Overview

overview

10

Static

static

10

skibdi riz.exe

windows7-x64

3

skibdi riz.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    509s
  • max time network
    487s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-12-2024 16:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    skibdi riz.exe

  • Size

    423KB

  • MD5

    475de10be3b23fb9aa5788e3f448057f

  • SHA1

    5e53ee929938ec1c7a94d90b79dfb7a131260f9d

  • SHA256

    8b4ff5c585465a52b93856cfbcaf4ddaf40a2e9083b1c878cfb707e14eb67e62

  • SHA512

    bc8ac8252ba5ee0f10d03b71287052318f11e2a10d289ff3c563f52b7b45e40cf0c056fbd1a0ce309bd9358ee681b1fa6581d8546d390ed2a528f6e72789279b

  • SSDEEP

    6144:YeghbOV4Asvo/Z+wo6TmTIHnqgKIuTi5gTaWnLLDt1dbWAOaKapXFWbcF5U:YeKbOV4A3ho9IKNti5gT/wUzzWcU

Score
3/10
discovery

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 17 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 18 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\skibdi riz.exe
    "C:\Users\Admin\AppData\Local\Temp\skibdi riz.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:1368
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3240
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:212
    • C:\Users\Admin\AppData\Local\Temp\skibdi riz.exe
      "C:\Users\Admin\AppData\Local\Temp\skibdi riz.exe"
      1⤵
      • System Location Discovery: System Language Discovery
      PID:3336
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://appdata/
      1⤵
      • Enumerates system info in registry
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of WriteProcessMemory
      PID:996
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff813c146f8,0x7ff813c14708,0x7ff813c14718
        2⤵
          PID:3412
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15854370490121226748,15958911531215078780,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
          2⤵
            PID:3524
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,15854370490121226748,15958911531215078780,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
            2⤵
              PID:2744
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,15854370490121226748,15958911531215078780,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
              2⤵
                PID:5000
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15854370490121226748,15958911531215078780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
                2⤵
                  PID:264
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15854370490121226748,15958911531215078780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
                  2⤵
                    PID:3120
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15854370490121226748,15958911531215078780,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
                    2⤵
                      PID:2392
                  • C:\Windows\System32\CompPkgSrv.exe
                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                    1⤵
                      PID:4964
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:2760
                      • C:\Windows\system32\svchost.exe
                        C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
                        1⤵
                          PID:1004
                        • C:\Windows\system32\OpenWith.exe
                          C:\Windows\system32\OpenWith.exe -Embedding
                          1⤵
                          • Modifies registry class
                          • Suspicious use of SetWindowsHookEx
                          PID:740
                        • C:\Windows\system32\OpenWith.exe
                          C:\Windows\system32\OpenWith.exe -Embedding
                          1⤵
                          • Modifies registry class
                          • Suspicious behavior: GetForegroundWindowSpam
                          • Suspicious use of SetWindowsHookEx
                          PID:4308
                          • C:\Windows\system32\NOTEPAD.EXE
                            "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\skibdi riz.DMP
                            2⤵
                              PID:2752
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k SDRSVC
                            1⤵
                            • Suspicious use of AdjustPrivilegeToken
                            PID:4120

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            a0486d6f8406d852dd805b66ff467692

                            SHA1

                            77ba1f63142e86b21c951b808f4bc5d8ed89b571

                            SHA256

                            c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

                            SHA512

                            065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            dc058ebc0f8181946a312f0be99ed79c

                            SHA1

                            0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

                            SHA256

                            378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

                            SHA512

                            36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\65b71db6-e42b-4d0e-9282-39d754717f14.tmp
                            Filesize

                            6KB

                            MD5

                            5dded31c8fe19401e83b930364aeaa89

                            SHA1

                            5df9db75554d2a72824d21b6ddf10e3854d8ba41

                            SHA256

                            b35a59a4b79a6cc82d57a625f620901db04a47a610d2de4b1bc44edd294040b3

                            SHA512

                            85ec520b0754ba4cc108150594f554a559e4e2b68996d2923f740a57095f55dd8609814cd90464569f728cfe7ee128e4a62e6f5fa07d6f44a6eae672cec2331e

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            5KB

                            MD5

                            76796327bbbcbef04333785ba325717b

                            SHA1

                            a5a93b8ceb5fa37c512b1516cf59ca1190d1fa7b

                            SHA256

                            0a6afbc6714e431cae276059feac435fb8ea6c358ce11666ccda62d38f13c86a

                            SHA512

                            0d3745a2b1daba5988b474492f7b9b42a04b16871c3420c133fd354aa2be85f1721092a8117cc07d6673aee0658ee141233f6e01e9e7d7af22f84721be830ba6

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            10KB

                            MD5

                            9160c6bd1f205f800d07ee99c627e365

                            SHA1

                            8dc597da16b436f4ebc4cbf217117f192a076509

                            SHA256

                            da1a816afff7babc7a9b465c746c5244aaa1b4f622da49f4aadecfb4384d7dd1

                            SHA512

                            8ce3716445e543124e471a293ff54f77a2d2a7723da1df5ede8969de0d4a977842fe8218899ee254351f15dcbb693892d6a13dfd5ad52c5924f4ccab3af97f1a

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                            Filesize

                            264KB

                            MD5

                            f50f89a0a91564d0b8a211f8921aa7de

                            SHA1

                            112403a17dd69d5b9018b8cede023cb3b54eab7d

                            SHA256

                            b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                            SHA512

                            bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                            Download Submit

                          • memory/3240-8-0x000001C6C5580000-0x000001C6C5581000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/3240-10-0x000001C6C5580000-0x000001C6C5581000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/3240-9-0x000001C6C5580000-0x000001C6C5581000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/3240-11-0x000001C6C5580000-0x000001C6C5581000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/3240-12-0x000001C6C5580000-0x000001C6C5581000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/3240-13-0x000001C6C5580000-0x000001C6C5581000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/3240-1-0x000001C6C5580000-0x000001C6C5581000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/3240-7-0x000001C6C5580000-0x000001C6C5581000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/3240-3-0x000001C6C5580000-0x000001C6C5581000-memory.dmp

                            Filesize

                            4KB

                            Download

                          • memory/3240-2-0x000001C6C5580000-0x000001C6C5581000-memory.dmp

                            Filesize

                            4KB

                            Download