Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
12-08-2024 20:52
Behavioral task
behavioral1
Sample
skuld.exe
Resource
win7-20240705-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
skuld.exe
Resource
win10v2004-20240802-en
skuldcredential_accessdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationspywarestealer
windows10-2004-x64
28 signatures
150 seconds
General
-
Target
skuld.exe
-
Size
9.4MB
-
MD5
19eefcece096efb65ef09734a0aa16be
-
SHA1
15e71662f2e568f0338f35ee847c02891d2a7d4d
-
SHA256
fd6619de7c16d616f754131fb87ce6707cdd244fff372ae5cc093db5120ffade
-
SHA512
16964a451c2ad5d293c2ee3f44c57be63aa62293c8a6192b56f56b5566f2c3310bb6492997b69f87aadeabbc72434dd1af5720b0d4bb424d99ee6e8322502425
-
SSDEEP
98304:hgN03vyx0HDD2a/gIZ7e8+SQkEA3GO7XVIEV:hHfi0H/Z7e87QdIoy
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 17 IoCs
pid Process 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2776 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 2984 taskmgr.exe Token: SeDebugPrivilege 2776 taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2984 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe 2776 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\skuld.exe"C:\Users\Admin\AppData\Local\Temp\skuld.exe"1⤵PID:672
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2984
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2776