Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

SKlauncher 3.1.exe

windows7-x64

3

SKlauncher 3.1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    15/06/2023, 20:12 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SKlauncher 3.1.exe

  • Size

    1.1MB

  • MD5

    021b53abfc25a261077282498e5726a0

  • SHA1

    ba7f38a28444504e6e8e1f995cc40ceb70ff6409

  • SHA256

    c3db9475c3ab6b53d8f6d711f587e5218c9b8d332229a208277bc0b27a24b620

  • SHA512

    484bb65ecb1ccd3e5472a27737fd2fa4471240aeefcf4bfdeaf4e49636cec9b3e43a5c2feb7134074c92af01f52a456b8074aca8269480e210cfa3b51acae81d

  • SSDEEP

    24576:7h1tjL2uma7hLQKaikK21SHCJ3ny+SGiPsGSa7tLC+/e0cUEcnr:sghMKai1viny6iPH5hF/e0m2r

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SKlauncher 3.1.exe
    "C:\Users\Admin\AppData\Local\Temp\SKlauncher 3.1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5092
    • C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
      "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -Xms32m -Xmx256m -jar "C:\Users\Admin\AppData\Local\Temp\SKlauncher 3.1.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:4984

Network

  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    files.skmedix.pl
    javaw.exe
    Remote address:
    8.8.8.8:53
    Request
    files.skmedix.pl
    IN A
    Response
    files.skmedix.pl
    IN A
    188.114.96.0
    files.skmedix.pl
    IN A
    188.114.97.0
  • flag-us
    DNS
    0.96.114.188.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    0.96.114.188.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    62.13.109.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    62.13.109.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    112.208.253.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    112.208.253.8.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • 40.125.122.176:443
    260 B
     5
  • 188.114.96.0:443
    files.skmedix.pl
    tls
    javaw.exe
    239.4kB
     14.4MB
     5183
    10299
  • 117.18.237.29:80
    322 B
     7
  • 104.46.162.226:443
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 40.125.122.176:443
    260 B
     5
  • 117.18.237.29:80
    322 B
     7
  • 209.197.3.8:80
    322 B
     7
  • 173.223.113.131:80
    322 B
     7
  • 204.79.197.203:80
    322 B
     7
  • 40.125.122.176:443
    260 B
     5
  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    files.skmedix.pl
    dns
    javaw.exe
    62 B
     94 B
     1
    1

    DNS Request

    files.skmedix.pl

    DNS Response

    188.114.96.0
    188.114.97.0

  • 8.8.8.8:53
    0.96.114.188.in-addr.arpa
    dns
    71 B
     133 B
     1
    1

    DNS Request

    0.96.114.188.in-addr.arpa

  • 8.8.8.8:53
    62.13.109.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    62.13.109.52.in-addr.arpa

  • 8.8.8.8:53
    112.208.253.8.in-addr.arpa
    dns
    72 B
     126 B
     1
    1

    DNS Request

    112.208.253.8.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4130867014000.dll
    Filesize

    21KB

    MD5

    4ca3290a99adadde557930cd481d7539

    SHA1

    26034442a76131dd3d37c8f28b6e9bebc7c1fe7c

    SHA256

    dd130c68dc36bcedbe51a6b8ec3b3358a460d45952f6280e12331f48850b6b3b

    SHA512

    9341c60f92dd3f89f82555055924bdae6fcce1e4cd13a7dde5129ebdce04bae377292237a2ed6c3e7623b242e82b01c7ed1717af4d7db8ca473e9fd7b7b190d5

    Download Submit

  • memory/4984-213-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4984-217-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4984-144-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4984-178-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4984-179-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4984-191-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4984-148-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4984-205-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4984-214-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4984-276-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4984-237-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4984-239-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4984-248-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4984-264-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4984-265-0x0000000000EF0000-0x0000000000EF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/5092-133-0x0000000000400000-0x000000000041C000-memory.dmp

    Filesize

    112KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.