107bb526c374d6fd9f45317c0c16e83ab50076f2bcd630caf3d6794596fae69b

Analysis

max time kernel
331s
max time network
335s
platform
windows7_x64
resource
win7-20230220-es
resource tags

arch:x64arch:x86image:win7-20230220-eslocale:es-esos:windows7-x64systemwindows
submitted
05/03/2023, 00:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SKlauncher 3.0.exe
Size

1.2MB
MD5

32c7e3347f8e532e675d154eb07f4ccf
SHA1

5ca004745e2cdab497a7d6ef29c7efb25dc4046d
SHA256

107bb526c374d6fd9f45317c0c16e83ab50076f2bcd630caf3d6794596fae69b
SHA512

c82f3a01719f30cbb876a1395fda713ddba07b570bc188515b1b705e54e15a7cca5f71f741d51763f63aa5f40e00df06f63b341ed4db6b1be87b3ee59460dbe2
SSDEEP

24576:Dh199z42ojP6a7HJlF9eu5XFQZSIZeNGdmEE8H17UBcegl:R9zbgH3euNFQZr/oEE892cfl

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D4D692A1-BAF4-11ED-891D-F6B2F3A01775} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007837404bb2ac374381d657b4bfd4f9e2000000000200000000001066000000010000200000008e8341982dd599d540364516e694c2f614ba9b88c92a6b967ec07bcb1cc5ff9d000000000e80000000020000200000005771404748e332aab46fc97346ea1fe96cf00cf63f9fd84c0365591273a2a43590000000ddc05f1aa46f0d042906d8b8d6bd87179b027f11045e88698a6fcb291c55f21c2b148a7df72a518fb46a6c2795ca53bd7aaa409316263c8bda1f8e569d49c207560be4d9df9d9b1ef619ab3307593e92c978d03d4d0efaf07d1948082d9e68000d3eecf38d30a530887b99998637b73f1138ce18cf8b2d85b3e01b82677834e9900239e6cfa12ccbcb83bcf759b540794000000040fce4ddf43d936cbdd2ffbecc5b5b4037ec5b3282d8b24033dbeafc9d5158bb392c5e2e7c6b03cfcdd0dde0c91e049547925eba6828654ab540a103fdb2b919	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000007837404bb2ac374381d657b4bfd4f9e2000000000200000000001066000000010000200000006ce7365c58abb908399bc4c431e4aee8b0ec4d757a97581f9a6fa7ab9bbe4bb9000000000e8000000002000020000000dbdc2d4407788a9125f0ffe06a10d8f99c709f8cf0ed466a968c7f3fcea47615200000005cef44be5c83a131e69c7ad47d375cd02f2a6eb37c3dff6cdb02587a1737a53c4000000048f6082890bf286e2efad402dcacf1db4ebbd9a9d8959d7f2d288bb1a1e2fb269373dcb66df14789b82470d02626cd883b8c60197f1beb25378430a626e412a0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = a08a7ab1014fd901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1268	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1268	iexplore.exe
1268	iexplore.exe
544	IEXPLORE.EXE
544	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 680 wrote to memory of 1268	680	SKlauncher 3.0.exe	28
PID 680 wrote to memory of 1268	680	SKlauncher 3.0.exe	28
PID 680 wrote to memory of 1268	680	SKlauncher 3.0.exe	28
PID 680 wrote to memory of 1268	680	SKlauncher 3.0.exe	28
PID 1268 wrote to memory of 544	1268	iexplore.exe	30
PID 1268 wrote to memory of 544	1268	iexplore.exe	30
PID 1268 wrote to memory of 544	1268	iexplore.exe	30
PID 1268 wrote to memory of 544	1268	iexplore.exe	30
PID 1268 wrote to memory of 544	1268	iexplore.exe	30
PID 1268 wrote to memory of 544	1268	iexplore.exe	30
PID 1268 wrote to memory of 544	1268	iexplore.exe	30

C:\Users\Admin\AppData\Local\Temp\SKlauncher 3.0.exe
"C:\Users\Admin\AppData\Local\Temp\SKlauncher 3.0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:680
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://adoptium.net/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1268
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1268 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:544

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cdff0a943a8bce41cd50d0eb4ff5f5ab

SHA1
ddaeb590ecad55dd6d8c8936586ff44143e6267f

SHA256
cb5cabcec9cce3669af11d2ac50b440d823494f8d891e47326d13d9a5267036a

SHA512
cadc5de03e292a9fa9a1089a29159041832ef87d0bc60ddacac633423e7476c1ccceac07f460ce51ead765e984745eb4af0c4bb2b34027127b45fee79197a47e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
241f9ca5e101c83c4ab8eaafbd896558

SHA1
631b7ec8d39c508f47f4210f1c2f7ef9558bea7e

SHA256
3c01ddd9e29325fd24131a69c7c055ff33edc638113bcfd39a35083a7d3182ef

SHA512
0b6c23d2ec818181c63d9b38f10345bba1108ec12278a6f760a6b8989fe69a78f88165d8412c98d9bff5fcab43b78b1a8364731d3600ee6fd7b35354b46c8843

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f9e0c2dba933feb93e77031f136b4e6c

SHA1
ad9ac0d70dee05a9b296b766c930ee9c257b60e8

SHA256
5d413ec3d8fbb7523c8364516d613e8e39225785d7c77e1e8260a95ef515e256

SHA512
9fa6e760d628af9d40131aed8b714e86d967a5c9d285c49968028c80793f0f9e5b6e763991c0305383533da21c60f024ace52270da6c287f28395699bdb51ffc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
5d46a6c55b1bc3bf21ab3fa35e1b429e

SHA1
77777ef62d9e2e123a0364b5d191efa4f5662f8e

SHA256
71ce54e598eee740606853405638ef5e75466b7291e3f8df4f5a6c3dd4129819

SHA512
ecfe44f7690f2e6707bd8178ae93833b8462e2291df23ce511aa273cd5d8b2e6a074cbe24e5d0d3d6e24935403552b336b64c33414ef158a5842a710fc0593c1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
49e94c8c11094d97841c9676ba358c24

SHA1
2fe0b22a5e5178ab39c6c06c7614467a32ae3ea5

SHA256
fa074ea44619bb9ae4f9d8d26ae5b87a9003f8d31c41a234dace0c3499982efd

SHA512
fbc5f7e651b84770dc8130153c6e2914f26ef2af8e1d27a987af061e88f0f370119758b79f2e6dd4a7209033117760e144542de891b83491792fb828a66d6d66

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
cd041db8ce12563ec6bd5081fa3e482a

SHA1
6990d5d885e5337d5819a0fa026896ecfe85df9e

SHA256
38cb7821bd667c31826b9292cf728d28a356001eb769178118ce2840392abec9

SHA512
346a904dd1d0c7176e2db6b6c8f16bedd447871ea83d1abf2bb69e94210353c9b105499451e7061854a9064b941e600c5e8e88f6936cd414b9c5bfb8a119b690

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
990968c57cbc02f66fcea3696177537b

SHA1
e7acd00c91846b24a1e1f861459e81203d0b82e6

SHA256
4c7d7d320dabc69100b69aeebe98c711b9d407579c1dbdcdbbcc75ee0253e3c8

SHA512
499ac3595d870be8266c6ef460f7090f1606a16eb0eac46d11e46678ae02ef50706a9c18d0532e4e1a15c47e6f06e6f147c08fc3d9e24799f1ea96d1cb4b310b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
acedf2ab674a599fc6e0976920130b62

SHA1
8876c9ca6a6fe8994580fa89c19f867fb378c393

SHA256
34611d1cee1669f1fb01ee247871b5f2a605a01da09e1e5128a5056e02d90ebf

SHA512
5a080803496ee5795813e3b9af4b2644e9d2bc1d7c78133f7f07dc43f2c8b262d29ae21045d751a0cdbf8ef45dc462fb8e12b28eaddcc04893956cbead71f56e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
232af7fd0c3652ff85e46db140d18265

SHA1
173ad5d46b4c21086d867ead4b141993d9b517e2

SHA256
5771475b7984f548933bea1eca99a1022ebb0ccc8d1b1c2daed3b7855c45fc4b

SHA512
19da48af9210c81a94565b81443812031038d3c1b295979898461f43c11f7efd6c49b20a477603202a65d2e5ede841f9db145e451e4cc81d4637eee591b531fb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
a8d5f7f9b1020155f7c3c91d7fbcf9cd

SHA1
8ae4f5249a9f0e9f9270cf4f0d1f617a0b38a9ff

SHA256
f90fb074ecbbbc8262f1b7d4e53aa26e0bb3de2510b09eaaf275d420fa867a87

SHA512
7f38b30b288a058806fd314fa2481ffbcf22eec796a786fd58507a4b9099d678e1fb492a11af90d4448ce69392b61c276bc945aa4700c46f48c68defe8471944

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
304B

MD5
f172f31aff402a44887dd7af0666ef78

SHA1
c0a9481bd816688ebdc537baabcff7789ec6e685

SHA256
2e82689b5b02d232d9e9e6df1cb20a62d2b2bd08f3ae319ff02c8d506e9cb204

SHA512
bddcf2516f37378f4fe6b228907adf225278282dcb0f3c90e5262ed36bd2aa3f1b10b99cffcc687a3032cecd02e7fdb95b73ef089d90f5bf0e7b5bfb2a2a1359

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4e11e6bdfe9d1f9ce4142bb15670e4de

SHA1
a469a0288b6217eaa4ccc3d999ac5baad7f30073

SHA256
edad0c18018c1ef03830dbff3605cea5d3e1e1ba8a5a37dfdb37a87b6d197543

SHA512
74d239dc04e91530d922aa96db90f19ed94e1e40de18d07c7b004fdce621ed27ff4c24ca63c93ca36853203cc7d7206e58d376a7fc28f6403560a3c68cacef31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\z62wpf5\imagestore.dat

Filesize
7KB

MD5
c53b0fdf64ff97888a6dbb0110563cd5

SHA1
b1b78f4c7d6084f66631c421518292b09737a223

SHA256
19232493602e8ab73417f3b12d08e2dfd7a86125883407613c50d177f51242d8

SHA512
8afcb246221f2637a00eb750fff8ce2b7079102b06a38a0bba7c277a5b0f12f7518489dc561ac9c619cabf0fc3a882eb074a86525901ab0f2ea3c1a7b2c3f946

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOYUJSME\favicon-32x32[1].png

Filesize
2KB

MD5
dfb98b35bec083cddf7e575ccbc12efc

SHA1
f77c5e6f37aec582c5977a76691f992e3ebc3a05

SHA256
f053cec8f37df661ce13646ff5ecad7050bd50c4afb4f7ad12cd252577207e66

SHA512
17d2d675bc677f126fabab826b4fc79a05eece52cf586a97b7d8093dc402d0160f273fbf9d38978f01befc9f85a979208c2355cc0a4c129a2232ffa4554961ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5969.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5A18.tmp

Filesize
161KB

MD5
73b4b714b42fc9a6aaefd0ae59adb009

SHA1
efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

SHA256
c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

SHA512
73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7E6E.tmp

Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
memory/544-56-0x0000000002DA0000-0x0000000002DA2000-memory.dmp

Filesize
8KB

Download
memory/680-54-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/1268-55-0x00000000029A0000-0x00000000029B0000-memory.dmp

Filesize
64KB

Download