f84fbe9f1aaa92189450bb4420c0cb6f68ee56b6b72a44cb680ce9536e988b40000000081c74d440565671756aeda28b21e5dbb9a194349f99ea2930a244d0734a43640dc98aa8e79af612dbd0ff7b15015030a0cfbb95e6ffb8811712a5ead1b1d9c3 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "356708745" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{C33D2BDC-BBF8-11EC-B9A4-6A21FC562FD1} = "0" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30953477" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000002c748c512714b748afba884a441d71e500000000020000000000106600000001000020000000ae568867fb8e718e14842d35696c4209dc4abb9527bae3aae97e207c8c810088000000000e800000000200002000000023cbeb7dc1633330ecb439a5422e79decb376e9c08267aefb5e498cc54283455200000003c5aeedbb5923d14b4c6b202516c2d0d948d9254f86ad9473a6c676be8165a4e40000000166b99431726830d6dd702ee6a0048f2c21903be379c80eec35fe61e7cf3a97513e8aafdb3a75de2c7aab5428561616955d79e4577a2159b061e997ccc9b0b96 iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\ iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Internet Explorer\Main IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2612172089" IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Internet Explorer\IESettingSync IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2" IEXPLORE.EXE Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Internet Explorer\VersionManager iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2543421884" iexplore.exe Set value (data) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a0b9489c0550d801 iexplore.exe Set value (str) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2543421884" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\Software\Microsoft\Internet Explorer\VersionManager IEXPLORE.EXE Set value (int) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30953477" IEXPLORE.EXE Set value (data) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 60b4919d0550d801 iexplore.exe Set value (int) \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-1346565761-3498240568-4147300184-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion iexplore.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2136 iexplore.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2136 iexplore.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 2136 iexplore.exe 2136 iexplore.exe 2764 IEXPLORE.EXE 2764 IEXPLORE.EXE 2764 IEXPLORE.EXE 2764 IEXPLORE.EXE -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2136 wrote to memory of 2764 2136 iexplore.exe 80 PID 2136 wrote to memory of 2764 2136 iexplore.exe 80 PID 2136 wrote to memory of 2764 2136 iexplore.exe 80
Processes
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\SkyBlade\ModTools\Scripts\TechnicalDocumentation\index.html1⤵
- Modifies Internet Explorer settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2136 -
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2136 CREDAT:17410 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2764
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize471B
MD50bc7f0d8dd0626f21a69e573e7ec41be
SHA16252061964b3ef4c1cf4fb19daa0483778c5fb58
SHA256df2cda4e008208fe04752874dd20b99870a3a748e6c404d4df642afbf3b9237b
SHA512a69fcf352ba20b8e980cd36375baf1e4e7249a22cfbd51891c24c43760c1b3775c4503750d53f276997cb6030cb0a679603fa4f61245a9effb742b31147f0aec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize434B
MD5aae088d71f40d63d73efb4dd76ffb09c
SHA18ff06fb37435a97e107fc3cb5b1e1b7a63c8ef1d
SHA256926d9a65e5c69f86e85cefcd9ebe63f41537b5fd25e16730b41d89f22904d76f
SHA512f5981518f8c921f787ab5fe9253c2c4ef4e83cbdfe9754a1ed2975c8e54c1f0c93f3f407cd8169c5d8790287e5a6ba84145f4ea720b528d74ad096982b720ab5