Overview

overview

3

Static

static

3

Skript.rar

windows10-1703-x64

3

Analysis

  • max time kernel
    314s
  • max time network
    408s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    30/06/2024, 13:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Skript.rar

  • Size

    57KB

  • MD5

    9de289143e436c72d237be6fa40be491

  • SHA1

    47cbe81a96caf839da68421066769565e59c156b

  • SHA256

    6fb35bfb245667f65220dada3ac07b61a8223a31684df5cd6f5475d1c1790888

  • SHA512

    c3bc9a0f4962225bddf7a6aba59c88c1253ccfa17b69b90fa2a21e362a8127f7f0055d30b2485e6de90f696d8164a8bdf194fa01c07468c8f6b50ba2858291eb

  • SSDEEP

    768:E13aPtUXNwEqZdZQ0YoYzU6at1RlYeKi1nAno8QNQGpAZH4ZbbkWkvhCaQF6R2ym:yqrCavQS1nANuZWZH8kWkvYh6RnEL

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 3 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 47 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Skript.rar
    1⤵
    • Modifies registry class
    PID:3888
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1240
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Skript.rar"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4116
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\Skript.rar
        3⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4920
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.0.1880262855\962252434" -parentBuildID 20221007134813 -prefsHandle 1688 -prefMapHandle 1680 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1e79f71-5156-4868-8423-451f9c6dc8f0} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 1768 2517b0db258 gpu
          4⤵
            PID:1896
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.1.690110350\1844910657" -parentBuildID 20221007134813 -prefsHandle 2112 -prefMapHandle 2108 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29138c5a-f3d4-43d7-81e9-0c6ee03af794} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 2124 25168e71058 socket
            4⤵
            • Checks processor information in registry
            PID:4364
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.2.872902870\256652653" -childID 1 -isForBrowser -prefsHandle 3092 -prefMapHandle 3088 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad5c9d34-9768-4cd1-88e7-c97360b24844} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 3052 2517eed6458 tab
            4⤵
              PID:2816
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.3.854232250\429192671" -childID 2 -isForBrowser -prefsHandle 3536 -prefMapHandle 3540 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {de21cb25-87cc-4006-9d8b-f31f6397ed7a} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 3556 2517f782658 tab
              4⤵
                PID:3840
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.4.31920323\732989239" -childID 3 -isForBrowser -prefsHandle 4820 -prefMapHandle 2608 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {81001158-98e5-4147-9e74-8a617470ceff} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 4780 25181f8ce58 tab
                4⤵
                  PID:588
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.5.241697653\860744063" -childID 4 -isForBrowser -prefsHandle 5032 -prefMapHandle 5036 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd040c10-f41a-4122-b357-ad5c0c2e4843} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 5024 25181f8da58 tab
                  4⤵
                    PID:640
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4920.6.9206893\589719681" -childID 5 -isForBrowser -prefsHandle 5244 -prefMapHandle 5248 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8822b526-6984-4c2f-851f-c02c6a8367f3} 4920 "\\.\pipe\gecko-crash-server-pipe.4920" 5232 25180dcfb58 tab
                    4⤵
                      PID:1924

              Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin
                Filesize

                2KB

                MD5

                b274986d9d467df8ca349559e235c552

                SHA1

                01e6f52d3c012272a190a0079b367a68282a6868

                SHA256

                546ef002ae356ebdfb9353fcaa3f7c69d06c3d868e4280dd028e49f053877f5f

                SHA512

                e3068baf3dd1e6649bb1388a9cad31f49f369acd35e1dbfce6f7deff773401bd6c43bfed338ad3b97638dee4c3212010929a52bb9dff009c257b3f5125d8b452

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\56238938-c288-428f-aafd-d290d777e2de
                Filesize

                10KB

                MD5

                439322c0234e503233ae9eeaf0ad8812

                SHA1

                d364b53e92d0b8d1692b0c1bb92d62c1ed950dfa

                SHA256

                c95f2cdb76538a0c7b2b97677c36b0150f55b0af8f2f961e081a70fd6be654d6

                SHA512

                95cd11a35c7bd1e4400bd7bdc65c994e9ae7975efbad3156d86b19c793b930663052ab14bdf0cc8fc97eebd8d8daae25b8733054771ac0a4fda34096bc6aef1b

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\cfec06ce-3d56-4c53-aea6-5b1e6037aed4
                Filesize

                746B

                MD5

                d6719068d794abd878cf1bde5304bfeb

                SHA1

                754a825376f36c48fb836112b36f9ddfd926fc38

                SHA256

                e6abe83112e2fc6dfa34eef3b1589d6edd04ef716535adc3fd8a892a8b694423

                SHA512

                1650a457facf89fdd60895ded9a9b166fdcd42965d99b663fab2b8c0bedceb600a63b9b75cb9672ca5cf82f795549dbb837e234c3f367114acb758b1062c8536

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js
                Filesize

                6KB

                MD5

                4270eb80343ef03cd8e4e260acfe6512

                SHA1

                1d1984e451c9f8826ea93dea2cf5425edc7e7dc0

                SHA256

                23a4c994361d55b1660dd7874612872015c87bdcf67c1e13af6c221c7b3799c5

                SHA512

                078e6c9d54ba89c58606436fdc19cc0ff7ce0279f5c34f9d69110cb0291a9e418212f0216c1cb9b7e717bca35a86d87336547e909f2b7ecdec11571939d0c3e5

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js
                Filesize

                6KB

                MD5

                41eb47e9c5270ffc954c4c837b37a6b3

                SHA1

                26f47b6b98a80535040dfdfa8aacbce75eee21db

                SHA256

                35b2408553f277df593a89a1553be2ce48071cb5c6147d6ef525e97de256804d

                SHA512

                a9f0aeb0c9fae3da4769358c9950ec19a1046a17983fe7f949ef422b5b28b11767ce1e9e60e301859cc243c0b2a599ba76a1615e054952da2298cf832d9e2b37

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs.js
                Filesize

                6KB

                MD5

                206fd7e45f632fe3a57c07cd693b6da9

                SHA1

                ba0ffdca99979cc72aaee0128b033f3591812087

                SHA256

                9fbd0e47f405173a0dfab793183953736b00d9bb4413ee65d3f0fe9f7f7bd130

                SHA512

                f0ab86c85f49f00806f16443a7f58bbf8392e089ebdb9bd4607355217f482fdaa2c442b0bd6639486119b4a743fd23a6cd80eee9b3ccea881fd28e58ed7b80ed

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore.jsonlz4
                Filesize

                630B

                MD5

                e8867d5b5d426945ce695a30a6941406

                SHA1

                bd33e0341b4ed3202e50f6e086194f876aa0c104

                SHA256

                2ef5804edd618f736c46ab91d51289a26dada030d1262463598a705b68a959cd

                SHA512

                83d15ff939bf1da154bbebf87af1d21614517730b890865537a83615407ac4af6cce536b0f0167c7b9e7f029b6b40e246ac26274dc29c6c7ff94721c37020fb3

                Download Submit

              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                Filesize

                184KB

                MD5

                3018d1aad8385b734068dbad441e344e

                SHA1

                2a3925bc92ec843db64b6db2cd6fe18ccf084a86

                SHA256

                f33415b0b1fc8c7e52356318d44aef1ae6bd9c64a89afa012d43a01a79954f88

                SHA512

                7ab1a1115a4f7ac61ba41bfe5875792cfa84d81f14f71239e43848de5940bfa07e2e34ea4be85a61c091d0b4b7742f3f55961fd26734b528cdb2c0b4d169c5e0

                Download Submit

              • C:\Users\Admin\Downloads\KpOlbmoU.rar.part
                Filesize

                57KB

                MD5

                9de289143e436c72d237be6fa40be491

                SHA1

                47cbe81a96caf839da68421066769565e59c156b

                SHA256

                6fb35bfb245667f65220dada3ac07b61a8223a31684df5cd6f5475d1c1790888

                SHA512

                c3bc9a0f4962225bddf7a6aba59c88c1253ccfa17b69b90fa2a21e362a8127f7f0055d30b2485e6de90f696d8164a8bdf194fa01c07468c8f6b50ba2858291eb

                Download Submit