Overview
overview
10Static
static
3SKRIPTGG-F...in.zip
windows7-x64
1SKRIPTGG-F...in.zip
windows10-2004-x64
1SKRIPTGG-F...DME.md
windows7-x64
3SKRIPTGG-F...DME.md
windows10-2004-x64
3SKRIPTGG-F...pt.rar
windows7-x64
10SKRIPTGG-F...pt.rar
windows10-2004-x64
7launcher.exe
windows7-x64
10launcher.exe
windows10-2004-x64
10SKRIPTGG-F...se.dll
windows7-x64
1SKRIPTGG-F...se.dll
windows10-2004-x64
1Resubmissions
27-03-2024 17:10
240327-vp3klabh7y 1027-03-2024 17:07
240327-vnfdnsbh4w 327-03-2024 17:03
240327-vknwmsbg61 10Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
27-03-2024 17:03
Static task
static1
Behavioral task
behavioral1
Sample
SKRIPTGG-FIVEM-main.zip
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
SKRIPTGG-FIVEM-main.zip
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
SKRIPTGG-FIVEM-main/README.md
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
SKRIPTGG-FIVEM-main/README.md
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
SKRIPTGG-FIVEM-main/Skript.rar
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
SKRIPTGG-FIVEM-main/Skript.rar
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
launcher.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
launcher.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
SKRIPTGG-FIVEM-main/license.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
SKRIPTGG-FIVEM-main/license.dll
Resource
win10v2004-20240226-en
General
-
Target
SKRIPTGG-FIVEM-main/Skript.rar
-
Size
4.6MB
-
MD5
5ca1a9888343fce41dc19ee85d5728c6
-
SHA1
004851b9a5327782dfffc773c7d352c3de6fa341
-
SHA256
26ce31dad5149454c39376256c88397b1a2e6c4e8f66b42cbce9f2cd904132cc
-
SHA512
3d0b20640da4695b3a2c70e39269dd6a48777c97e451385c8aebc876a5db430744d594118f217185cb4816d6e9c12f7c254deccad8652b710fbb9f5a83a5bf46
-
SSDEEP
98304:xI/GiwtepY3UjkkABs7ieskoAPS1tgX3Fr1gnzWMbz4Y:xqlpY3UtA+GePS1tuunzWtY
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
cmd.exedescription ioc Process Key value queried \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000\Control Panel\International\Geo\Nation cmd.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 1 IoCs
Processes:
cmd.exedescription ioc Process Key created \REGISTRY\USER\S-1-5-21-566096764-1992588923-1249862864-1000_Classes\Local Settings cmd.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
7zFM.exedescription pid Process Token: SeRestorePrivilege 936 7zFM.exe Token: 35 936 7zFM.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
7zFM.exepid Process 936 7zFM.exe -
Suspicious use of WriteProcessMemory 2 IoCs
Processes:
cmd.exedescription pid Process procid_target PID 1040 wrote to memory of 936 1040 cmd.exe 87 PID 1040 wrote to memory of 936 1040 cmd.exe 87
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\SKRIPTGG-FIVEM-main\Skript.rar1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1040 -
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\SKRIPTGG-FIVEM-main\Skript.rar"2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:936
-