Overview

overview

9

Static

static

7

SkyFlick2....ot.exe

windows10-2004-x64

SkyFlick2....ID.exe

windows10-2004-x64

9

SkyFlick2....k2.exe

windows10-2004-x64

8

SkyFlick2....D2.exe

windows10-2004-x64

SkyFlick2....in.exe

windows10-2004-x64

5

SkyFlick2....in.exe

windows10-2004-x64

7

SkyFlick2....64.dll

windows10-2004-x64

3

SkyFlick2....ag.exe

windows10-2004-x64

1

SkyFlick2....rl.dll

windows10-2004-x64

3

SkyFlick2....b1.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    113s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    27-03-2023 05:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SkyFlick2.1_WIN11/data/bin.exe

  • Size

    6.1MB

  • MD5

    b357bc0d4c48a0481057d854c9168503

  • SHA1

    bc729697648def321e6b78b27ae790bc149f6bb8

  • SHA256

    5fb7783611fdcd76d9d57d7d2af6791357c3d41277dbc9e69e0a6431bb5949b1

  • SHA512

    b4cd3f9796e329dc018529dcd331b90b6b61bd749ae644ef03fbf3db2e97040441e1b0d92a64d9306074160b0ce7fe1b298c210de082db751f712bf1f4edacb3

  • SSDEEP

    196608:91aFJdepxzWiarz1yMOQbxCxl/95eYfNdyV:91avCxzGxy8bxEZ9Xdy

Score
7/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SkyFlick2.1_WIN11\data\bin.exe
    "C:\Users\Admin\AppData\Local\Temp\SkyFlick2.1_WIN11\data\bin.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1016-133-0x00007FF80F1B0000-0x00007FF80F1B2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1016-134-0x00007FF80F1C0000-0x00007FF80F1C2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1016-135-0x00007FF80DDE0000-0x00007FF80DDE2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1016-136-0x00007FF80DDF0000-0x00007FF80DDF2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1016-137-0x00007FF80CF50000-0x00007FF80CF52000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1016-138-0x00007FF80CF60000-0x00007FF80CF62000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1016-139-0x00007FF80F1D0000-0x00007FF80F1D2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1016-140-0x00007FF80F1E0000-0x00007FF80F1E2000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1016-141-0x00007FF7E8AF0000-0x00007FF7E9564000-memory.dmp
    Filesize

    10.5MB

    Download