Resubmissions

27-03-2024 17:10

240327-vp3klabh7y 10

27-03-2024 17:07

240327-vnfdnsbh4w 3

27-03-2024 17:03

240327-vknwmsbg61 10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-03-2024 17:03

General

  • Target

    SKRIPTGG-FIVEM-main/Skript.rar

  • Size

    4.6MB

  • MD5

    5ca1a9888343fce41dc19ee85d5728c6

  • SHA1

    004851b9a5327782dfffc773c7d352c3de6fa341

  • SHA256

    26ce31dad5149454c39376256c88397b1a2e6c4e8f66b42cbce9f2cd904132cc

  • SHA512

    3d0b20640da4695b3a2c70e39269dd6a48777c97e451385c8aebc876a5db430744d594118f217185cb4816d6e9c12f7c254deccad8652b710fbb9f5a83a5bf46

  • SSDEEP

    98304:xI/GiwtepY3UjkkABs7ieskoAPS1tgX3Fr1gnzWMbz4Y:xqlpY3UtA+GePS1tuunzWtY

Score
7/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\SKRIPTGG-FIVEM-main\Skript.rar
    1⤵
    • Checks computer location settings
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:1040
    • C:\Program Files\7-Zip\7zFM.exe
      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\SKRIPTGG-FIVEM-main\Skript.rar"
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:936

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads