Overview

overview

3

Static

static

1

Skoice.jar

windows7-x64

1

Skoice.jar

windows10-2004-x64

1

META-INF/NOTICE

windows7-x64

1

META-INF/NOTICE

windows10-2004-x64

1

META-INF/s...alizer

windows7-x64

3

META-INF/s...alizer

windows10-2004-x64

3

META-INF/s...alizer

windows7-x64

3

META-INF/s...alizer

windows10-2004-x64

3

META-INF/s...actory

windows7-x64

3

META-INF/s...actory

windows10-2004-x64

3

META-INF/s...tcodec

windows7-x64

3

META-INF/s...tcodec

windows10-2004-x64

3

config.yml

windows7-x64

3

config.yml

windows10-2004-x64

3

lang/DA.yml

windows7-x64

3

lang/DA.yml

windows10-2004-x64

3

lang/DE.yml

windows7-x64

3

lang/DE.yml

windows10-2004-x64

3

lang/EN.yml

windows7-x64

3

lang/EN.yml

windows10-2004-x64

3

lang/ES.yml

windows7-x64

3

lang/ES.yml

windows10-2004-x64

3

lang/FR.yml

windows7-x64

3

lang/FR.yml

windows10-2004-x64

3

lang/IT.yml

windows7-x64

3

lang/IT.yml

windows10-2004-x64

3

lang/JA.yml

windows7-x64

3

lang/JA.yml

windows10-2004-x64

3

lang/NO.yml

windows7-x64

3

lang/NO.yml

windows10-2004-x64

3

lang/PL.yml

windows7-x64

3

lang/PL.yml

windows10-2004-x64

3

Analysis

  • max time kernel
    7s
  • max time network
    137s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    10/03/2024, 02:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lang/EN.yml

  • Size

    18KB

  • MD5

    1e9ae62fe4689aa3bb4832d8add092f9

  • SHA1

    3efe36a82226dbc5b1afdc22833d2d5fd829d0e0

  • SHA256

    3e286be5b8189f80c927ef17537495feb041694c9c10a288c94e5427b74cab1a

  • SHA512

    5d90c55d85dc86257f3d10c16b95b44467fd669aad74cb4b0b37575b60a5ffa96f4a0e92949226277ffd6c9afcefdd8fa7f85163fb3b731a877ce72d6e469348

  • SSDEEP

    192:OKADDP1dsXWpxplmJen/SIoOC1/1+yj9tXjOS1vEXGmLriovXwkuQegjE1fxAH4B:OKMP14WpxKCC1Xj9tXH1EJiYE1YNuZ

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 9 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\lang\EN.yml
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3024
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\lang\EN.yml
      2⤵
      • Modifies registry class
      PID:2684
      • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
        "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\lang\EN.yml"
        3⤵
          PID:2648

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
      Filesize

      3KB

      MD5

      48f48e407d65b2ccdc333bee8189203f

      SHA1

      4b19ddd37851c587759ccb1582b6914b7550a88a

      SHA256

      3d58ede968bb8892d05c32a1fc23eafce281764108dd10e402ffd3c573f42166

      SHA512

      38bb762ccf83d7a87bd5e4141165760bacf1a3bf193837393671b353142cabbee11483c94da4dff67f7986821946e1979820ab61d3ab5ecdf2447ac96d13d923

      Download Submit