Overview

overview

7

Static

static

1

SKlauncher 3.0.exe

windows7-x64

3

SKlauncher 3.0.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    204s
  • max time network
    172s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    16/03/2023, 23:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SKlauncher 3.0.exe

  • Size

    1.2MB

  • MD5

    32c7e3347f8e532e675d154eb07f4ccf

  • SHA1

    5ca004745e2cdab497a7d6ef29c7efb25dc4046d

  • SHA256

    107bb526c374d6fd9f45317c0c16e83ab50076f2bcd630caf3d6794596fae69b

  • SHA512

    c82f3a01719f30cbb876a1395fda713ddba07b570bc188515b1b705e54e15a7cca5f71f741d51763f63aa5f40e00df06f63b341ed4db6b1be87b3ee59460dbe2

  • SSDEEP

    24576:Dh199z42ojP6a7HJlF9eu5XFQZSIZeNGdmEE8H17UBcegl:R9zbgH3euNFQZr/oEE892cfl

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SKlauncher 3.0.exe
    "C:\Users\Admin\AppData\Local\Temp\SKlauncher 3.0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1460
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://adoptium.net/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:956
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:956 CREDAT:275457 /prefetch:2
        3⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:1864

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    b00cb89332c239d4a8bb9310caaa01f9

    SHA1

    736df482417ef8debed54fe1bf0ddc97d74260fe

    SHA256

    ec75e9079112a49c5df1e4dbf3b2c3cf2527f6b80e56a4b7978734bff8f4f3bd

    SHA512

    278b0b2cc6af24277376455471ba873c1c7d06e049a0e1bb94bff5e8aa424e87cfbf0c67127be51fea583a0038ad734293f5662853e950705de210618a1a282d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    02161ef0f574d4c7d9bba4ef174933b6

    SHA1

    d40043773de45335d5965c76d79e33e75c7b6964

    SHA256

    f39efb45f4bdeb05cdf29f1cb9defaa054ae982c072a880ce01edf57a92e54ad

    SHA512

    920d38f1efee69446c9534d9686fd62888f26f50e31f9341c4a93caa47b3431002a26133d3225b211a2d873e5d8c1d6886ded17836f20b47aa4fc9b0d5f21685

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    601e61dd88c92ffa6a1980328dda5655

    SHA1

    d9a839410fbf4a94c1d880f7742e44f854bb6726

    SHA256

    d68265cfb3c43572128f12fd6683d0e333cefce892f128799081d5c3c23b9011

    SHA512

    6e8399445f892d2553668fa20290f0b2b75935e6af8ba32b44703bf7ea7a6ef30381e6efebb97ae63017224ec77f7d7ad4b5e253bc41516b65d7094a697da76a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e89dc48f0912b085fdb58a63d2dc08e8

    SHA1

    5a511ab34ae4031b35353790117466cbf88c6733

    SHA256

    1f63fa1633d11c251b9f20a9f915f07332b5c2e933a35c0dfce7d182d160e2b2

    SHA512

    7e3cdeff3b1a07531e4f1a479dbe80f97d12332a31cb33eb2909f8100c35bf4c97ffe126802abbe08870a1f875a11524e9302dc2227bda263f79645fe279ea6a

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    4f1505e26f493d0beadcbd456ea5125f

    SHA1

    dc069f3b86f7ce16a6dd43d27ad7570c425a257e

    SHA256

    1166e3fece68a465754e933168c9c7eaaee01180ec44dfc37b587e57ec98f7a9

    SHA512

    4488cf49f7295e170abc020334b86e619b1e75d299d35fe4f34a68d0643c4ae2f75730c09fd67fb219a7cb7cfaac2c502676a800c2d71c51aad7f96cfb5df024

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1eb51d46f3887e63bc86d07d60517f42

    SHA1

    971ca433b31d54395c18a9f9dbac294e8a3fdcc4

    SHA256

    feabf3c4fbe1b1f09e9a8fb0d1a16901cc790295e86a496865f682bc2c06966e

    SHA512

    70fd704ad8a879f1ea792398ccc724836fc5ec52e249bd076d1e12bfef8d4a57c1d1608109743099cdbe254fdf7e89877018df3b217e9d3e269d997b82ee2bdc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5164cd9862044980db5c0b0bedd0083d

    SHA1

    17c865beb75e68d6427dd6b654b0233e1b9a2f86

    SHA256

    b49ba9ddf6053d7fa857195893192df785a0b81a34af44a093f9410e98d4a954

    SHA512

    1a13139125344d4ec838d039fcee24bd64ca94f7f647b8523d9a9e48b00b071fa4e65b2231349a184ee1e1afcae23df68885407aa93d67215634f5fa6e3b7060

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ee8506e8385573993f12dd746041f222

    SHA1

    46acd0e5ebd1bd69750577bd68cb9545ca34b9e6

    SHA256

    df8df3963c3e08fc612f37d69a2ae69c3379fff2b1efefdf2fb9e4a9c8ef496a

    SHA512

    bae68f7142b5cef9560d80a6c2ff4e914852eb8473436340a97e45cd37a7ed3f054e317b0d27d4a718f169068dc705b2be7183db50935162f467e7cc2199108c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d518adb0aedbbbe88d66720e6b6a1132

    SHA1

    98763ce924d3f6d230631e0e1eb7145222b9675f

    SHA256

    0ebf79936baecc5f20611567a8c4ce49c9297186135b14817ecad0eb22693d1a

    SHA512

    3131860bbb35a760a9f4fbbdbbd2398a525ac28ba52825b7f051ad5bfc3b2197795b74685d69fed73c07c1a01a88c7c817290cfddc4a7caf53ee5966409b390c

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    187eae00c083a8a73d840bf1663117d7

    SHA1

    55a6c1ac723fd2f8bea154c2a448fca48f32aac8

    SHA256

    8060c5ab8c0139eebd418898e719c6b29377fa6c42dae3633d0a66f72829233a

    SHA512

    f77f93c22ad6cb8eea329f4e01a2589b08010ce25f5c2c7475848984ba26bfa49b70284ea9a8d61e023c2d9a015ff622c58f4926d4dc06e5271042fc0b237dad

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    741a258a86a51e567ce08f1271d8f860

    SHA1

    b0d1a3b50ce7508714514abecf55ab155e6167c5

    SHA256

    aaae2c41c01cac27bcb234fb9c1045f78fa2567634ff7eae53e80a5453118d48

    SHA512

    3d1093b7f9425059c4062984f5afddc6765ec81c7e9aad55615d58a1a0976a6d7677dac541c88a7ab5b12f307ebbf1b4ad466903dfb65195952be9649630d1c3

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\62yy7f8\imagestore.dat
    Filesize

    7KB

    MD5

    4fa62c72cc0b5575422eee5edb8e35cd

    SHA1

    7e8ac19cdf6d961d1da97bd82f487937d7d39130

    SHA256

    a0595e5c56b270692483418d36cd0b660b78caa1d8c49282ae6d246823e4de76

    SHA512

    df722420d1e4f5a69fe979c2431b83cb71cd94e5d0e1bca8ec19dfbd6192c38a77e98a7149dd463a6036f34c1a2add33b541171367410724785c856806daa0b5

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BJWXLGAS\favicon-32x32[1].png
    Filesize

    2KB

    MD5

    dfb98b35bec083cddf7e575ccbc12efc

    SHA1

    f77c5e6f37aec582c5977a76691f992e3ebc3a05

    SHA256

    f053cec8f37df661ce13646ff5ecad7050bd50c4afb4f7ad12cd252577207e66

    SHA512

    17d2d675bc677f126fabab826b4fc79a05eece52cf586a97b7d8093dc402d0160f273fbf9d38978f01befc9f85a979208c2355cc0a4c129a2232ffa4554961ef

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VQ77JNZF\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab761B.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar778A.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\7NG3TKUM.txt
    Filesize

    608B

    MD5

    fba1681e2e43810b231fb1d253abbb01

    SHA1

    cc7a8f24454dd2614dd281210ed909b271dad9dd

    SHA256

    4ff6252dcd23ed5ef3a110212347638b1546480da1a2bee8e2931be40d9d6e73

    SHA512

    47264b268643e79df85638db8e1be21d1e6ecf4a923ba0530ab1675a409cff71f5162919b21c4d5d0c0e9e5efde668fa1f21fafd290a9f57afe0f3cef236fe32

    Download Submit

  • memory/1460-54-0x0000000000400000-0x0000000000435000-memory.dmp

    Filesize

    212KB

    Download