Overview
overview
9Static
static
7SkyFlick2....ot.exe
windows10-2004-x64
SkyFlick2....ID.exe
windows10-2004-x64
9SkyFlick2....k2.exe
windows10-2004-x64
8SkyFlick2....D2.exe
windows10-2004-x64
SkyFlick2....in.exe
windows10-2004-x64
5SkyFlick2....in.exe
windows10-2004-x64
7SkyFlick2....64.dll
windows10-2004-x64
3SkyFlick2....ag.exe
windows10-2004-x64
1SkyFlick2....rl.dll
windows10-2004-x64
3SkyFlick2....b1.dll
windows10-2004-x64
3Analysis
-
max time kernel
113s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-es -
resource tags
arch:x64arch:x86image:win10v2004-20230221-eslocale:es-esos:windows10-2004-x64systemwindows -
submitted
27-03-2023 05:35
Behavioral task
behavioral1
Sample
SkyFlick2.1_WIN11/RealReboot.exe
Resource
win10v2004-20230220-es
Behavioral task
behavioral2
Sample
SkyFlick2.1_WIN11/ResetHWID.exe
Resource
win10v2004-20230220-es
Behavioral task
behavioral3
Sample
SkyFlick2.1_WIN11/SkyFlick2.exe
Resource
win10v2004-20230221-es
Behavioral task
behavioral4
Sample
SkyFlick2.1_WIN11/data/Ba6ZtH8y0KbD2.exe
Resource
win10v2004-20230220-es
Behavioral task
behavioral5
Sample
SkyFlick2.1_WIN11/data/bin.exe
Resource
win10v2004-20230220-es
Behavioral task
behavioral6
Sample
SkyFlick2.1_WIN11/data/bin.exe
Resource
win10v2004-20230221-es
Behavioral task
behavioral7
Sample
SkyFlick2.1_WIN11/data/drv64.dll
Resource
win10v2004-20230220-es
Behavioral task
behavioral8
Sample
SkyFlick2.1_WIN11/extension/Anti-Flag.exe
Resource
win10v2004-20230220-es
Behavioral task
behavioral9
Sample
SkyFlick2.1_WIN11/libcurl.dll
Resource
win10v2004-20230220-es
Behavioral task
behavioral10
Sample
SkyFlick2.1_WIN11/zlib1.dll
Resource
win10v2004-20230220-es
General
-
Target
SkyFlick2.1_WIN11/data/bin.exe
-
Size
6.1MB
-
MD5
b357bc0d4c48a0481057d854c9168503
-
SHA1
bc729697648def321e6b78b27ae790bc149f6bb8
-
SHA256
5fb7783611fdcd76d9d57d7d2af6791357c3d41277dbc9e69e0a6431bb5949b1
-
SHA512
b4cd3f9796e329dc018529dcd331b90b6b61bd749ae644ef03fbf3db2e97040441e1b0d92a64d9306074160b0ce7fe1b298c210de082db751f712bf1f4edacb3
-
SSDEEP
196608:91aFJdepxzWiarz1yMOQbxCxl/95eYfNdyV:91avCxzGxy8bxEZ9Xdy
Malware Config
Signatures
-
Processes:
resource yara_rule behavioral6/memory/1016-141-0x00007FF7E8AF0000-0x00007FF7E9564000-memory.dmp vmprotect -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
Processes:
bin.exepid process 1016 bin.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
bin.exepid process 1016 bin.exe 1016 bin.exe 1016 bin.exe 1016 bin.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
bin.exedescription pid process Token: SeSystemEnvironmentPrivilege 1016 bin.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1016-133-0x00007FF80F1B0000-0x00007FF80F1B2000-memory.dmpFilesize
8KB
-
memory/1016-134-0x00007FF80F1C0000-0x00007FF80F1C2000-memory.dmpFilesize
8KB
-
memory/1016-135-0x00007FF80DDE0000-0x00007FF80DDE2000-memory.dmpFilesize
8KB
-
memory/1016-136-0x00007FF80DDF0000-0x00007FF80DDF2000-memory.dmpFilesize
8KB
-
memory/1016-137-0x00007FF80CF50000-0x00007FF80CF52000-memory.dmpFilesize
8KB
-
memory/1016-138-0x00007FF80CF60000-0x00007FF80CF62000-memory.dmpFilesize
8KB
-
memory/1016-139-0x00007FF80F1D0000-0x00007FF80F1D2000-memory.dmpFilesize
8KB
-
memory/1016-140-0x00007FF80F1E0000-0x00007FF80F1E2000-memory.dmpFilesize
8KB
-
memory/1016-141-0x00007FF7E8AF0000-0x00007FF7E9564000-memory.dmpFilesize
10.5MB