1a8da34980844838bce5efb93589edfd9c1a0a3d7243534544938c236f656c1d

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
20-05-2024 01:09

Target

Skelly V2.exe
Size

2.5MB
MD5

b1262cd5f134c61ba3b077f309a843b8
SHA1

edaa655070619975f80590ffbd1cfab0c74c678f
SHA256

1a8da34980844838bce5efb93589edfd9c1a0a3d7243534544938c236f656c1d
SHA512

9daf4325e148a52f586f4649f53b8b965f62d80f47c8fe69bab4d2f6f3324e2f3420b88972dc0c7714d8dfa844cea476024482a3fd7c9cb464e0969e45404219
SSDEEP

49152:V92xyXxkYR0RXagDvjWj+0gR8NIpYc7s6cLVSUrRvUkM1Ku6bOOQ:z2xy+YzgHI+0gi2Yc7vcLM5su6K7

Score

7^/10

agilenet

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

Processes:

resource	yara_rule
behavioral1/memory/2256-1-0x00000000003E0000-0x0000000000662000-memory.dmp	agile_net

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2328 2256 WerFault.exe Skelly V2.exe

pid	pid_target	process	target process
2328	2256	WerFault.exe	Skelly V2.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

Skelly V2.exe

description	pid	process	target process
PID 2256 wrote to memory of 2328	2256	Skelly V2.exe	WerFault.exe
PID 2256 wrote to memory of 2328	2256	Skelly V2.exe	WerFault.exe
PID 2256 wrote to memory of 2328	2256	Skelly V2.exe	WerFault.exe
PID 2256 wrote to memory of 2328	2256	Skelly V2.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\Skelly V2.exe
"C:\Users\Admin\AppData\Local\Temp\Skelly V2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 592
2⤵
- Program crash
PID:2328

memory/2256-0-0x00000000743FE000-0x00000000743FF000-memory.dmp

Filesize
4KB

Download
memory/2256-1-0x00000000003E0000-0x0000000000662000-memory.dmp

Filesize
2.5MB

Download
memory/2256-2-0x0000000004D30000-0x0000000004EBE000-memory.dmp

Filesize
1.6MB

Download
memory/2256-3-0x00000000743F0000-0x0000000074ADE000-memory.dmp

Filesize
6.9MB

Download
memory/2256-4-0x00000000743F0000-0x0000000074ADE000-memory.dmp

Filesize
6.9MB

Download