b0d3dfa28c87670e35c6b6714139bc8abc0cc3805be05f42e438b75df8172aae

Resubmissions

31/01/2023, 23:29

31/01/2023, 23:29

31/01/2023, 23:27

max time kernel
32s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20220812-es
resource tags

arch:x64arch:x86image:win10v2004-20220812-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
31/01/2023, 23:27

Target

SKlauncher 3.0.jar
Size

1.0MB
MD5

153e1248d29247831dba84b7bf2c2cbc
SHA1

e7fada43de4976f67145cab45d848e87d1fa7dcb
SHA256

b0d3dfa28c87670e35c6b6714139bc8abc0cc3805be05f42e438b75df8172aae
SHA512

a75226114df94f7fc09259a4e0f4b67711ecfb5e21f635e17327141a44b29bb22f995be768f4f18d6c50ecbc960a2bc44f10cf115e815a182b3f5df440b6cf00
SSDEEP

24576:G9z42ojP6a7HJlF9eu5XFQZSIZeNGdmEE8H17UBcegl:G9zbgH3euNFQZr/oEE892cfl

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
2388	java.exe

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb	java.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb	java.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2388	java.exe
2388	java.exe

C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4125269282000.dll

Filesize
9KB

MD5
697d496ac9f5aaab8ae025322358c61e

SHA1
2043eac8cdcc2e24b854af1eacd77a5f2a395a27

SHA256
a7273a4cf48ab3413f2c186cc95a3367a73ce99f8d45329383219d4cc27003aa

SHA512
b6702cd49a3af9f97f697565136f140692af9f8b271e672f2e91c920a23212b778583786f2377078117113647926338614a92c4a2423318b7a21ba2fe3a89838

Download Submit
memory/2388-141-0x0000000003230000-0x0000000004230000-memory.dmp

Filesize
16.0MB

Download
memory/2388-152-0x0000000003230000-0x0000000004230000-memory.dmp

Filesize
16.0MB

Download
memory/2388-153-0x0000000003230000-0x0000000004230000-memory.dmp

Filesize
16.0MB

Download