Analysis
-
max time kernel
143s -
max time network
507s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
16-08-2022 08:24
General
-
Target
Skype-8.87.0.406.exe
-
Size
84.9MB
-
MD5
6a52b4efb00ea46c34f924acc2b2e289
-
SHA1
feecc09bf944b9e663acdd2aa07e36f4f3b2a5ce
-
SHA256
5b0dc5071cf7fdc13f1b2e10ef06c1161be85aec193ea7dd5ac8c60738fd6d5f
-
SHA512
0081cbab52198a6ce08c52da51138ad653614e131542d533c68d57ab36c7d3d816bad61f622b8c3cbaf519e074c695837c1a02efbad928cb917a3af93e696046
Score
8/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Skype-8.87.0.406.exe"C:\Users\Admin\AppData\Local\Temp\Skype-8.87.0.406.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-CDKQM.tmp\Skype-8.87.0.406.tmp"C:\Users\Admin\AppData\Local\Temp\is-CDKQM.tmp\Skype-8.87.0.406.tmp" /SL5="$B0046,88396875,404480,C:\Users\Admin\AppData\Local\Temp\Skype-8.87.0.406.exe"2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\is-CDKQM.tmp\Skype-8.87.0.406.tmpFilesize
1.4MB
MD54a5076a8fb16791787211b614d4fb9e8
SHA1cfc1c4c9cc1a5b150d0b390cdc4cef3a6eb02006
SHA2562f4cf46a9d3573f0083384d08c18c119a9ca29bc6e9ab5bee7abc1db0a2b773d
SHA512897f8c49e63e9df627f390edea7ffe8bd21f8a4425101ae505257b274082e175631a5cfb73e6a0bea771716e2054389d93d5c63a5c0a19f087bd5f23fef40204
-
memory/2876-135-0x0000000000000000-mapping.dmp
-
memory/5044-132-0x0000000000400000-0x000000000046D000-memory.dmpFilesize
436KB
-
memory/5044-134-0x0000000000400000-0x000000000046D000-memory.dmpFilesize
436KB
-
memory/5044-137-0x0000000000400000-0x000000000046D000-memory.dmpFilesize
436KB