Analysis
-
max time kernel
147s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
15-12-2024 16:32
Behavioral task
behavioral1
Sample
skibdi riz.exe
Resource
win7-20240903-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral2
Sample
skibdi riz.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
13 signatures
150 seconds
General
-
Target
skibdi riz.exe
-
Size
423KB
-
MD5
475de10be3b23fb9aa5788e3f448057f
-
SHA1
5e53ee929938ec1c7a94d90b79dfb7a131260f9d
-
SHA256
8b4ff5c585465a52b93856cfbcaf4ddaf40a2e9083b1c878cfb707e14eb67e62
-
SHA512
bc8ac8252ba5ee0f10d03b71287052318f11e2a10d289ff3c563f52b7b45e40cf0c056fbd1a0ce309bd9358ee681b1fa6581d8546d390ed2a528f6e72789279b
-
SSDEEP
6144:YeghbOV4Asvo/Z+wo6TmTIHnqgKIuTi5gTaWnLLDt1dbWAOaKapXFWbcF5U:YeKbOV4A3ho9IKNti5gT/wUzzWcU
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language skibdi riz.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2308 taskmgr.exe -
Suspicious use of FindShellTrayWindow 35 IoCs
pid Process 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe -
Suspicious use of SendNotifyMessage 34 IoCs
pid Process 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe 2308 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\skibdi riz.exe"C:\Users\Admin\AppData\Local\Temp\skibdi riz.exe"1⤵
- System Location Discovery: System Language Discovery
PID:1448
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2308