ffebcd96d662439491f157860b8e0123b4577b8713cc3ff1f118e500215d3f06

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 17:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Skuller.exe
Size

23.0MB
MD5

ef37216c7eba4c507cb74ceff22c460e
SHA1

86a6f0245fc3db061c1b1e28e67c211c94590a47
SHA256

ffebcd96d662439491f157860b8e0123b4577b8713cc3ff1f118e500215d3f06
SHA512

a984f81aa33c54f7d8386fba90c1bedee59e272096555263a2aa0f6a74c74b7422b87111caaebd305d3c02e95f1a5b67b0eb0beffd7c1ff5db82e17b247c4314
SSDEEP

393216:JHhhmKIEge9DytYtaUI7GSLThU7cZIncfGCsGZRCWoyOecw8XxQmIU:pynEgMetYm7/LTewZIcunGZdrOecthI

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2912	main.exe

Loads dropped DLL 2 IoCs

pid	Process
2696	Skuller.exe
2912	main.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 2912	2696	Skuller.exe	29
PID 2696 wrote to memory of 2912	2696	Skuller.exe	29
PID 2696 wrote to memory of 2912	2696	Skuller.exe	29

C:\Users\Admin\AppData\Local\Temp\Skuller.exe
"C:\Users\Admin\AppData\Local\Temp\Skuller.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Users\Admin\AppData\Local\Temp\onefile_2696_133613926371154000\main.exe
  "C:\Users\Admin\AppData\Local\Temp\Skuller.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2696_133613926371154000\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2696_133613926371154000\main.exe

Filesize
45.1MB

MD5
61bf828ec19c946a1f3dcd69e32fd9cc

SHA1
3b79e3729535f011d1a2c195430930798623acfb

SHA256
447886f321aa23a433a73546e63d10b195f8a2f88cb9ffb0c5a00c8851a23310

SHA512
c549561dfce8e2fa0c21bce9e2696c340350558db09f1e5c77b52462040f82f93f67d1d78cbda8758bac6560da5858e5d855f445eebf9a159c2fe29d1ca01877

Download Submit
memory/2696-61-0x000000013F970000-0x0000000141085000-memory.dmp

Filesize
23.1MB

Download
memory/2696-110-0x000000013F970000-0x0000000141085000-memory.dmp

Filesize
23.1MB

Download
memory/2912-57-0x000000013F350000-0x000000014212B000-memory.dmp

Filesize
45.9MB

Download