Analysis
-
max time kernel
52s -
max time network
54s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
03/02/2023, 21:28 UTC
General
-
Target
SKlauncher 3.0.exe
-
Size
1.2MB
-
MD5
32c7e3347f8e532e675d154eb07f4ccf
-
SHA1
5ca004745e2cdab497a7d6ef29c7efb25dc4046d
-
SHA256
107bb526c374d6fd9f45317c0c16e83ab50076f2bcd630caf3d6794596fae69b
-
SHA512
c82f3a01719f30cbb876a1395fda713ddba07b570bc188515b1b705e54e15a7cca5f71f741d51763f63aa5f40e00df06f63b341ed4db6b1be87b3ee59460dbe2
-
SSDEEP
24576:Dh199z42ojP6a7HJlF9eu5XFQZSIZeNGdmEE8H17UBcegl:R9zbgH3euNFQZr/oEE892cfl
Score
1/10
Malware Config
Signatures
-
Modifies Internet Explorer settings 1 TTPs 31 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\SKlauncher 3.0.exe"C:\Users\Admin\AppData\Local\Temp\SKlauncher 3.0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" https://adoptium.net/2⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1432 CREDAT:275457 /prefetch:23⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
-
Network
-
DNSadoptium.netRemote address:8.8.8.8:53Requestadoptium.netIN AResponseadoptium.netIN A13.228.199.255adoptium.netIN A34.126.184.144 -
GEThttps://adoptium.net/app-6d3ee4a664f31dd740d6.jsRemote address:13.228.199.255:443RequestGET /app-6d3ee4a664f31dd740d6.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://adoptium.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: adoptium.net
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 13838
Cache-Control: public,max-age=31536000,immutable
Content-Encoding: gzip
Content-Length: 71028
Content-Type: application/javascript; charset=UTF-8
Date: Fri, 03 Feb 2023 17:37:50 GMT
Etag: "9309e6f3c726bdbc9ba6fe8dd2d98127-ssl-df"
Referrer-Policy: same-origin
Server: Netlify
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Nf-Request-Id: 01GRCJWHBS3N9406YN2R35CTSN
X-Xss-Protection: 1; mode=block
-
GEThttps://adoptium.net/Remote address:13.228.199.255:443RequestGET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: adoptium.net
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Age: 23877
Cache-Control: public, max-age=0, must-revalidate
Content-Encoding: gzip
Content-Length: 76506
Content-Type: text/html; charset=UTF-8
Date: Fri, 03 Feb 2023 14:50:30 GMT
Etag: "465c5f6042b31fccfd19c16020f41318-ssl-df"
Referrer-Policy: same-origin
Server: Netlify
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Nf-Request-Id: 01GRCJWGM42SX74WFT02Z7ECCF
X-Xss-Protection: 1; mode=block
-
GEThttps://adoptium.net/webpack-runtime-db4be6c517d55b9af13a.jsRemote address:13.228.199.255:443RequestGET /webpack-runtime-db4be6c517d55b9af13a.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://adoptium.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: adoptium.net
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 22526
Cache-Control: public,max-age=31536000,immutable
Content-Encoding: gzip
Content-Length: 4123
Content-Type: application/javascript; charset=UTF-8
Date: Fri, 03 Feb 2023 15:13:02 GMT
Etag: "f5dde502a8e7dacace9d49152c066eb5-ssl-df"
Referrer-Policy: same-origin
Server: Netlify
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Nf-Request-Id: 01GRCJWHC08QSZ18BCSP1CQE28
X-Xss-Protection: 1; mode=block
-
GEThttps://adoptium.net/framework-2e308911b46e1b737dce.jsRemote address:13.228.199.255:443RequestGET /framework-2e308911b46e1b737dce.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: https://adoptium.net/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: adoptium.net
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 22526
Cache-Control: public,max-age=31536000,immutable
Content-Encoding: gzip
Content-Length: 66961
Content-Type: application/javascript; charset=UTF-8
Date: Fri, 03 Feb 2023 15:13:02 GMT
Etag: "ae00d0b0daff50d8c6542c8150f82855-ssl-df"
Referrer-Policy: same-origin
Server: Netlify
Strict-Transport-Security: max-age=31536000
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Nf-Request-Id: 01GRCJWHMVS8ATY9C0X7QPGMSQ
X-Xss-Protection: 1; mode=block
-
GEThttps://adoptium.net/favicon-32x32.png?v=3c8725a99800951594204e508d9aff1eRemote address:13.228.199.255:443RequestGET /favicon-32x32.png?v=3c8725a99800951594204e508d9aff1e HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: adoptium.net
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
Accept-Ranges: bytes
Age: 25562
Cache-Control: public, max-age=0, must-revalidate
Content-Length: 2571
Content-Type: image/png
Date: Fri, 03 Feb 2023 14:22:28 GMT
Etag: "83a1712c2d223866dd8b6fd3bacdc0a1-ssl"
Referrer-Policy: same-origin
Server: Netlify
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Nf-Request-Id: 01GRCJWJN3H0PCPJC0Z4J9KDJ1
X-Xss-Protection: 1; mode=block
-
DNSapps.identrust.comRemote address:8.8.8.8:53Requestapps.identrust.comIN AResponseapps.identrust.comIN CNAMEidentrust.edgesuite.netidentrust.edgesuite.netIN CNAMEa1952.dscq.akamai.neta1952.dscq.akamai.netIN A88.221.25.153a1952.dscq.akamai.netIN A88.221.25.169
-
DNSapps.identrust.comRemote address:8.8.8.8:53Requestapps.identrust.comIN AResponseapps.identrust.comIN CNAMEidentrust.edgesuite.netidentrust.edgesuite.netIN CNAMEa1952.dscq.akamai.neta1952.dscq.akamai.netIN A88.221.25.153a1952.dscq.akamai.netIN A88.221.25.169
-
GEThttp://apps.identrust.com/roots/dstrootcax3.p7cRemote address:88.221.25.153:80RequestGET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
ResponseHTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Fri, 20 Jan 2023 18:36:10 GMT
ETag: "37d-5f2b652c27a80"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Fri, 03 Feb 2023 22:28:26 GMT
Date: Fri, 03 Feb 2023 21:28:26 GMT
Connection: keep-alive
-
GEThttp://apps.identrust.com/roots/dstrootcax3.p7cRemote address:88.221.25.153:80RequestGET /roots/dstrootcax3.p7c HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: apps.identrust.com
ResponseHTTP/1.1 200 OK
X-XSS-Protection: 1; mode=block
Strict-Transport-Security: max-age=15768000
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' *.identrust.com
Last-Modified: Fri, 20 Jan 2023 18:36:10 GMT
ETag: "37d-5f2b652c27a80"
Accept-Ranges: bytes
Content-Length: 893
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
Content-Type: application/pkcs7-mime
Cache-Control: max-age=3600
Expires: Fri, 03 Feb 2023 22:28:26 GMT
Date: Fri, 03 Feb 2023 21:28:26 GMT
Connection: keep-alive
-
DNSwww.eclipse.orgRemote address:8.8.8.8:53Requestwww.eclipse.orgIN AResponsewww.eclipse.orgIN CNAMEeclipse.orgeclipse.orgIN A198.41.30.198
-
13.228.199.255:443https://adoptium.net/app-6d3ee4a664f31dd740d6.jstls, http
HTTP Request
GET https://adoptium.net/app-6d3ee4a664f31dd740d6.jsHTTP Response
200 -
13.228.199.255:443https://adoptium.net/favicon-32x32.png?v=3c8725a99800951594204e508d9aff1etls, http
HTTP Request
GET https://adoptium.net/HTTP Response
200HTTP Request
GET https://adoptium.net/webpack-runtime-db4be6c517d55b9af13a.jsHTTP Response
200HTTP Request
GET https://adoptium.net/framework-2e308911b46e1b737dce.jsHTTP Response
200HTTP Request
GET https://adoptium.net/favicon-32x32.png?v=3c8725a99800951594204e508d9aff1eHTTP Response
200 -
88.221.25.153:80http://apps.identrust.com/roots/dstrootcax3.p7chttp
HTTP Request
GET http://apps.identrust.com/roots/dstrootcax3.p7cHTTP Response
200 -
88.221.25.153:80http://apps.identrust.com/roots/dstrootcax3.p7chttp
HTTP Request
GET http://apps.identrust.com/roots/dstrootcax3.p7cHTTP Response
200 -
13.228.199.255:443adoptium.nettls
-
198.41.30.198:443www.eclipse.orgtls -
198.41.30.198:443www.eclipse.orgtls
-
198.41.30.198:443www.eclipse.orgtls
-
198.41.30.198:443www.eclipse.orgtls
-
198.41.30.198:443www.eclipse.orgtls
-
198.41.30.198:443www.eclipse.orgtls
-
198.41.30.198:443www.eclipse.org
-
198.41.30.198:443www.eclipse.org
-
8.8.8.8:53adoptium.netdns
DNS Request
adoptium.net
DNS Response
13.228.199.25534.126.184.144
-
8.8.8.8:53apps.identrust.comdns
DNS Request
apps.identrust.com
DNS Response
88.221.25.15388.221.25.169
-
8.8.8.8:53apps.identrust.comdns
DNS Request
apps.identrust.com
DNS Response
88.221.25.15388.221.25.169
-
8.8.8.8:53www.eclipse.orgdns
DNS Request
www.eclipse.org
DNS Response
198.41.30.198
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7KB
MD59ee295bb88aca7c58857470145f8501c
SHA171628d1b64e2285efbc1a81203db33c8bcc3c01f
SHA256392bcfdaf1f6c809df55306922f247b78fbc5b7e46472bff239c86321f50ff1d
SHA5127570c434ae9f9c7d2e33d5d72f3a7a9f7a9f12bb3add44c01174b65e92912eb3d0199111acc601103ab96422056cbb0fb5e956cc4930204bbc647018af424fa2
-
Filesize
8KB