Overview
overview
5Static
static
3SkidCord_Crack.zip
windows10-2004-x64
1Anarchy.dll
windows10-2004-x64
1Bogus.dll
windows10-2004-x64
5ClickableT...ay.dll
windows10-2004-x64
1ImGui.NET.dll
windows10-2004-x64
1Microsoft....cs.dll
windows10-2004-x64
1Newtonsoft.Json.dll
windows10-2004-x64
1Pastel.dll
windows10-2004-x64
1SharpGen.R...OM.dll
windows10-2004-x64
1SharpGen.Runtime.dll
windows10-2004-x64
1SixLabors....rp.dll
windows10-2004-x64
5Undetected...er.dll
windows10-2004-x64
1Vortice.D3...er.dll
windows10-2004-x64
1Vortice.DXGI.dll
windows10-2004-x64
1Vortice.Di...11.dll
windows10-2004-x64
1Vortice.DirectX.dll
windows10-2004-x64
1Vortice.Ma...cs.dll
windows10-2004-x64
1WarpCord.deps.json
windows10-2004-x64
3WarpCord.exe
windows10-2004-x64
1WarpCord.exe
windows10-2004-x64
1WarpCord.pdb
windows10-2004-x64
3WarpCord.r...g.json
windows10-2004-x64
3WebDriver.dll
windows10-2004-x64
1chromedriv...er.exe
windows10-2004-x64
1config.json
windows10-2004-x64
3emojis.json
windows10-2004-x64
3imgui.ini
windows10-2004-x64
1runtimes/l...gui.so
windows10-2004-x64
5runtimes/o....dylib
windows10-2004-x64
3runtimes/w...ui.dll
windows10-2004-x64
1runtimes/w...ui.dll
windows10-2004-x64
3runtimes/w...ui.dll
windows10-2004-x64
3Analysis
-
max time kernel
141s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20230621-en -
resource tags
arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system -
submitted
02-07-2023 21:45
Static task
static1
Behavioral task
behavioral1
Sample
SkidCord_Crack.zip
Resource
win10v2004-20230621-en
Behavioral task
behavioral2
Sample
Anarchy.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral3
Sample
Bogus.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral4
Sample
ClickableTransparentOverlay.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral5
Sample
ImGui.NET.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral6
Sample
Microsoft.Maui.Graphics.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral7
Sample
Newtonsoft.Json.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral8
Sample
Pastel.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral9
Sample
SharpGen.Runtime.COM.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral10
Sample
SharpGen.Runtime.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral11
Sample
SixLabors.ImageSharp.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral12
Sample
UndetectedChromeDriver.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral13
Sample
Vortice.D3DCompiler.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral14
Sample
Vortice.DXGI.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral15
Sample
Vortice.Direct3D11.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral16
Sample
Vortice.DirectX.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral17
Sample
Vortice.Mathematics.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral18
Sample
WarpCord.deps.json
Resource
win10v2004-20230621-en
Behavioral task
behavioral19
Sample
WarpCord.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral20
Sample
WarpCord.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral21
Sample
WarpCord.pdb
Resource
win10v2004-20230621-en
Behavioral task
behavioral22
Sample
WarpCord.runtimeconfig.json
Resource
win10v2004-20230621-en
Behavioral task
behavioral23
Sample
WebDriver.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral24
Sample
chromedriver/chromedriver.exe
Resource
win10v2004-20230621-en
Behavioral task
behavioral25
Sample
config.json
Resource
win10v2004-20230621-en
Behavioral task
behavioral26
Sample
emojis.json
Resource
win10v2004-20230621-en
Behavioral task
behavioral27
Sample
imgui.ini
Resource
win10v2004-20230621-en
Behavioral task
behavioral28
Sample
runtimes/linux-x64/native/libcimgui.so
Resource
win10v2004-20230621-en
Behavioral task
behavioral29
Sample
runtimes/osx/native/libcimgui.dylib
Resource
win10v2004-20230621-en
Behavioral task
behavioral30
Sample
runtimes/win-arm64/native/cimgui.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral31
Sample
runtimes/win-x64/native/cimgui.dll
Resource
win10v2004-20230621-en
Behavioral task
behavioral32
Sample
runtimes/win-x86/native/cimgui.dll
Resource
win10v2004-20230621-en
General
-
Target
runtimes/linux-x64/native/libcimgui.so
-
Size
1.3MB
-
MD5
585a89ce34641da545ad885fe9e5f813
-
SHA1
bfb8024d91f5d83e4d6f2c9573ac1a66ef56290a
-
SHA256
0e50aee1717232a2499c99f02c34746d001d0dfb02ba0b23d04525faee47138d
-
SHA512
fb1b14e432f68e3d6a21392726eb585e4206e6e41bda58072c2811aadc9e81d4beb247f8d6e9c1a58e52e83ee2eea1f5f77bbf5db146e365b39a1e3422405ccf
-
SSDEEP
12288:WZViqju9EEsAC4MUoe1cKlTGgvG4TU2VbrrlkA3qk3wwprhF:IRj0EeMU1ZTNG4g2ZrZkA3qkgwp3
Malware Config
Signatures
-
Drops file in System32 directory 8 IoCs
Processes:
svchost.exedescription ioc process File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{555CFBAA-E6D7-4BE9-849D-5E846081BE13}.catalogItem svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{71010B19-42A2-4EB9-9EA5-F383FDB6BFAF}.catalogItem svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{14F182B0-AEBC-475C-A921-A916D1DB59DB}.catalogItem svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{20B8FF81-D76C-44DD-9E8B-11594DFCC5A3}.catalogItem svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{11D06A92-1819-474B-9D35-6DB43CE7E0AA}.catalogItem svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{006D21BD-1CEF-4687-8040-A2B4DA288CED}.catalogItem svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{018CA4ED-16F8-4EA5-81F2-177AD6DACC09}.catalogItem svchost.exe File created C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{4307C8CD-065C-4F6B-95C5-8166B1CADB32}.catalogItem svchost.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
Processes:
OpenWith.execmd.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3259792829-1422303781-2047321929-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3259792829-1422303781-2047321929-1000_Classes\Local Settings cmd.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 1752 OpenWith.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\runtimes\linux-x64\native\libcimgui.so1⤵
- Modifies registry class
PID:3120
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1752
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k netsvcs -p1⤵
- Drops file in System32 directory
PID:3748