Overview

overview

7

Static

static

1

SKlauncher 3.0.exe

windows7-x64

3

SKlauncher 3.0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    03/02/2023, 20:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SKlauncher 3.0.exe

  • Size

    1.2MB

  • MD5

    32c7e3347f8e532e675d154eb07f4ccf

  • SHA1

    5ca004745e2cdab497a7d6ef29c7efb25dc4046d

  • SHA256

    107bb526c374d6fd9f45317c0c16e83ab50076f2bcd630caf3d6794596fae69b

  • SHA512

    c82f3a01719f30cbb876a1395fda713ddba07b570bc188515b1b705e54e15a7cca5f71f741d51763f63aa5f40e00df06f63b341ed4db6b1be87b3ee59460dbe2

  • SSDEEP

    24576:Dh199z42ojP6a7HJlF9eu5XFQZSIZeNGdmEE8H17UBcegl:R9zbgH3euNFQZr/oEE892cfl

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 42 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SKlauncher 3.0.exe
    "C:\Users\Admin\AppData\Local\Temp\SKlauncher 3.0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1724
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://adoptium.net/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2044
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2044 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1872

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e22a5ed8297284c23d6ba39c09c75cd9

    SHA1

    fcf829d30397c52818a0cb92cead4533213f9fab

    SHA256

    5245398b543991a24e4c32c57e9c0145edcf0ec47cfbf098d96049da01dfd673

    SHA512

    0f8890152c6ede4a152b06a2b7e06cfa17ae02bf66af16814462e87815a679a45a23f0bb8b48dd63695b779f65ea5ee9bbaa54d64dae4159c4005a55ffc8392e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    454f5e3837e23b40fc1a5023e36ec74d

    SHA1

    fadaefc8aa86057fac661a958406ec3dce6c42f9

    SHA256

    cc64d7d21c1645f66a03b4d9396d83542ea50f567ce4e6cd7306bf711dba564d

    SHA512

    b85c2790cc63d050b6f03d88378f385c553481101c724d18b40582e0e2accf8f6046b7f4dcb8797932a70bc8a97aa3f635f58eba8e709703cca82374907ce61f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    224950b463ab19317dc637fc70ea5933

    SHA1

    4123c94c21b83ed34132ca721b97a644c56568bd

    SHA256

    6a635740aa6df15850e10aa239669e08b79fafe064395886d67a1da411df2713

    SHA512

    6987b2399891793fba648c922923d51ddad53d7bf38d9f5c89d0d053c1f9d7c10d80f28705d98b5b6c96270963dcf795fb9c7c4e7055629df97259fb5ca6056c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\t9o3c8r\imagestore.dat
    Filesize

    2KB

    MD5

    a40bac015fbc8b05fb6db5b78fd7a408

    SHA1

    3fe1c27b84fe5a9818229442c90ae7330a58c89e

    SHA256

    63add2ec6fb341e3565f89057255d8fa9d0067c5c5fdef4c8ffec2eff94cea5b

    SHA512

    dd7184fbe10cd6c1ca26a16c5d88cf600f593ff38ab75063bb9cef0402892977dda84e515bc9bcdaf7e3d37ff20741c264a51302a21e080e332c8a8b3333bda8

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\J0H64FJN.txt
    Filesize

    608B

    MD5

    f367fa2e3e3b8d07d9b10a4650424340

    SHA1

    0e17b9dd83a1e5b41dd316e77726be342c7567e1

    SHA256

    c8af494965ed496ff748681abc86bf838b7ecdb9accefa8007cf71bd18e643d0

    SHA512

    dabfae231dd7018ce975c5c6a3b2b5a37510764504678c40616155aefcf3e2f0a936860e27ba230867756b01c25ff0c579d19dc7354e9dd1bf6ef866278d4788

    Download Submit

  • memory/1724-54-0x0000000075BA1000-0x0000000075BA3000-memory.dmp

    Filesize

    8KB

    Download