Overview

overview

10

Static

static

10

skuld.exe

windows7-x64

1

skuld.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    24s
  • max time network
    25s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-01-2025 22:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    skuld.exe

  • Size

    9.9MB

  • MD5

    c41bcb9a79f6642a41b2700cb6568d5f

  • SHA1

    0d3513ad6b40883d382be67fc06b0412186c2101

  • SHA256

    f42d031594a7899b74d6635aef7cb1f743a219bedc46dc6d5fe059c610b1b091

  • SHA512

    0c7445dfa9e808ae6b28777105c33a38d52d8c038ed77d7ab6f23a5112ca5015c57730c557fa588343001c3f8d6ba87fc2b4671a5db792ab48c3244940bc01fe

  • SSDEEP

    98304:KtKxH9nEaPLV9mx7bZqRQvKWmhAEbLGg7BDkF+dQq:KtInEaHEJqRQvjC5bC+Gq

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 9 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\skuld.exe
    "C:\Users\Admin\AppData\Local\Temp\skuld.exe"
    1⤵
      PID:2440
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1036
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:2844
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2844.0.1239178020\919054810" -parentBuildID 20221007134813 -prefsHandle 1216 -prefMapHandle 1208 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41bcf355-28e8-472e-acf0-8933204f5831} 2844 "\\.\pipe\gecko-crash-server-pipe.2844" 1280 45f4158 gpu
          3⤵
            PID:2592
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2844.1.667574860\963089206" -parentBuildID 20221007134813 -prefsHandle 1472 -prefMapHandle 1468 -prefsLen 20928 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bece879-1326-450c-939d-bca5f61a854a} 2844 "\\.\pipe\gecko-crash-server-pipe.2844" 1484 e71f58 socket
            3⤵
            • Checks processor information in registry
            PID:2760
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2844.2.1374343268\1997543645" -childID 1 -isForBrowser -prefsHandle 2072 -prefMapHandle 2068 -prefsLen 20966 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fe03a27-6f8d-47c1-be8e-c9d20e2bb061} 2844 "\\.\pipe\gecko-crash-server-pipe.2844" 2084 455c958 tab
            3⤵
              PID:2496
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2844.3.398998507\796951423" -childID 2 -isForBrowser -prefsHandle 2536 -prefMapHandle 2548 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa106bfb-13df-432b-84a5-738fd23961bd} 2844 "\\.\pipe\gecko-crash-server-pipe.2844" 640 e5ee58 tab
              3⤵
                PID:2240
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2844.4.1888360779\1207517143" -childID 3 -isForBrowser -prefsHandle 3016 -prefMapHandle 3012 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec3e2cbf-41b8-4ca5-871b-d6995c8c5ffe} 2844 "\\.\pipe\gecko-crash-server-pipe.2844" 3056 1c1b4558 tab
                3⤵
                  PID:1448
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2844.5.1024754063\1875309068" -childID 4 -isForBrowser -prefsHandle 3852 -prefMapHandle 3848 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e45c4a8-80a8-4d5f-aa0c-a446be72e397} 2844 "\\.\pipe\gecko-crash-server-pipe.2844" 3772 1ef9e058 tab
                  3⤵
                    PID:952
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2844.6.1315618807\952307250" -childID 5 -isForBrowser -prefsHandle 3952 -prefMapHandle 3956 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {76f75be6-38b1-48a7-bbc2-468e0eb3f865} 2844 "\\.\pipe\gecko-crash-server-pipe.2844" 3940 1ef9e658 tab
                    3⤵
                      PID:2208
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2844.7.699830709\1654787854" -childID 6 -isForBrowser -prefsHandle 4080 -prefMapHandle 4084 -prefsLen 26351 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c011da0-6c01-4be7-8212-5746aa4c4fa3} 2844 "\\.\pipe\gecko-crash-server-pipe.2844" 4072 1ef9dd58 tab
                      3⤵
                        PID:2972

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4k8o8gx5.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    26KB

                    MD5

                    5fcfdee8aec21cea57b9a6040da2f44d

                    SHA1

                    f2c5616d77f9d5622def48e95453b5c2deedb598

                    SHA256

                    7cac1bed2bb5df59a3293907199678d7854ca16d06b2fd2ebbf874d06283b1fb

                    SHA512

                    ed1295c3087bf6cc354ba34778722f91ea3d946bdbf6a5fd36633a7e060fc9ca18d876a2ca3431e52103727802f00d5b0eb3948e5d09fa0e3d07cf91fc08904a

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4k8o8gx5.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
                    Filesize

                    15KB

                    MD5

                    96c542dec016d9ec1ecc4dddfcbaac66

                    SHA1

                    6199f7648bb744efa58acf7b96fee85d938389e4

                    SHA256

                    7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

                    SHA512

                    cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4k8o8gx5.default-release\datareporting\glean\db\data.safe.bin
                    Filesize

                    2KB

                    MD5

                    90b62ce98d009ee8bc0f404b7f50acc7

                    SHA1

                    840a73dd8dd0a5889ce4c8a70d93242072aa134d

                    SHA256

                    c8ecb99e5f6c70728c25cc9bba7dcd1f94147a69337bf19a733cded2b309abf7

                    SHA512

                    9b9c69e0cba39e77d3fc9f47221aebf5ca3b0c8bc7cff5ca9a142bee6f5873d6cd980d82276062e6d8e3cdae387ab19548006cdf26f7c5e13f64adfcb8c11aec

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4k8o8gx5.default-release\datareporting\glean\pending_pings\d76dcd9a-e0a2-4dde-aa94-a1e94e0e103a
                    Filesize

                    745B

                    MD5

                    1abcf53efb27f69cb9471b29ee1222c6

                    SHA1

                    f159d456108b0533753c3fb2136aceefeb95d286

                    SHA256

                    e7e071e1727a70346b9db427d878ffd4aec683b0f8693c2c65d78bee7b89653f

                    SHA512

                    33a47075d19d9bccf34b5a0e0ec7138017bc4b420785b68010b4d7d14ee27330eefe83786fddd04dbd2a396d80ab1a836eaf85bb13954575f7ef1f0ba7682564

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4k8o8gx5.default-release\datareporting\glean\pending_pings\dfc9a16d-bf6e-4a20-941a-9b0199673072
                    Filesize

                    12KB

                    MD5

                    1d6b143bc8eb4c08219f9df52690cbd2

                    SHA1

                    288721049aab6234a628e48c96839350f9edf84f

                    SHA256

                    eed3fb641f242c34576bf093d34221005f0f338045e0e58fc4a63e699b0e5038

                    SHA512

                    6cc422c470595d13588711db883575e44b8a47bf0ca7c86c58c2a5b43e564a0d5a639ca8497cb8909b9880ef6f287a1a9646f111391047f5586f8436c7eb8578

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4k8o8gx5.default-release\prefs-1.js
                    Filesize

                    6KB

                    MD5

                    af280c3163223369af9df6b513ed2643

                    SHA1

                    6d05b5194b96fd3c5e6bc806489d21ccf382a8d7

                    SHA256

                    f04a880d4be0c6d246da764327eb31cb0132b6ed6c90990d4a14756110411fe7

                    SHA512

                    8c0170479da9497bc87ed1cbd8419cf87f1f4d946f8ff0ec4c069c2aee3fbb7f67d2601159abeadae33822a9f6f0e19acd1d2cd894501216421422e1e7609109

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4k8o8gx5.default-release\sessionstore.jsonlz4
                    Filesize

                    831B

                    MD5

                    1d6c2b36c6be73b5982c6beaf1e61d44

                    SHA1

                    db7c5937a86e04239472bad817b1563c83c3acfa

                    SHA256

                    6f0efca75c837103f7e0867531f35e887d96d122e29241ea40ede0879b2dbd39

                    SHA512

                    d0dd566732a945a76e1cc973f76cec4705f8d8c99da89e42a6c7891bb75818a71794bc38ff563715e57bfd3589f486369dba82045bc320a34c0d7bdcc0954aa8

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4k8o8gx5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                    Filesize

                    184KB

                    MD5

                    ab538ab6268010cee1be159520455c7c

                    SHA1

                    d355597fed83592c77e6c28db937b448f4b22cb0

                    SHA256

                    1ed486fc90fdbe640b3c9a6d1cf2cd7c2378418ca16d26ca3c82594547e49a63

                    SHA512

                    f77969f3ca4c4a39c33290f85e2a632e7d05d0bf73d993f88058b5b576f86df87eb495c90d0f360aaafedcc1a405c12e86bda8e5c2ced15a52ac1d1285b4a8c1

                    Download Submit