Analysis
-
max time kernel
143s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
26/09/2024, 14:35
Behavioral task
behavioral1
Sample
Skibidi2.rar
Resource
win7-20240903-en
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
Skibidi2.rar
Resource
win10v2004-20240802-en
8 signatures
150 seconds
General
-
Target
Skibidi2.rar
-
Size
20.9MB
-
MD5
0b3f0b972f2b76ce9d43e15fe26da47c
-
SHA1
3c473950f1dd34f55c30a98c254fab8180a5149f
-
SHA256
ef73b9705db080e09c3a84fb5201fd003f242b06e9a5a9028231efc938ead241
-
SHA512
10ea567fd9cb8afd4e648ee4f6c4ca7b7d52cb3c79435a4381cbdb2f6ad2b13943a399c9382a169a7657cb1ec08c6f3789026168ccf142ec57be5d46a0f41c29
-
SSDEEP
393216:ByaUpCe39n3BW8aCuEGnvu0U4KKiPcYfApVgPcLfi2F6y80fxdY24Xod7QaPYsg:ByB3hBW8rTiRKbPccApJij6x+TsEuVg
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_Classes\Local Settings rundll32.exe Key created \REGISTRY\USER\S-1-5-21-1846800975-3917212583-2893086201-1000_Classes\Local Settings rundll32.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
pid Process 2364 vlc.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 2364 vlc.exe -
Suspicious use of FindShellTrayWindow 10 IoCs
pid Process 2364 vlc.exe 2364 vlc.exe 2364 vlc.exe 2364 vlc.exe 2364 vlc.exe 2364 vlc.exe 2364 vlc.exe 2364 vlc.exe 2364 vlc.exe 2364 vlc.exe -
Suspicious use of SendNotifyMessage 9 IoCs
pid Process 2364 vlc.exe 2364 vlc.exe 2364 vlc.exe 2364 vlc.exe 2364 vlc.exe 2364 vlc.exe 2364 vlc.exe 2364 vlc.exe 2364 vlc.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2364 vlc.exe -
Suspicious use of WriteProcessMemory 9 IoCs
description pid Process procid_target PID 2180 wrote to memory of 1868 2180 cmd.exe 31 PID 2180 wrote to memory of 1868 2180 cmd.exe 31 PID 2180 wrote to memory of 1868 2180 cmd.exe 31 PID 1868 wrote to memory of 2328 1868 rundll32.exe 32 PID 1868 wrote to memory of 2328 1868 rundll32.exe 32 PID 1868 wrote to memory of 2328 1868 rundll32.exe 32 PID 2328 wrote to memory of 2364 2328 rundll32.exe 35 PID 2328 wrote to memory of 2364 2328 rundll32.exe 35 PID 2328 wrote to memory of 2364 2328 rundll32.exe 35
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\Skibidi2.rar1⤵
- Suspicious use of WriteProcessMemory
PID:2180 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Skibidi2.rar2⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1868 -
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\Skibidi2.rar3⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2328 -
C:\Program Files\VideoLAN\VLC\vlc.exe"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\AppData\Local\Temp\Skibidi2.rar"4⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2364
-
-
-