skuld | 1c141c7280327dfae2729a768e31076cc23c972ef73e0323d0246e72423ba848 | Triage

Submit
Reports

Overview

overview

Static

static

skuld.exe

windows10-1703-x64

7

Sharing

General

Target

skuld.exe
Size

9.9MB
Sample

241024-xea4ps1anr
MD5

873e29ff957df42b18e9acd839e57854
SHA1

d3db5b14226be6caed8481a606642a9a7c5da7e1
SHA256

1c141c7280327dfae2729a768e31076cc23c972ef73e0323d0246e72423ba848
SHA512

ff6b103efc45674c12b52b3c74f0d4425a6f240b9a021dea925621cd51a51ee1c5443b206446e90ca0d02aa8fc62e2107d06e6bd9b1ce71708838693809a97d1
SSDEEP

98304:B/+UKnYehFlLUBnPZZMz9cXU5fpKePkE5B2v/ZmmzL:J+oehFN+BY9cXU9pKePdSDzL

Score

10^/10

skuld discovery persistence privilege_escalation

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

skuld.exe

Resource

win10-20240404-en

discovery persistence privilege_escalation

windows10-1703-x64

23 signatures

150 seconds

Malware Config

Targets

- Target
  
  skuld.exe
- Size
  
  9.9MB
- MD5
  
  873e29ff957df42b18e9acd839e57854
- SHA1
  
  d3db5b14226be6caed8481a606642a9a7c5da7e1
- SHA256
  
  1c141c7280327dfae2729a768e31076cc23c972ef73e0323d0246e72423ba848
- SHA512
  
  ff6b103efc45674c12b52b3c74f0d4425a6f240b9a021dea925621cd51a51ee1c5443b206446e90ca0d02aa8fc62e2107d06e6bd9b1ce71708838693809a97d1
- SSDEEP
  
  98304:B/+UKnYehFlLUBnPZZMz9cXU5fpKePkE5B2v/ZmmzL:J+oehFN+BY9cXU9pKePdSDzL
Score

7^/10

discovery persistence privilege_escalation
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Change Default File Association

Component Object Model Hijacking

Defense Evasion

Hide Artifacts

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistenceprivilege_escalation

© 2018-2024

Terms | Privacy