Overview
overview
10Static
static
5My-Skidded...in.zip
windows11-21h2-x64
1My-Skidded...f2.exe
windows11-21h2-x64
8My-Skidded...Us.vbs
windows11-21h2-x64
1My-Skidded...AT.exe
windows11-21h2-x64
10My-Skidded...UN.exe
windows11-21h2-x64
10My-Skidded...no.exe
windows11-21h2-x64
6My-Skidded...!!.zip
windows11-21h2-x64
1My-Skidded...MK.exe
windows11-21h2-x64
My-Skidded...ck.vbs
windows11-21h2-x64
1My-Skidded...it.exe
windows11-21h2-x64
7My-Skidded... 2.bat
windows11-21h2-x64
3My-Skidded...OR.vbs
windows11-21h2-x64
1My-Skidded...ge.exe
windows11-21h2-x64
My-Skidded...ck.exe
windows11-21h2-x64
10My-Skidded...BR.exe
windows11-21h2-x64
My-Skidded...ba.vbs
windows11-21h2-x64
1My-Skidded...ad.exe
windows11-21h2-x64
My-Skidded...BR.exe
windows11-21h2-x64
6My-Skidded...AL.exe
windows11-21h2-x64
6My-Skidded...en.exe
windows11-21h2-x64
6My-Skidded...in.exe
windows11-21h2-x64
6My-Skidded...BR.exe
windows11-21h2-x64
My-Skidded...64.exe
windows11-21h2-x64
My-Skidded...64.exe
windows11-21h2-x64
10My-Skidded...24.exe
windows11-21h2-x64
10My-Skidded...DME.md
windows11-21h2-x64
3My-Skidded....0.bat
windows11-21h2-x64
3My-Skidded...as.exe
windows11-21h2-x64
My-Skidded...ll.bat
windows11-21h2-x64
My-Skidded...ks.exe
windows11-21h2-x64
My-Skidded...ua.exe
windows11-21h2-x64
My-Skidded...kz.bat
windows11-21h2-x64
8Resubmissions
09/03/2025, 01:58
250309-cdv29swybs 1008/03/2025, 06:55
250308-hp35xatjt9 1008/03/2025, 04:53
250308-fh1ebssky5 10Analysis
-
max time kernel
149s -
max time network
97s -
platform
windows11-21h2_x64 -
resource
win11-20250217-en -
resource tags
arch:x64arch:x86image:win11-20250217-enlocale:en-usos:windows11-21h2-x64system -
submitted
08/03/2025, 06:55
Behavioral task
behavioral1
Sample
My-Skidded-malwares-main.zip
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral2
Sample
My-Skidded-malwares-main/6abdd72e82088f5aab90dc9e02f2d9781cea1b3f1c84b3f16df4810956f68ef2.exe
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
My-Skidded-malwares-main/AmongUs.vbs
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral4
Sample
My-Skidded-malwares-main/AnaRAT.exe
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
My-Skidded-malwares-main/CRINGE-DO-NOT-RUN.exe
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral6
Sample
My-Skidded-malwares-main/Cirno.exe
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
My-Skidded-malwares-main/Cool Game MAKR 2022!!.zip
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral8
Sample
My-Skidded-malwares-main/DAMK.exe
Resource
win11-20250218-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
My-Skidded-malwares-main/Dell_Fuck.vbs
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral10
Sample
My-Skidded-malwares-main/Discord Expliot Kit.exe
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
My-Skidded-malwares-main/ERROR 2.bat
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral12
Sample
My-Skidded-malwares-main/ERROR.vbs
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
My-Skidded-malwares-main/Fello_s_Revenge.exe
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral14
Sample
My-Skidded-malwares-main/Fellos RAT-Pack.exe
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral15
Sample
My-Skidded-malwares-main/KonataMBR.exe
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral16
Sample
My-Skidded-malwares-main/KonoSuba.vbs
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral17
Sample
My-Skidded-malwares-main/MarisaFumoDownload.exe
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral18
Sample
My-Skidded-malwares-main/MarisaMBR.exe
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral19
Sample
My-Skidded-malwares-main/Marlon2210FACEREVEAL.exe
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral20
Sample
My-Skidded-malwares-main/Marlon2210KeyGen.exe
Resource
win11-20250218-en
windows11-21h2-x64
Behavioral task
behavioral21
Sample
My-Skidded-malwares-main/Megumin.exe
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral22
Sample
My-Skidded-malwares-main/NazrinMBR.exe
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral23
Sample
My-Skidded-malwares-main/PCCooker2.0_x64.exe
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral24
Sample
My-Skidded-malwares-main/PCCooker_x64.exe
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral25
Sample
My-Skidded-malwares-main/PanKoza2.0 Discord Token Stealer 2024.exe
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral26
Sample
My-Skidded-malwares-main/README.md
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral27
Sample
My-Skidded-malwares-main/RaM KilLEr 1.0.bat
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral28
Sample
My-Skidded-malwares-main/Rias.exe
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral29
Sample
My-Skidded-malwares-main/Run All.bat
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral30
Sample
My-Skidded-malwares-main/TouhouHacks.exe
Resource
win11-20250217-en
windows11-21h2-x64
Behavioral task
behavioral31
Sample
My-Skidded-malwares-main/Trojan.Aqua.exe
Resource
win11-20250218-en
windows11-21h2-x64
Behavioral task
behavioral32
Sample
My-Skidded-malwares-main/Trojan.Bat.FortniteHackz.bat
Resource
win11-20250217-en
windows11-21h2-x64
General
-
Target
My-Skidded-malwares-main/Discord Expliot Kit.exe
-
Size
402KB
-
MD5
8c03f9981a98007dcf7d68415680d1a0
-
SHA1
4f4986dda199a8874b023e163de023dec27104ac
-
SHA256
816a4880a3b1076f4e27e5f26324035c0b1ab66c2a87b28a64f8ce03429d7f5e
-
SHA512
b4d4eda5bb1783324f5baaf458d3d7483076db1e765dc8e65c01a2b018d7e1658907fe21adf8f5e1653360ebada03c5c9503746ff716c21a20b20d793fc35079
-
SSDEEP
12288:a6Wq4aaE6KwyF5L0Y2D1PqLZeqhBkEFY9ddNdgYaTW3DB:4thEVaPqLDkFiYaTkB
Malware Config
Signatures
-
Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\o: Discord Expliot Kit.exe File opened (read-only) \??\x: Discord Expliot Kit.exe File opened (read-only) \??\a: Discord Expliot Kit.exe File opened (read-only) \??\b: Discord Expliot Kit.exe File opened (read-only) \??\e: Discord Expliot Kit.exe File opened (read-only) \??\j: Discord Expliot Kit.exe File opened (read-only) \??\p: Discord Expliot Kit.exe File opened (read-only) \??\t: Discord Expliot Kit.exe File opened (read-only) \??\v: Discord Expliot Kit.exe File opened (read-only) \??\z: Discord Expliot Kit.exe File opened (read-only) \??\h: Discord Expliot Kit.exe File opened (read-only) \??\i: Discord Expliot Kit.exe File opened (read-only) \??\l: Discord Expliot Kit.exe File opened (read-only) \??\s: Discord Expliot Kit.exe File opened (read-only) \??\w: Discord Expliot Kit.exe File opened (read-only) \??\F: Discord Expliot Kit.exe File opened (read-only) \??\k: Discord Expliot Kit.exe File opened (read-only) \??\m: Discord Expliot Kit.exe File opened (read-only) \??\n: Discord Expliot Kit.exe File opened (read-only) \??\q: Discord Expliot Kit.exe File opened (read-only) \??\r: Discord Expliot Kit.exe File opened (read-only) \??\u: Discord Expliot Kit.exe File opened (read-only) \??\y: Discord Expliot Kit.exe File opened (read-only) \??\g: Discord Expliot Kit.exe -
AutoIT Executable 14 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule behavioral10/memory/4240-98-0x0000000000400000-0x00000000004BA000-memory.dmp autoit_exe behavioral10/memory/4240-202-0x0000000000400000-0x00000000004BA000-memory.dmp autoit_exe behavioral10/memory/4240-203-0x0000000000400000-0x00000000004BA000-memory.dmp autoit_exe behavioral10/memory/4240-204-0x0000000000400000-0x00000000004BA000-memory.dmp autoit_exe behavioral10/memory/4240-205-0x0000000000400000-0x00000000004BA000-memory.dmp autoit_exe behavioral10/memory/4240-206-0x0000000000400000-0x00000000004BA000-memory.dmp autoit_exe behavioral10/memory/4240-208-0x0000000000400000-0x00000000004BA000-memory.dmp autoit_exe behavioral10/memory/4240-209-0x0000000000400000-0x00000000004BA000-memory.dmp autoit_exe behavioral10/memory/4240-210-0x0000000000400000-0x00000000004BA000-memory.dmp autoit_exe behavioral10/memory/4240-211-0x0000000000400000-0x00000000004BA000-memory.dmp autoit_exe behavioral10/memory/4240-212-0x0000000000400000-0x00000000004BA000-memory.dmp autoit_exe behavioral10/memory/4240-213-0x0000000000400000-0x00000000004BA000-memory.dmp autoit_exe behavioral10/memory/4240-214-0x0000000000400000-0x00000000004BA000-memory.dmp autoit_exe behavioral10/memory/4240-215-0x0000000000400000-0x00000000004BA000-memory.dmp autoit_exe -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wl.jpg" Discord Expliot Kit.exe -
resource yara_rule behavioral10/memory/4240-0-0x0000000000400000-0x00000000004BA000-memory.dmp upx behavioral10/memory/4240-98-0x0000000000400000-0x00000000004BA000-memory.dmp upx behavioral10/memory/4240-202-0x0000000000400000-0x00000000004BA000-memory.dmp upx behavioral10/memory/4240-203-0x0000000000400000-0x00000000004BA000-memory.dmp upx behavioral10/memory/4240-204-0x0000000000400000-0x00000000004BA000-memory.dmp upx behavioral10/memory/4240-205-0x0000000000400000-0x00000000004BA000-memory.dmp upx behavioral10/memory/4240-206-0x0000000000400000-0x00000000004BA000-memory.dmp upx behavioral10/memory/4240-208-0x0000000000400000-0x00000000004BA000-memory.dmp upx behavioral10/memory/4240-209-0x0000000000400000-0x00000000004BA000-memory.dmp upx behavioral10/memory/4240-210-0x0000000000400000-0x00000000004BA000-memory.dmp upx behavioral10/memory/4240-211-0x0000000000400000-0x00000000004BA000-memory.dmp upx behavioral10/memory/4240-212-0x0000000000400000-0x00000000004BA000-memory.dmp upx behavioral10/memory/4240-213-0x0000000000400000-0x00000000004BA000-memory.dmp upx behavioral10/memory/4240-214-0x0000000000400000-0x00000000004BA000-memory.dmp upx behavioral10/memory/4240-215-0x0000000000400000-0x00000000004BA000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Discord Expliot Kit.exe -
Modifies Control Panel 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000\Control Panel\Desktop Discord Expliot Kit.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-112184765-1670301065-1210615588-1000_Classes\Local Settings Discord Expliot Kit.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe 4240 Discord Expliot Kit.exe -
Suspicious use of WriteProcessMemory 6 IoCs
description pid Process procid_target PID 4240 wrote to memory of 2636 4240 Discord Expliot Kit.exe 81 PID 4240 wrote to memory of 2636 4240 Discord Expliot Kit.exe 81 PID 2636 wrote to memory of 4460 2636 cmd.exe 83 PID 2636 wrote to memory of 4460 2636 cmd.exe 83 PID 4240 wrote to memory of 1944 4240 Discord Expliot Kit.exe 84 PID 4240 wrote to memory of 1944 4240 Discord Expliot Kit.exe 84
Processes
-
C:\Users\Admin\AppData\Local\Temp\My-Skidded-malwares-main\Discord Expliot Kit.exe"C:\Users\Admin\AppData\Local\Temp\My-Skidded-malwares-main\Discord Expliot Kit.exe"1⤵
- Enumerates connected drives
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Modifies Control Panel
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4240 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c wusa C:\Users\Admin\AppData\Local\Temp\64.cab /quiet /extract:C:\Windows\system32\migwiz\ & exit2⤵
- Suspicious use of WriteProcessMemory
PID:2636 -
C:\Windows\system32\wusa.exewusa C:\Users\Admin\AppData\Local\Temp\64.cab /quiet /extract:C:\Windows\system32\migwiz\3⤵PID:4460
-
-
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\888.vbs"2⤵PID:1944
-
Network
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8B
MD5de6fdff1993c731e52e49d52a6e684d9
SHA1120d1ff8a24109eed24ac1a5697383d50bcc0f47
SHA256645c2d0cb9f6edf276f7dead9ab8c72531cdae22f54962d174c1339c30cb1b42
SHA51299d05bf76a3a7466ccf27ac304ba35639716089d8dae388aaa707bfb6feb3f362251a65951663dd86abcac5a5e7358a5f29faedfe4c0b55ae136ba9d8f1209c1
-
Filesize
49KB
MD58cfa6b4acd035a2651291a2a4623b1c7
SHA143571537bf2ce9f8e8089fadcbf876eaf4cf3ae9
SHA2566e438201a14a70980048d2377c2195608d5dc2cf915f489c0a59ac0627c98fa9
SHA512e0a73401ce74c8db69964ef5a53f2a1b8caf8c739359785970295dae82619e81c0a21466327a023cf4009e0c15981a20bf1e18c73821083908fce722faa82685
-
Filesize
280B
MD58be57121a3ecae9c90cce4adf00f2454
SHA1aca585c1b6409bc2475f011a436b319e42b356d8
SHA25635d7204f9582b63b47942a4df9a55b8825b6d0af295b641f6257c39f7dda5f5e
SHA51285521f6cd62dd5bb848933a188a9ddb83dd7ae2c5f4a97b65ba7785c3d58dba27694c7df308f4cf0fdaaa8c55251ff14ed1632e315a16d8d0b15217bac381f72
-
Filesize
47KB
MD59dda4db9e90ff039ad5a58785b9d626d
SHA1507730d87b32541886ec1dd77f3459fa7bf1e973
SHA256fc31b205d5e4f32fa0c71c8f72ee06b92a28bd8690f71ab8f94ff401af2228fe
SHA5124cfecaaccd0f8f9e31690ff80cca83edc962e73861043fffded1a3847201455d5adca7c5ef3866c65e6e516205e67b2f31c8149aad5be1065c1eb586b013f86a
-
Filesize
4KB
MD54e7576a115c6d898add5a903b1d1374b
SHA1b1285f2e8fcb48fd675e481b03fa76d3c51877b7
SHA256ed08ba090f55d7d9d3450d53035a19b5b47d4dcc7fc8a4923d288436d60e8609
SHA512fba75bcb4913d07a0fb7e97ce47d072607bb9f0409d8459a3a01ccc648521b07912ac2f79b4a63f7300e71518c25b0ac7777573fbb8e7730360e6a3fc917a9fd
