4f5277c7e6f9d44ae89735337d9362d481879f705e0a2c1f3ed6e2e7e6066bc3

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 09:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Skychat/Skychat_Ver3.0_Final.exe
Size

1.7MB
MD5

f97f83f813b586ea65b0195834e4c4ba
SHA1

6170da6084c2e1ce5531803b64ad1f8e243b8272
SHA256

e577732fcdf52edcb4de5fa8eb06ddaa2f6db73e6af90dc0f327fbfaf58f4a74
SHA512

199fcf35653f495a197e708da3c9db3ab531da964255edb1e8df8c5c051e839c303b140363261236fa308026762cee8127702a8dae8c451a46b026f567a46a77
SSDEEP

24576:tEER5Wq7Yc/kSFS4uj1tSQRyTt+VQwjI8+bVv6ir3rSIHFS4uj1teovgqhVJFS4z:hWaD/VYtSQRswVr4Y6YtTJYtC

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4664-0-0x0000000000400000-0x00000000004B4000-memory.dmp	upx
behavioral2/files/0x0009000000023473-10.dat	upx
behavioral2/files/0x000a000000023473-18.dat	upx
behavioral2/files/0x0007000000023477-24.dat	upx
behavioral2/memory/4664-51-0x0000000000400000-0x00000000004B4000-memory.dmp	upx

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral2/memory/4664-51-0x0000000000400000-0x00000000004B4000-memory.dmp	autoit_exe

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Skychat\Skychat.exe	Skychat_Ver3.0_Final.exe
File opened for modification	C:\Program Files (x86)\Skychat\Update.exe	Skychat_Ver3.0_Final.exe
File created	C:\Program Files (x86)\Skychat\Unins.exe	Skychat_Ver3.0_Final.exe
File opened for modification	C:\Program Files (x86)\Skychat\Unins.exe	Skychat_Ver3.0_Final.exe
File created	C:\Program Files (x86)\Skychat\History.txt	Skychat_Ver3.0_Final.exe
File opened for modification	C:\Program Files (x86)\Skychat\History.txt	Skychat_Ver3.0_Final.exe
File created	C:\Program Files (x86)\Skychat\Skychat.dat	Skychat_Ver3.0_Final.exe
File opened for modification	C:\Program Files (x86)\Skychat\Skychat.dat	Skychat_Ver3.0_Final.exe
File opened for modification	C:\Program Files (x86)\Skychat\Skychat.exe	Skychat_Ver3.0_Final.exe
File created	C:\Program Files (x86)\Skychat\Update.exe	Skychat_Ver3.0_Final.exe
File created	C:\Program Files (x86)\Skychat\Readme.txt	Skychat_Ver3.0_Final.exe
File opened for modification	C:\Program Files (x86)\Skychat\Readme.txt	Skychat_Ver3.0_Final.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe
4664	Skychat_Ver3.0_Final.exe

C:\Users\Admin\AppData\Local\Temp\Skychat\Skychat_Ver3.0_Final.exe
"C:\Users\Admin\AppData\Local\Temp\Skychat\Skychat_Ver3.0_Final.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Skychat\Unins.exe

Filesize
293KB

MD5
05e669046b38af6cba5812bc94860ddd

SHA1
33420e68280d8824ecfe96abe31126345b0fde78

SHA256
e03772923c418bf4c15033bde4aae7e0951477bb7de18a214544eaec87167896

SHA512
f1d98ac2ef43eca0594ca8e27c4f0de35843318a66a946d8c15dbef18e3eba8d2d5171589533e12594694a189fdf6328bcab3138631ed7ea8dcc2d0091acf4c3

Download Submit
C:\Program Files (x86)\Skychat\Update.exe

Filesize
369KB

MD5
b21c441f37951ebb228fbfc8ab34e1f1

SHA1
d2277ab62b0f20277eea2feb8f786c498ac2d983

SHA256
eac5cd4f6e8cc58db48be23bd2b2382224a6c9d0042a796a7ea318358e1520e0

SHA512
91e2af11074fd763f711b87458480483fe999cc657f87f31ee676dde14a94f7ebb06d20c6583099b8309f739f74381380ed30ab97dd1961a48c0a843fe73d9a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\aut9BD3.tmp

Filesize
791KB

MD5
3eb19eff6881ac1b9704541f857ebbe9

SHA1
2e0b8916846af743518014270117c922410bf438

SHA256
716ba237379cd4489e0eb39846eed6c212c694ba8686c8b1e2326e98badb0a41

SHA512
b3bf74d6f010462578c8a0b8d40a5fd3c14dd8c0264ec5d2e531c3bde31912769dab2a4b5a0fc800229555109529c32ec33b9538b485882842db19a1a4b6c593

Download Submit
memory/4664-0-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/4664-51-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download