Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

SKlauncher_3.0.exe

windows10-2004-x64

7

Resubmissions

26/03/2023, 03:43

230326-d9xfmsfd52 7

26/03/2023, 03:41

230326-d88saafd48 1

26/03/2023, 03:36

230326-d5wzbafd44 7

26/03/2023, 03:32

230326-d32rsahc9y 7

26/03/2023, 03:27

230326-dz36fafd37 7

Analysis

  • max time kernel
    1750s
  • max time network
    1314s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/03/2023, 03:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SKlauncher_3.0.exe

  • Size

    1.2MB

  • MD5

    32c7e3347f8e532e675d154eb07f4ccf

  • SHA1

    5ca004745e2cdab497a7d6ef29c7efb25dc4046d

  • SHA256

    107bb526c374d6fd9f45317c0c16e83ab50076f2bcd630caf3d6794596fae69b

  • SHA512

    c82f3a01719f30cbb876a1395fda713ddba07b570bc188515b1b705e54e15a7cca5f71f741d51763f63aa5f40e00df06f63b341ed4db6b1be87b3ee59460dbe2

  • SSDEEP

    24576:Dh199z42ojP6a7HJlF9eu5XFQZSIZeNGdmEE8H17UBcegl:R9zbgH3euNFQZr/oEE892cfl

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SKlauncher_3.0.exe
    "C:\Users\Admin\AppData\Local\Temp\SKlauncher_3.0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4388
    • C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
      "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -Xms32m -Xmx256m -jar "C:\Users\Admin\AppData\Local\Temp\SKlauncher_3.0.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2164
      • C:\Windows\SYSTEM32\cmd.exe
        cmd /c reg query HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize /v AppsUseLightTheme
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1876
        • C:\Windows\system32\reg.exe
          reg query HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize /v AppsUseLightTheme
          4⤵
            PID:4780

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4062127309000.dll
      Filesize

      9KB

      MD5

      697d496ac9f5aaab8ae025322358c61e

      SHA1

      2043eac8cdcc2e24b854af1eacd77a5f2a395a27

      SHA256

      a7273a4cf48ab3413f2c186cc95a3367a73ce99f8d45329383219d4cc27003aa

      SHA512

      b6702cd49a3af9f97f697565136f140692af9f8b271e672f2e91c920a23212b778583786f2377078117113647926338614a92c4a2423318b7a21ba2fe3a89838

      Download Submit

    • C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar
      Filesize

      14.5MB

      MD5

      1177cb8baf894d7df5998742895c4b28

      SHA1

      d9927957292dfd8a0b63a95d9fb3740cf16fb364

      SHA256

      4078de673d282718d28fbaa1bd9a804c98e48b2580376f57f0ace84bc79047fb

      SHA512

      42517fe6c2d1e90dc5b2aa32d0e3dcdc516accedfa0a82ed168d2480f030ffcce9d0356a2b855cbfb4021879bab415f4e5bfe302d711bfb0dfcc270e77141294

      Download Submit

    • memory/2164-200-0x0000000002290000-0x0000000002291000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2164-228-0x0000000002290000-0x0000000002291000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2164-183-0x0000000002290000-0x0000000002291000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2164-184-0x0000000002290000-0x0000000002291000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2164-198-0x0000000002290000-0x0000000002291000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2164-199-0x0000000002290000-0x0000000002291000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2164-146-0x0000000002290000-0x0000000002291000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2164-217-0x0000000002290000-0x0000000002291000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2164-220-0x0000000002290000-0x0000000002291000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2164-151-0x0000000002290000-0x0000000002291000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2164-229-0x0000000002290000-0x0000000002291000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2164-230-0x0000000002290000-0x0000000002291000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2164-231-0x0000000002290000-0x0000000002291000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2164-240-0x0000000002290000-0x0000000002291000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2164-260-0x0000000002290000-0x0000000002291000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2164-283-0x0000000002290000-0x0000000002291000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4388-133-0x0000000000400000-0x0000000000435000-memory.dmp

      Filesize

      212KB

      Download