Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

SKlauncher 3.0.exe

windows7-x64

8

SKlauncher 3.0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    09/01/2023, 23:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SKlauncher 3.0.exe

  • Size

    1.2MB

  • MD5

    32c7e3347f8e532e675d154eb07f4ccf

  • SHA1

    5ca004745e2cdab497a7d6ef29c7efb25dc4046d

  • SHA256

    107bb526c374d6fd9f45317c0c16e83ab50076f2bcd630caf3d6794596fae69b

  • SHA512

    c82f3a01719f30cbb876a1395fda713ddba07b570bc188515b1b705e54e15a7cca5f71f741d51763f63aa5f40e00df06f63b341ed4db6b1be87b3ee59460dbe2

  • SSDEEP

    24576:Dh199z42ojP6a7HJlF9eu5XFQZSIZeNGdmEE8H17UBcegl:R9zbgH3euNFQZr/oEE892cfl

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SKlauncher 3.0.exe
    "C:\Users\Admin\AppData\Local\Temp\SKlauncher 3.0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1276
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://adoptium.net/
      2⤵
      • Modifies Internet Explorer Phishing Filter
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2032
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2032 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1688

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
    Filesize

    1KB

    MD5

    b1006df00ccfb34b9336f5596615c2fa

    SHA1

    8f905ec4d4df82c94a9e7d5e35ac9d706bcce63f

    SHA256

    8703c89455aca40da66de712d36c366b8cd4bf98125c54628d7697739b4493c9

    SHA512

    2a9dbdbd3450a4a3045258b4c78473faa4d8e58565c589d3592a39338baf7e207787f0514fbbcff302ee3ce156de46f959eabe0e71213387eeaed15dc2ce3308

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
    Filesize

    446B

    MD5

    7c482a7ee9884372bca913abea141c56

    SHA1

    b717327911ef80e43f3324dc27d7aa5998eeaa13

    SHA256

    cf34d8f903b992775ec4d125262cc2d185b7ce2d129122eac1a8db9a14dfda66

    SHA512

    9ea74b2f2c53d82d3aff3a6af398db4e130f463f1626502c71084df33609c79eb47c3457d426bb44ccbd4e022e99e5fbc1966b4e2b79dfd4eaf0deb87df96536

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6a9b3d46465db6e06f8f51f4cd56ee1b

    SHA1

    bd7763447ae000c7a9a926c3f9b864f5f70b9f7b

    SHA256

    2bafed68fcfaea45e4e2dfe1c298387aa96a545db89e4b60f08527fd87a55e8f

    SHA512

    6adf2bd87f621a834af988fe6c32fbedf443c7a15884d2cef2c5ad09f05eb17664a7baf084d0f424ed9c2a3fe1e2b9567e8eaacbcfa5962a40a7d6162fde0ef5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    03955ebbde94527793c7c4650184f009

    SHA1

    c16ceb64b841441dbf26f1625e4894f2cf862bb6

    SHA256

    334cd7fc4590e934daf602490a177c556e5782251709f2445607c42ed917b2c6

    SHA512

    fe5cfe2289d6d94a10ddf03cbc37bdfa008110b5f40ef2875e712d012731f874ee78c516cb35a68bee41612ad212373edd1fce4cffe4b3cd416beff1a79c75ef

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    38d291c70a2791cbb654761f724b5168

    SHA1

    3deee00caf41f14a00817443bbf218f1c167dd8c

    SHA256

    a5c92a6eeacd36f9819e1b4c9f420ef45962e5fb0d823e67299578e3497c8779

    SHA512

    970d58276df28108e4407e0b5f674ce09db0802cf5d5531ee71332af31e0668a81bba29d772ceab3b6f9b544c0ccbbbad175833ad6bda176665b0bcc258d52b6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    81bc0684b9cdc8cf099a1fd3d0db1777

    SHA1

    c9148a232776a826478e6fb91ce74f54555f8cc4

    SHA256

    9ad83e9fecba67ae5ba58a389e12a6058dfd2770495cbd8d6d390b67cd83962a

    SHA512

    7b3a018014786592918fbb48cc82050ce005543126f514b20a7d3d0e67856019ecdfcd2a0ad47ddd986af0675d2de56d7dae9cae4038ea61af7817f481297ba3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\try74lz\imagestore.dat
    Filesize

    2KB

    MD5

    542a6b6b3215337abdacf48a71c51b28

    SHA1

    c44ef55acee213d70b75ed8de222682241fb26b3

    SHA256

    df5adf4cd5ff3087335bb6c539c34a95cd3c9ee0176a0487f36e32fb4b03b5d8

    SHA512

    c69c7e9b221ee80d34a2cab02eb8d91a9d6c31b17317e4a5e907a2fa08fba0adc49437d7933e1e72eab56234257cb4475b3046b8243aeb213021832b9b5411e7

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\try74lz\imagestore.dat
    Filesize

    11KB

    MD5

    aa921f555b1ddd793be17a2222bd26bb

    SHA1

    6b34564e57965a21f52a756bf887d568ec8d7d3e

    SHA256

    c5dda915eeedb7fd32ee6ab58e969614542349cdb63f885d1615f33b971ba212

    SHA512

    3c19ab39dab6da375d346638a083e6e86e48f47b2e959308184bf7161b07cdceeb0d8dfd2192e56cd9bc0b3cf31fc23e7c55422c0720db40e19be26e7ab0b0a2

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\try74lz\imagestore.dat
    Filesize

    11KB

    MD5

    aa921f555b1ddd793be17a2222bd26bb

    SHA1

    6b34564e57965a21f52a756bf887d568ec8d7d3e

    SHA256

    c5dda915eeedb7fd32ee6ab58e969614542349cdb63f885d1615f33b971ba212

    SHA512

    3c19ab39dab6da375d346638a083e6e86e48f47b2e959308184bf7161b07cdceeb0d8dfd2192e56cd9bc0b3cf31fc23e7c55422c0720db40e19be26e7ab0b0a2

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\try74lz\imagestore.dat
    Filesize

    12KB

    MD5

    1bb1a2e8ba6e30a7213194e68f82d13b

    SHA1

    57e7865585dc04c4f598b9b4c663fc67e1584169

    SHA256

    395f6c1569e370ee0a051c232a28d078d960c160e037b4da246d243823374144

    SHA512

    c98238d873017101479107397ebcc776f2c51264d5467376dcd32b6f53613c8fcae7af093e566e57502890b35f02cc7e8a7613af838c0ae59fb0d4b7a964a350

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PULJ7CSW\JavaUninstallTool.exe.8ysl1pt.partial
    Filesize

    1.3MB

    MD5

    8a4b5fcd99bde4de6ec6671355946bb6

    SHA1

    444fdfd5cd82308c93e246ae2a9cd5e4474cdc32

    SHA256

    cedd78532925a0ca22ba061b1e49fca29273fa97af969aa0c0e077f0b1849870

    SHA512

    d55af15dbd4574df66c22271f0ed88ffd4b96061a4cae567b040492d82607f05e076a9d4d1a2b9354869e653cf1a6013402d4e9b3fd40b2847c578d3451e733d

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\RDBBQNFB.txt
    Filesize

    600B

    MD5

    ec66eec072ba7f5ed294c0b93bfcf5df

    SHA1

    07a9c0e064ce829d63caeb08d5278c078139ac69

    SHA256

    da2b216dfd3b9a1e2a0667a75600011b81f50fa0f869d9ee4917dd23ee4645b6

    SHA512

    358a4e75c38bd0d37a72f888bb42dfec53a64cf2df6e7f25ce48d61138125c866a25aa52d17aa41104f4674d1889da3ad44daf0673185f7aec1a6ee79245d729

    Download Submit

  • memory/1276-54-0x0000000076381000-0x0000000076383000-memory.dmp

    Filesize

    8KB

    Download