Overview

overview

8

Static

static

Skype-8.88.0.401.exe

windows7-x64

8

Skype-8.88.0.401.exe

windows10-2004-x64

8

Resubmissions

31-10-2022 13:00

221031-p8sa3sahh7 8

31-10-2022 12:40

221031-pv9yzaahf9 8

27-09-2022 19:25

220927-x49nkafddn 10

Analysis

  • max time kernel
    21s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    31-10-2022 13:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Skype-8.88.0.401.exe

  • Size

    84.6MB

  • MD5

    a354d5d832f5a63c996be3ba24f3793c

  • SHA1

    0eeabbd3654bcb95615ede909eca7f1d8cb1465e

  • SHA256

    bd4ed965fbab660df571953482137e91a5af1a23c8a471b583d87e65266f64b2

  • SHA512

    f745d04cae393227b344c4fe4ba1d9bdc36058527c1621fd38d19ccc6bdeb15dd4251e66e6db9a88ec41dd59ddf3de357920e58980ca089119416d92c9fc90fc

  • SSDEEP

    1572864:KuEsMZ2eMCgMHNRZzU9P9X6TalSU3OTW+CnamF+U4wYVcnywmh0yyHXFK9auqj:KeM0MNQ6Ty3a3CT+amdwq0yyHXFoqj

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Skype-8.88.0.401.exe
    "C:\Users\Admin\AppData\Local\Temp\Skype-8.88.0.401.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:892
    • C:\Users\Admin\AppData\Local\Temp\is-S23KF.tmp\Skype-8.88.0.401.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-S23KF.tmp\Skype-8.88.0.401.tmp" /SL5="$60126,88056815,404480,C:\Users\Admin\AppData\Local\Temp\Skype-8.88.0.401.exe"
      2⤵
      • Executes dropped EXE
      PID:944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-S23KF.tmp\Skype-8.88.0.401.tmp
    Filesize

    1.4MB

    MD5

    42d7f6491cb9a07c4e25cac42a3b395b

    SHA1

    75b5c00ab9277bbe578502bfbef743e7c04564c1

    SHA256

    f58a9f68802fbc1cacdb07cc357136fb217ad47897355dac962a1e239fe9591d

    SHA512

    f9df478b4d2076a1ea2b09f711afb7425d0b9ea57c06d90749ca20ec9c4c110720061b62d9fff047d69e7214deb239673be3b33df77742bc64fbfce2014f3750

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-S23KF.tmp\Skype-8.88.0.401.tmp
    Filesize

    1.4MB

    MD5

    42d7f6491cb9a07c4e25cac42a3b395b

    SHA1

    75b5c00ab9277bbe578502bfbef743e7c04564c1

    SHA256

    f58a9f68802fbc1cacdb07cc357136fb217ad47897355dac962a1e239fe9591d

    SHA512

    f9df478b4d2076a1ea2b09f711afb7425d0b9ea57c06d90749ca20ec9c4c110720061b62d9fff047d69e7214deb239673be3b33df77742bc64fbfce2014f3750

    Download Submit

  • memory/892-54-0x0000000075141000-0x0000000075143000-memory.dmp

    Filesize

    8KB

    Download

  • memory/892-55-0x0000000000400000-0x000000000046D000-memory.dmp

    Filesize

    436KB

    Download

  • memory/892-61-0x0000000000400000-0x000000000046D000-memory.dmp

    Filesize

    436KB

    Download