c3db9475c3ab6b53d8f6d711f587e5218c9b8d332229a208277bc0b27a24b620

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
17-09-2023 17:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SKlauncher-3.1.exe
Size

1.1MB
MD5

021b53abfc25a261077282498e5726a0
SHA1

ba7f38a28444504e6e8e1f995cc40ceb70ff6409
SHA256

c3db9475c3ab6b53d8f6d711f587e5218c9b8d332229a208277bc0b27a24b620
SHA512

484bb65ecb1ccd3e5472a27737fd2fa4471240aeefcf4bfdeaf4e49636cec9b3e43a5c2feb7134074c92af01f52a456b8074aca8269480e210cfa3b51acae81d
SSDEEP

24576:7h1tjL2uma7hLQKaikK21SHCJ3ny+SGiPsGSa7tLC+/e0cUEcnr:sghMKai1viny6iPH5hF/e0m2r

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 36 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EF8E2DF1-5582-11EE-ABB9-EEDB236BE57B} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b0000000002000000000010660000000100002000000013548a297d3ac4c926b45a37f43acb37ae4d7b4b20d8a131d99cfea4f27878b9000000000e8000000002000020000000323bbeb7f1f941417dcaa4559136897493dedbd04197cde76a07725930c06f6a200000000609e855a267d5058f2003e9b3589c8ba3c49da59a1f077fe5043e209f381ef540000000eeef9623b66fe132cb7fde0fb54cbe0a2baff6f72407688ede2346516ff5fdc56a24e810172860635a10ae3bc4eccccbbca48bb29e87b2ffe2af8cd4d35a6abb	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 300c21c68fe9d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000bbd2da6efca7814e97bd67c6ea97aa8b0000000002000000000010660000000100002000000076948d984ad6d4073cc3cc5874ededb3a69801961ae05c5cd7f51750a21898b3000000000e80000000020000200000003c86fe777bde2fbb3e0b8f6d8c3a3a73c10b84215490ce9b06faba605824b141900000000ebf5069cdcf88ce364d664cc5ce5b860dae55c2d0027670a8a2de2d0559ddb487c1874fbcacc21ae6af303051a53839399247b4fe7290fa4aefddf54a376bda6f7ffdc9d28846d03c2d16d1397e853b58da8740c17fd5896a2deaa7cff36befef30abe05b563c6a54368485d9d809f5cc45b7f1a48faac4d334bf4eeb8292c713051cf9abadfb704cc42c69063728e04000000078a719ead96ba9e67c58415eb96e5c73b27035a76b46402fe4ea32a3be50542917b974fcf94b0788d1da2fd9b7baf1ec9b5aeb42158602e77e7d09e22bdc18d0	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3849525425-30183055-657688904-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1536	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1536	iexplore.exe
1536	iexplore.exe
2628	IEXPLORE.EXE
2628	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1780 wrote to memory of 1536	1780	SKlauncher-3.1.exe	28
PID 1780 wrote to memory of 1536	1780	SKlauncher-3.1.exe	28
PID 1780 wrote to memory of 1536	1780	SKlauncher-3.1.exe	28
PID 1780 wrote to memory of 1536	1780	SKlauncher-3.1.exe	28
PID 1536 wrote to memory of 2628	1536	iexplore.exe	30
PID 1536 wrote to memory of 2628	1536	iexplore.exe	30
PID 1536 wrote to memory of 2628	1536	iexplore.exe	30
PID 1536 wrote to memory of 2628	1536	iexplore.exe	30
PID 1536 wrote to memory of 2628	1536	iexplore.exe	30
PID 1536 wrote to memory of 2628	1536	iexplore.exe	30
PID 1536 wrote to memory of 2628	1536	iexplore.exe	30

C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.1.exe
"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1780
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" https://adoptium.net/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1536
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1536 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3f67f84826032be24db6c0832efdfe7e

SHA1
195f851af282234a48614b830aad6e80e806d4d3

SHA256
accd91289e078cce7879d907a773821d4e34e10b2ac2abc31421b30dd4405fc6

SHA512
6592fb7387bdb3af47b97370781a01513d20b0572ab07df6f85282dcbeeb46d4bb7b2b2d354ae77071fece3576e4f6e48e41506ce08d55caa68836983af57193

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
08835cbf4d81e37ef1c986e061d72f82

SHA1
ebfb5675f886851acb4c67c23a9c8fef76b6b8e5

SHA256
1a3bba3401cfc0455d8a3676899912f7b41d8a5cda7ad13316ead89856514ff5

SHA512
ea9dd8d07d91a80e23b6afa62ffc90d272efd23a188b5a57279e8c425e79878549d61fbf07845276258b9b3c8ec0347a3443108684753f5352b08acbe5f9201f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c4a134f53d97cd4d8050206c467a4cdc

SHA1
332e7a5cf808c5f0d3b1ccee7ea2a0110ed8db69

SHA256
c771b94ab0b4a326b3ce1e031be19af49e8d0b56f232601b36b26de22aed880b

SHA512
df968f2877c8f90bf4491ff2c7e4faeb64ffb2af03aa3e17f13251e3259851ae473c94a68b0cafa9777b14d7ed27c3000567a41ef86eb2ef4fe55b923d0d0a8c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e599e38d88f1adbcf918e53380cab56d

SHA1
e9fe509aacabf39d87d8ca50df141b6e212be23f

SHA256
f1b526c5ff639026869badaf56ffaf7fce85f4b12b18178a74159b4442fbe54a

SHA512
f2a65dcbcb006d93fe751774240862b365e999ee9743e6d9f544a403553e0cc53739f747f6c1a2989baa5180dbaa754d0672a091bc56269223308e63f143c440

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7902e5b645c4132ec15049f56b20aca0

SHA1
462aa220fe418476bb33cb60e8f36c575cd9dea6

SHA256
5d16600ba6d50b045ad1c0142e084ad47f96cae24d06ebd696748500972b80e3

SHA512
e76cc57437d957ffe52dd47747226a60f7c091153adb0ddc2efb9dee9f096cd81a33a528f03a144a31c92004ed648578c74361000f4cd877131d0b284fbf0ad6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8571bfb34c3c088944bd6cd0147dc346

SHA1
26f88247e95c449cd0cc5b75614fbce4c23bf1fe

SHA256
ac944628ead4d96ec2db982b75ab174432d1351b9d59bbf1c7805f5844661b0e

SHA512
9083a9b38777da3ba690e741b147162b71f4439ed1a55697b44814fdebeec645b76cbc8bc2b8df18aac1610b1b9f7c74f1afffa518c82c5515bd473e39d2694a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
28b21315d8fd42917b322e964ff8e923

SHA1
a97444d8eae38d6957fcf71c73f4b7fc1b4e0e3f

SHA256
6fbb66bced29817569009ab6a08ad3f9bf6f3679a80a2d8c5d90b1786fa3cce6

SHA512
27d37e36e9d3eebca22e544a23e3968aea3598233aab46009256891038fc1f6c87b4c1f5899befe9f04d6b92e98b703ec8b95aaac9fc89f86830dcd2a6df6068

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
101adff084330c23fb4041170066aaa0

SHA1
0c53b83d8999cc2fe044618918bba49d7ea52597

SHA256
d0406cf8bde57359ea255d6ffcc34ea4d7ea848a3da1b0dca8f3af91c0deade9

SHA512
4f9178967ceb8efe78fba40a1e407712c26722b817815f8373cda0701c87141acd276f19ab346ca34bd6ad5aef58048636cf74afa9aa679099e523d8853e839a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
1b065df3fcdd7ebe393e8889dd586ffd

SHA1
3834d3f506670842ccc658f8750367837db6ed40

SHA256
4e9b672fe6cb3ff77e24421b4c37c07849d0b2b0d938a66a58c97ed38951435b

SHA512
efff8785f1b5d4b3f34fe7a8da2d1aedd9198078b771f4afdcc385da4f198f95a7d7a226cb416924386c271a6cff8d49bc644ad2f0945cfb805803e47b0899ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
d68077561f19a074e457f0d8e52a2169

SHA1
97c1313bb28908edcf2c5ca46e7b7a87c8360e0b

SHA256
45117bed91c2689509bb27eb83fe63cd84b42622746a7b089bf429f829fd1836

SHA512
6bfa0d6e79710dba441b45fc5a428b04bf89b8b51dade07aa49b4972a7e5e1c3949f886b0f23c1d262b46c496ec6c736dc642dac6567a49eff9fae3d0271bdf7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a1d954d45b0fcb75528475d818e8fb30

SHA1
fd4d8292ecfeadd66209fd31d7904e8836c083f4

SHA256
af56166ff87f4565e6220d1ff4b6d34bd68f78f0fe043e41790012b666fc1395

SHA512
f1728481388e6a0ca307d4bee5f23865e94c1392dc4968b4ea8ccf9e8cd21e7f69d50b86e5b173da4081d7157421f26b77fab2385d2cd3b2294a09f46752a4ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a6d794985e76f42fecd21230d6a6ce88

SHA1
2c7f96cdfee71ac30aad47fce5beddb962f5b59c

SHA256
62e9db1bee6aebbc3cec3abf9b1bbb42a0ff573869c8e29fa01247a40dbf3596

SHA512
d537b8aa421ed8dbb5a7e87a4482fa23c47405e95fbcdb230789575955d8bd1d20398530401e332943560842ce5bea43d17a04194f04de8cffeef1e74ee753b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
09772c367d945cc2f72132f4e59fd465

SHA1
8ec94ed420850039088a061bef75cd7b2c1f985a

SHA256
a2f68e56832e716d6537a7fddfd92e1b31900e02674563404575acbaa86d5d16

SHA512
1495967187fb88dd5cdb896e40be6db0ba43fea869124fd59257686f4ab593ee2af19028211735578fad120ac86d4eaeadc3b4c56cb6802c0c9217183fb72432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\bucspth\imagestore.dat

Filesize
2KB

MD5
047bb861530fa98258d3bab0544973f4

SHA1
1c246dcc588975d87cd4caf1d8d72821670df9da

SHA256
fde035a1298d3246a22945edf87692f3ced41e1af1d5d63e0c513672465dd774

SHA512
b97487474f6d4900c43cf59efd8c6355f59e51ea71b4b001c7e82209348ba9672c0ed17ff8f05e1862c86180ed454d9e5e9e103e6630e80e59dbcc1d16481317

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\27V93E5X\favicon-32x32[1].png

Filesize
2KB

MD5
df4253088bb850c76f81c91db284d4f7

SHA1
46e3e3c42a159f22038d86bf39fbde118c91dcbf

SHA256
590d33ce64b321c321644bc8c840c354257371f8c247f776b788a5ce2c9bbc72

SHA512
7804f8507d35adc2a3f65a4fb017bc50219fd2ee326693dfc5011cc9e22df61f50533ee7eb597133ac69e502683b7089df89735f03e11807a4724564061b0b22

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5E29.tmp

Filesize
61KB

MD5
f3441b8572aae8801c04f3060b550443

SHA1
4ef0a35436125d6821831ef36c28ffaf196cda15

SHA256
6720349e7d82ee0a8e73920d3c2b7cb2912d9fcf2edb6fd98f2f12820158b0bf

SHA512
5ba01ba421b50030e380ae6bbcd2f681f2a91947fe7fedb3c8e6b5f24dce9517abf57b1cf26cc6078d4bb53bde6fcfb2561591337c841f8f2cb121a3d71661b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5EC8.tmp

Filesize
163KB

MD5
9441737383d21192400eca82fda910ec

SHA1
725e0d606a4fc9ba44aa8ffde65bed15e65367e4

SHA256
bc3a6e84e41faeb57e7c21aa3b60c2a64777107009727c5b7c0ed8fe658909e5

SHA512
7608dd653a66cd364392a78d4711b48d1707768d36996e4d38871c6843b5714e1d7da4b4cc6db969e6000cfa182bcb74216ef6823d1063f036fc5c3413fb8dcf

Download Submit
memory/1780-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download