8e5031c55f01b57b9a54ff1840af45c6ae871568a9b5d05de8b34c06a998ad28

Analysis

max time kernel
0s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 23:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Vzlom-skype-9.3/Skype-vzlom v9.3.exe
Size

1.1MB
MD5

1390250f7d1c7e6e8e7c1242b9d3f0bc
SHA1

f1f6249d07c2402b33ebd2b3ae2b0aa0b048acc2
SHA256

bb293d05f5c5bbc74e7329fcf493615cba3ec8f4c53dad334d27572e886d5a55
SHA512

d2a93b6c9e59c5060a2ac9d0a02ecb3c5c73605371bccde28c41e437fdbfcf197e33ad3877cf5cadc1e2330148e68f79a84bfe9eee52fa90c002e07a43745b2e
SSDEEP

24576:tZblkt7RQUgezt87uHOn1nA2K7PAVrifybRx0gBUanhYEmmInV5MyfU:fo1LgeO7P27PYicugBUghYhV5MyfU

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1864	nPyxBCE.exe

Loads dropped DLL 2 IoCs

pid	Process
1736	Skype-vzlom v9.3.exe
1736	Skype-vzlom v9.3.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1864	nPyxBCE.exe
1864	nPyxBCE.exe
1864	nPyxBCE.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 1864	1736	Skype-vzlom v9.3.exe	15
PID 1736 wrote to memory of 1864	1736	Skype-vzlom v9.3.exe	15
PID 1736 wrote to memory of 1864	1736	Skype-vzlom v9.3.exe	15
PID 1736 wrote to memory of 1864	1736	Skype-vzlom v9.3.exe	15

C:\Users\Admin\AppData\Local\Temp\Vzlom-skype-9.3\Skype-vzlom v9.3.exe
"C:\Users\Admin\AppData\Local\Temp\Vzlom-skype-9.3\Skype-vzlom v9.3.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Users\Admin\AppData\Local\Temp\mYTNS\nPyxBCE.exe
  nPyxBCE.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mYTNS\BXZDCAD

Filesize
35KB

MD5
54a8433e5115168443aace8dfec2131f

SHA1
8bee39b1273454be48cfb179ddc888c5865aa831

SHA256
9b1e482613c2a46709513aa799848e482eabbfaec56c0b755a3edda79ab7fecd

SHA512
ce5a0fbbb27452b558f82fe4aa210477df381201f5e4d43a6f1449e863de68bf44b28e32abaed04988b89c174ec37123cf5dcb5aa09734b957a626cb56ac2672

Download Submit
C:\Users\Admin\AppData\Local\Temp\mYTNS\nPyxBCE.exe

Filesize
22KB

MD5
d0610b7f25cf5fe7451817c6c4b680ba

SHA1
c3d3d9970e2adff96d9845eb27ee4bb0af048997

SHA256
fdf3a11f3f6202d6304a2009a4639eac698d359fe9095d9cc1bde1405dcac1a2

SHA512
5ac97184f05875fd9d7b200bfd006ff0a9674bcd6db3d8e38db0afce69671ee1e6740fb0e7a2fe98c755908d7fea031bb4f28dff086bd4d606f0437167f0377e

Download Submit
C:\Users\Admin\AppData\Local\Temp\mYTNS\nPyxBCE.exe

Filesize
3KB

MD5
beb747eb1e56a73317e57a106c063bce

SHA1
6b103e273f83cecdc52a319a86fb296114f55c1b

SHA256
372e750b894dd845b80e952e3304467eddd692e961da4ecbccb81b55365be839

SHA512
2331d4be511dcd58cccfbc05f80681522ce9d158d4fd4d1357d34edeca8e94947be56566ac10a2678eefa5976f29dfc334c555356d85ac9834c402936cb83bb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\mYTNS\nPyxBCE.exe

Filesize
6KB

MD5
f0a8902f907005d7bb11194eef1f5035

SHA1
784777077010ef7b0f87930e15cad8c9c44b5e99

SHA256
35008d2bac930e2a6dfd1d1a0d80946cd497801422922289f73c9fb7f9fe9210

SHA512
6f6100cabb63892f847591b8e1ea2a989c4bc124941744ba3a2ff4bc98253c9d1cc43643cda649d4e2e44547b7aca792c5b5d2be0177e26fba66f697f4bf889d

Download Submit
\Users\Admin\AppData\Local\Temp\mYTNS\nPyxBCE.exe

Filesize
1KB

MD5
7ea0409bfd1d325ff4a0a4b7194b790f

SHA1
69f402d7558dac83fe1770362bfef6a6732b7754

SHA256
02d2248e6ce559b4fe397bf53aaf42a9774d38b530853daed9cf558dc598c0a7

SHA512
76cb58dff53f5a7ea1b1c8d2b4b8134903459e05baf74487f6e0c9e6ff05a3ca60aa8eb29d6b6625b2d22f2c363510b14236cb4e6fb97c659c5994bfb9e53470

Download Submit
\Users\Admin\AppData\Local\Temp\mYTNS\nPyxBCE.exe

Filesize
134B

MD5
255e7aebc600e94e8061a5b89bfd684a

SHA1
7f98369c1abbc1738fd7d728960b1ff3a75a2d17

SHA256
dcc2e007e76e89eb15694e56b90c7512d9306c996ddb4033b7a37b9fe263fe2f

SHA512
3fa8887dd9c73246decc06ac39175157ebf009797d99f52d8546c5435d2c46b36eb90826ebd9bdfa5ba1fd460dad046ad27c6dbf51fe0d369cafac190b0b27cd

Download Submit
memory/1864-13-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1864-32-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1864-55-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download