262d6420018c8000d4f95686b9b6862737b7bd46ca94916c0c23d4ae603a8e5f

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19/02/2025, 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Skery.exe
Size

673KB
MD5

23c5b9f638e095f67c6e0c038431f24b
SHA1

6b3366c3ff8aa8576c520adb20f6fdea2393ed7f
SHA256

380487150b51a339c3d8c34526c0109d9b5a904aee3e41abc62c04a63ec18dfb
SHA512

0dea689116a01ac15e11420cdbfc01bf70b010fc175f726e873f2f32356d2521dbaf9369b193ca8439a98f29950e5a51e98598e03af5a8995a561b3523b74d15
SSDEEP

12288:Xa/AcZ6qJ2s1+pBOijz3U1PbGf+883INo89u/r2XdgjPEmADNA0EpphZNG2q:X4Z6SQB5/3U5SWN3INFu/9jsmY0q

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2380	Skery.exe
2380	Skery.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2412	2380	WerFault.exe	29

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Skery.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2412	2380	Skery.exe	31
PID 2380 wrote to memory of 2412	2380	Skery.exe	31
PID 2380 wrote to memory of 2412	2380	Skery.exe	31
PID 2380 wrote to memory of 2412	2380	Skery.exe	31

C:\Users\Admin\AppData\Local\Temp\Skery.exe
"C:\Users\Admin\AppData\Local\Temp\Skery.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 472
  2⤵
  - Program crash
  PID:2412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Music\timelanges.lnk

Filesize
848B

MD5
e99c6dbd1723cfdb3f688de698321e44

SHA1
2896cd8a8e0eb424c3b230fe9783b9eee2b9bc19

SHA256
b43acde1342f2b974603395a3994c54d68998c7a66aa1cb6c57a5ce4394a0734

SHA512
91e73e2c32db2b9e87ca0887c4883525f315158f89cbcfe0a1e0664cb235751e1be8d016b2407734e00d443dcbabad5ae79d2c454b162afe4195c230f74fce9f

Download Submit
\Users\Admin\AppData\Local\Temp\nsyC4A7.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit