Overview

overview

10

Static

static

1

SKlauncher 3.0.exe

windows7-x64

10

SKlauncher 3.0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    04-03-2023 16:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SKlauncher 3.0.exe

  • Size

    1.2MB

  • MD5

    f998625debab7739eca6f2d9dd4f8b76

  • SHA1

    5dfc55f2d5e68888e75e1dfd4b3300c1d7dcd4ae

  • SHA256

    e76d8668cefeff0b71b881042dde8a7d608f5889f3567fab79e28dc1437866ae

  • SHA512

    357c3efea685b5b7d1dde1fd8ab9c43173614532c4363c2afb348bd43fd945ecc9eeeb0b980666895bbd7dc60b0366a4ef40dceefb00f103a5ef9cbe2134ff86

  • SSDEEP

    24576:Ph1WOZ9z42ojP6a7HJlF9eu5XFQZSIZeNGdmEE8H17UBcegl:FZ9zbgH3euNFQZr/oEE892cfl

Score
10/10
salitybackdoorevasiontrojanupx

Malware Config

Extracted

Family

sality

C2

http://89.119.67.154/testo5/

http://kukutrustnet777.info/home.gif

http://kukutrustnet888.info/home.gif

http://kukutrustnet987.info/home.gif

http://www.klkjwre9fqwieluoi.info/

http://kukutrustnet777888.info/

Signatures

  • Modifies firewall policy service 2 TTPs 3 IoCs
    evasion
  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality
  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Windows security bypass 2 TTPs 6 IoCs
    evasiontrojan
  • UPX packed file 14 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Windows security modification 2 TTPs 7 IoCs
    evasiontrojan
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in Windows directory 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 21 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 14 IoCs
  • System policy modification 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Windows\system32\taskhost.exe
    "taskhost.exe"
    1⤵
      PID:1112
    • C:\Windows\Explorer.EXE
      C:\Windows\Explorer.EXE
      1⤵
        PID:1200
        • C:\Users\Admin\AppData\Local\Temp\SKlauncher 3.0.exe
          "C:\Users\Admin\AppData\Local\Temp\SKlauncher 3.0.exe"
          2⤵
          • Modifies firewall policy service
          • UAC bypass
          • Windows security bypass
          • Windows security modification
          • Checks whether UAC is enabled
          • Drops file in Windows directory
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:1544
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" https://adoptium.net/
            3⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1684
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1684 CREDAT:275457 /prefetch:2
              4⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:1740
      • C:\Windows\system32\Dwm.exe
        "C:\Windows\system32\Dwm.exe"
        1⤵
          PID:1176

        Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          61KB

          MD5

          e71c8443ae0bc2e282c73faead0a6dd3

          SHA1

          0c110c1b01e68edfacaeae64781a37b1995fa94b

          SHA256

          95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

          SHA512

          b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          61KB

          MD5

          e71c8443ae0bc2e282c73faead0a6dd3

          SHA1

          0c110c1b01e68edfacaeae64781a37b1995fa94b

          SHA256

          95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

          SHA512

          b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d06b010991ea8dbd2b8681f95e1dc74a

          SHA1

          f361c3834faadef1fcf83c1133b7bccc7720087b

          SHA256

          75eeab4e981f7ce7f2bca6f4b55c55a5eb798ea4338bfee2c5be27b8fbd5965b

          SHA512

          05fe717443ab110d35bf6254cc314c2b00aa29e1db8ea1773e0b65be84785007757c32ef287349f1da444c310984e6150992503cc2f5db3c7f9c37835c5f9dfb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          1e7f502b49aea5599669f01ecd5357e7

          SHA1

          b8c557f152e1e8d18c67ca15a793022cc528fb83

          SHA256

          61624d054229c02c6d8ca2e1df8dcd3e260bd28dde1c1649157d097a56f61c69

          SHA512

          e6ce379b30a03ad13d98cf1d9cf302962b00f2a86ceab5d3f9ef175173143812c64ab21b6450fd116b79eba1995d52bc73f274a8039413927b96e52997235994

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          4f19aba7ed92c53b50c1ee231664c154

          SHA1

          211bc7d95e0625c04d351eaeefefddd04f548dec

          SHA256

          e7a60e79d98878d3df078aaa31422b8b48cc16cf2056e9242d66c1d2940057be

          SHA512

          1f50a41ee04776db69487d33fa0f34e0b43e3fe4739e7b9f7c6698e771d8dc2432636cd6b3bc61fc24e3099f05a72ed0d504f16e73ac0b9c00588c4cb14273ce

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          47a0dc28c99a51db76671afeddac86a7

          SHA1

          f834ec3f1dade115880f66a9fa27407ffc3d6e57

          SHA256

          9cd464ae4f987d797ca0e617e72370f38bf1d451f23baf50f9a628a8f3c2c03e

          SHA512

          a90b94cfb9b1ccbdfef2f3686e1b12fc88e0e0b7632849961f9201249955de08f046843d3fd836e02937e105499c7a12b322f4b825e09e3fd4fb860c08db1f8b

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d49f00623d648b730648915a3de15450

          SHA1

          9b87890d7a2952a539932040405808292bda39de

          SHA256

          077e8dec3451cb726bd63684523e16aee00638c1821f3e7780cbf45da767cb99

          SHA512

          b0ec643b0ce7cd03a0e9c7b3357da845af77bdc0cedfaacb6d4eb71f83e987db4292443160a6b98ec2f769d3dfef57f2e859be782a33b89d1bb9977d7ce58ceb

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          3520753698a567299696839547b94b36

          SHA1

          a3ec789cb077bac9dfb89ea6291c97884b8ef859

          SHA256

          9ace20c56419c9bd75a2d661f3887f230cad7f165c7323553ed1d0738315c4ef

          SHA512

          78c820909bfa3fee4de4d35ef1bc1b4124ea0774a9108c4c83bf7bf5d4ba5242fc33606ee03afd7fee343253ec600f81c03687beaca13934b05971f96331c971

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          028c75edeacdaff1ca4ac0870de7654d

          SHA1

          4f346ee242127e222697369f03bd103bd48783ac

          SHA256

          fb6f0de718ee2e3165b4a6553adf7b405faf1f0ec8f944ebaff95c015f29cadc

          SHA512

          dcccb75ab63f45a12c0b93542c5360bf3f9597ae784397518f24c3f015f67e55995a1cd726f000cdff253dc7a50dfa55f69382a8010d41d527d9e83684ac411c

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          6ef2c9f836fd3c47db5312d5d07b3173

          SHA1

          e2932a6990a4cc621c7341cff5283c8369bb6d52

          SHA256

          521d0bf8bf9ad6a9b93c083f718794afeacd13797dc1145bb3879404a5e5e7cb

          SHA512

          8f9414e5edd6149a03c0ee3ca5f0213c4a08bda7fb4c0cd7dc0d32fa3238ef21ccef5980c848eb34ac83cb94078f7249bc8315f64b19d85ab4ee89cace03d897

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9cf68f3534a562cefe3681ddce2e8ef2

          SHA1

          aa66f8f316e4a59829f9cec1b4a756008e691797

          SHA256

          3c565d7c763218af0bbd101a41595f573e6a8eabcde683ebe54f11d7970153b7

          SHA512

          ef3120dea8be08b69d3200c8341a4aab3537260f9dae983e02dd9e446bd88672560f981cb4994b7ed1e2cca27faf29c06f692a2670003ffbfbdd4f5d252542cc

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d2f75070b4495f28e730a871af286f73

          SHA1

          06da3ccae11d175c71c21db9abc1938cb40d521c

          SHA256

          757b59e2a8c554287c0f8e1f621d9bea4b740ecb6bd3b221fda5cf2f27ee075e

          SHA512

          53573eeb9d6cfc0b4669d99ef89dd76ea4d52659b96301b252a9913744fafacf05b2eca4f2c0de64dc4c6a21bdccff4e3b58d931dcc24fea8bf8cb7088fa48b0

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          e1343e8f27fcc95d915c60579147aafb

          SHA1

          386eb45243afa95744e53aaff109fd0b960cf93b

          SHA256

          bd74b70926af59fe12d4e4810a71e57a5edf95fd93e614542a1cd7dbca2d123b

          SHA512

          88fb1e63ea56f8471976bb617b1d0805e6f92e92a147882b4d4efe8f97ee855fb156c62b6edb1e32ca74ab43a795cbf0b2cde072d49e63d2a979d17f402d7ff7

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          9a0487f6090f9a744435579a8d1f2562

          SHA1

          9dc01427cfe796575280f47519f2244ca94ca46a

          SHA256

          e56bd19b8ad4a6367cae12d8fb3729dc9f0611f3fca40c85b126385ee275b3a2

          SHA512

          76acd8bbd07c22361a693707ba8f340fb7997b514ca99da25732c83c52560a2f6c359fa70ac5009ac502061012fa343d253f868f9021dd4b0cd8dc59f07de047

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          bd869320a0dbc09f8535dd3d06bbae70

          SHA1

          2183303d367364bf4797ecb010e40788aed7a36e

          SHA256

          3bd9f9f6d9dbf404d863e78aac0cedba97069300e2cc0ab2e45794d66e10864e

          SHA512

          df09bb7c23030be51ee2345999defcab618463908e9b63a936dab978395914648b457fc15d77c841fdd338a0bd49e63c0bb6d54434270bd4fb8101055605bde6

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\p734dsx\imagestore.dat
          Filesize

          7KB

          MD5

          2c0d5e559f883398c29133b1af35c84a

          SHA1

          1e3240ff84d91dbe3d755cb67c879a6864ad90c1

          SHA256

          4f54b4431f1476a8717dda26843d31aaa11816283e282346bcfcc1e099f0c8a1

          SHA512

          69c2b988cf15c35a70325cace55ccb400801ca87f9504daf98e95b5b3dd590a2bc4a6a4b36fabbd56910e49d139b39a399dbe2540391ea320b381f898acbe809

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DE9Y0H7M\suggestions[1].en-US
          Filesize

          17KB

          MD5

          5a34cb996293fde2cb7a4ac89587393a

          SHA1

          3c96c993500690d1a77873cd62bc639b3a10653f

          SHA256

          c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

          SHA512

          e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

          Download Submit

        • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QCNSQOTT\favicon-32x32[1].png
          Filesize

          2KB

          MD5

          dfb98b35bec083cddf7e575ccbc12efc

          SHA1

          f77c5e6f37aec582c5977a76691f992e3ebc3a05

          SHA256

          f053cec8f37df661ce13646ff5ecad7050bd50c4afb4f7ad12cd252577207e66

          SHA512

          17d2d675bc677f126fabab826b4fc79a05eece52cf586a97b7d8093dc402d0160f273fbf9d38978f01befc9f85a979208c2355cc0a4c129a2232ffa4554961ef

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab5EC6.tmp
          Filesize

          61KB

          MD5

          fc4666cbca561e864e7fdf883a9e6661

          SHA1

          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

          SHA256

          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

          SHA512

          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar5FA3.tmp
          Filesize

          161KB

          MD5

          73b4b714b42fc9a6aaefd0ae59adb009

          SHA1

          efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

          SHA256

          c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

          SHA512

          73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar6055.tmp
          Filesize

          161KB

          MD5

          be2bec6e8c5653136d3e72fe53c98aa3

          SHA1

          a8182d6db17c14671c3d5766c72e58d87c0810de

          SHA256

          1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

          SHA512

          0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\GMGTEGGK.txt
          Filesize

          603B

          MD5

          aa05bc649d98ebb0930df61beda7d523

          SHA1

          c6c126769eeff3919dd28514138461bbc67db72d

          SHA256

          d4bb3e1fc7d8e8d97e185dd9979c8820d3d084bf36ca224473d7111406d1c4dc

          SHA512

          223bde239c633efc6ed165030e724d2659b6b5d16aab079ae5725f6eb4e083389ef93be627c5b9e28f76da0b205d3dc3c01e4b8824d2fe0c8e9344667caf7825

          Download Submit

        • memory/1112-58-0x00000000001A0000-0x00000000001A2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1544-69-0x00000000022A0000-0x000000000332E000-memory.dmp

          Filesize

          16.6MB

          Download

        • memory/1544-71-0x00000000022A0000-0x000000000332E000-memory.dmp

          Filesize

          16.6MB

          Download

        • memory/1544-56-0x00000000022A0000-0x000000000332E000-memory.dmp

          Filesize

          16.6MB

          Download

        • memory/1544-93-0x0000000000400000-0x0000000000447000-memory.dmp

          Filesize

          284KB

          Download

        • memory/1544-78-0x00000000022A0000-0x000000000332E000-memory.dmp

          Filesize

          16.6MB

          Download

        • memory/1544-77-0x00000000022A0000-0x000000000332E000-memory.dmp

          Filesize

          16.6MB

          Download

        • memory/1544-76-0x00000000022A0000-0x000000000332E000-memory.dmp

          Filesize

          16.6MB

          Download

        • memory/1544-75-0x00000000022A0000-0x000000000332E000-memory.dmp

          Filesize

          16.6MB

          Download

        • memory/1544-74-0x00000000022A0000-0x000000000332E000-memory.dmp

          Filesize

          16.6MB

          Download

        • memory/1544-73-0x0000000000350000-0x0000000000352000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1544-72-0x00000000022A0000-0x000000000332E000-memory.dmp

          Filesize

          16.6MB

          Download

        • memory/1544-57-0x00000000022A0000-0x000000000332E000-memory.dmp

          Filesize

          16.6MB

          Download

        • memory/1544-70-0x00000000022A0000-0x000000000332E000-memory.dmp

          Filesize

          16.6MB

          Download

        • memory/1544-54-0x00000000022A0000-0x000000000332E000-memory.dmp

          Filesize

          16.6MB

          Download

        • memory/1544-67-0x0000000000350000-0x0000000000352000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1544-64-0x00000000022A0000-0x000000000332E000-memory.dmp

          Filesize

          16.6MB

          Download

        • memory/1544-68-0x00000000003F0000-0x00000000003F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1544-66-0x0000000000400000-0x0000000000447000-memory.dmp

          Filesize

          284KB

          Download

        • memory/1544-65-0x00000000003F0000-0x00000000003F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1544-63-0x0000000000350000-0x0000000000352000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1544-60-0x00000000022A0000-0x000000000332E000-memory.dmp

          Filesize

          16.6MB

          Download

        • memory/1684-95-0x00000000022D0000-0x00000000022E0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1740-96-0x00000000003B0000-0x00000000003B2000-memory.dmp

          Filesize

          8KB

          Download