Overview

overview

10

Static

static

5

My-Skidded...f2.exe

windows10-2004-x64

My-Skidded...Us.vbs

windows10-2004-x64

1

My-Skidded...AT.exe

windows10-2004-x64

10

My-Skidded...UN.exe

windows10-2004-x64

10

My-Skidded...no.exe

windows10-2004-x64

6

My-Skidded...MK.exe

windows10-2004-x64

My-Skidded...ck.vbs

windows10-2004-x64

1

My-Skidded...it.exe

windows10-2004-x64

7

My-Skidded... 2.bat

windows10-2004-x64

7

My-Skidded...OR.vbs

windows10-2004-x64

1

My-Skidded...ge.exe

windows10-2004-x64

My-Skidded...ck.exe

windows10-2004-x64

10

My-Skidded...BR.exe

windows10-2004-x64

My-Skidded...ba.vbs

windows10-2004-x64

1

My-Skidded...ad.exe

windows10-2004-x64

My-Skidded...BR.exe

windows10-2004-x64

6

My-Skidded...AL.exe

windows10-2004-x64

6

My-Skidded...en.exe

windows10-2004-x64

6

My-Skidded...in.exe

windows10-2004-x64

6

My-Skidded...BR.exe

windows10-2004-x64

My-Skidded...64.exe

windows10-2004-x64

My-Skidded...64.exe

windows10-2004-x64

10

My-Skidded...24.exe

windows10-2004-x64

10

My-Skidded....0.bat

windows10-2004-x64

7

My-Skidded...as.exe

windows10-2004-x64

My-Skidded...ll.bat

windows10-2004-x64

My-Skidded...ks.exe

windows10-2004-x64

My-Skidded...ua.exe

windows10-2004-x64

My-Skidded...kz.bat

windows10-2004-x64

8

My-Skidded...BR.exe

windows10-2004-x64

6

My-Skidded...UG.exe

windows10-2004-x64

My-Skidded...mi.exe

windows10-2004-x64

6

Resubmissions

09/03/2025, 01:58

250309-cdv29swybs 10

08/03/2025, 06:55

250308-hp35xatjt9 10

08/03/2025, 04:53

250308-fh1ebssky5 10

Analysis

  • max time kernel
    299s
  • max time network
    261s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/03/2025, 01:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    My-Skidded-malwares-main/Discord Expliot Kit.exe

  • Size

    402KB

  • MD5

    8c03f9981a98007dcf7d68415680d1a0

  • SHA1

    4f4986dda199a8874b023e163de023dec27104ac

  • SHA256

    816a4880a3b1076f4e27e5f26324035c0b1ab66c2a87b28a64f8ce03429d7f5e

  • SHA512

    b4d4eda5bb1783324f5baaf458d3d7483076db1e765dc8e65c01a2b018d7e1658907fe21adf8f5e1653360ebada03c5c9503746ff716c21a20b20d793fc35079

  • SSDEEP

    12288:a6Wq4aaE6KwyF5L0Y2D1PqLZeqhBkEFY9ddNdgYaTW3DB:4thEVaPqLDkFiYaTkB

Score
7/10
credential_accessdiscoveryransomwarespywarestealerupx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Credentials from Password Stores: Windows Credential Manager 1 TTPs

    Suspicious access to Credentials History.

    credential_accessstealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • AutoIT Executable 30 IoCs

    AutoIT scripts compiled to PE executables.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • UPX packed file 31 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Control Panel 1 IoCs
    defense_evasion
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\My-Skidded-malwares-main\Discord Expliot Kit.exe
    "C:\Users\Admin\AppData\Local\Temp\My-Skidded-malwares-main\Discord Expliot Kit.exe"
    1⤵
    • Checks computer location settings
    • Enumerates connected drives
    • Sets desktop wallpaper using registry
    • System Location Discovery: System Language Discovery
    • Modifies Control Panel
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2044
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c wusa C:\Users\Admin\AppData\Local\Temp\64.cab /quiet /extract:C:\Windows\system32\migwiz\ & exit
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:264
      • C:\Windows\system32\wusa.exe
        wusa C:\Users\Admin\AppData\Local\Temp\64.cab /quiet /extract:C:\Windows\system32\migwiz\
        3⤵
          PID:3028
      • C:\Windows\System32\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\888.vbs"
        2⤵
          PID:1484

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Lock.Adobe
        Filesize

        8B

        MD5

        de6fdff1993c731e52e49d52a6e684d9

        SHA1

        120d1ff8a24109eed24ac1a5697383d50bcc0f47

        SHA256

        645c2d0cb9f6edf276f7dead9ab8c72531cdae22f54962d174c1339c30cb1b42

        SHA512

        99d05bf76a3a7466ccf27ac304ba35639716089d8dae388aaa707bfb6feb3f362251a65951663dd86abcac5a5e7358a5f29faedfe4c0b55ae136ba9d8f1209c1

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\888.vbs
        Filesize

        280B

        MD5

        8be57121a3ecae9c90cce4adf00f2454

        SHA1

        aca585c1b6409bc2475f011a436b319e42b356d8

        SHA256

        35d7204f9582b63b47942a4df9a55b8825b6d0af295b641f6257c39f7dda5f5e

        SHA512

        85521f6cd62dd5bb848933a188a9ddb83dd7ae2c5f4a97b65ba7785c3d58dba27694c7df308f4cf0fdaaa8c55251ff14ed1632e315a16d8d0b15217bac381f72

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\autCAE2.tmp
        Filesize

        47KB

        MD5

        9dda4db9e90ff039ad5a58785b9d626d

        SHA1

        507730d87b32541886ec1dd77f3459fa7bf1e973

        SHA256

        fc31b205d5e4f32fa0c71c8f72ee06b92a28bd8690f71ab8f94ff401af2228fe

        SHA512

        4cfecaaccd0f8f9e31690ff80cca83edc962e73861043fffded1a3847201455d5adca7c5ef3866c65e6e516205e67b2f31c8149aad5be1065c1eb586b013f86a

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\autCAF3.tmp
        Filesize

        49KB

        MD5

        8cfa6b4acd035a2651291a2a4623b1c7

        SHA1

        43571537bf2ce9f8e8089fadcbf876eaf4cf3ae9

        SHA256

        6e438201a14a70980048d2377c2195608d5dc2cf915f489c0a59ac0627c98fa9

        SHA512

        e0a73401ce74c8db69964ef5a53f2a1b8caf8c739359785970295dae82619e81c0a21466327a023cf4009e0c15981a20bf1e18c73821083908fce722faa82685

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\wl.jpg
        Filesize

        4KB

        MD5

        4e7576a115c6d898add5a903b1d1374b

        SHA1

        b1285f2e8fcb48fd675e481b03fa76d3c51877b7

        SHA256

        ed08ba090f55d7d9d3450d53035a19b5b47d4dcc7fc8a4923d288436d60e8609

        SHA512

        fba75bcb4913d07a0fb7e97ce47d072607bb9f0409d8459a3a01ccc648521b07912ac2f79b4a63f7300e71518c25b0ac7777573fbb8e7730360e6a3fc917a9fd

        Download Submit

      • memory/2044-236-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-238-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-102-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-225-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-226-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-227-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-228-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-229-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-231-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-232-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-233-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-234-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-235-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-0-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-237-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-101-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-239-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-240-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-241-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-242-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-243-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-244-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-245-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-246-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-247-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-248-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-249-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-250-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-251-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-252-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download

      • memory/2044-253-0x0000000000400000-0x00000000004BA000-memory.dmp

        Filesize

        744KB

        Download