6c974aa57734ff98a88b403058ebbc281a7deb311886c4e1697e59a192afc542

Analysis

max time kernel
15s
max time network
23s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
03/11/2023, 06:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SKlauncher-3.1.2.5.exe
Size

1.6MB
MD5

a3eaae6bb7e01e8059f1276ccb7f6c62
SHA1

801b7bb06be83f057fcf7d84c119e0ccb6310386
SHA256

6c974aa57734ff98a88b403058ebbc281a7deb311886c4e1697e59a192afc542
SHA512

57a21164ca396e36c55d39e553647567399fb9e10b7f08d93c691df714aea1b1959b8c230761445b8e39ce81eb8c65a4d34b968d73f7e649e903d5245320d5f8
SSDEEP

49152:HIBc3nWdsIp8gClzw4Kz/q4BkkKlWThSorx:oB/Eq44TBTKEUor

Score

7^/10

discovery

Malware Config

Signatures

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
4768	icacls.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3736 wrote to memory of 2560	3736	SKlauncher-3.1.2.5.exe	86
PID 3736 wrote to memory of 2560	3736	SKlauncher-3.1.2.5.exe	86
PID 2560 wrote to memory of 4768	2560	java.exe	88
PID 2560 wrote to memory of 4768	2560	java.exe	88
PID 3736 wrote to memory of 2920	3736	SKlauncher-3.1.2.5.exe	90
PID 3736 wrote to memory of 2920	3736	SKlauncher-3.1.2.5.exe	90

C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.1.2.5.exe
"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.1.2.5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3736
- \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
  "c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2560
- - C:\Windows\system32\icacls.exe
    C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
    3⤵
    - Modifies file permissions
    PID:4768
- \??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
  "c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version
  2⤵
  PID:2920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
b6b7aa5367912f2039a13623f2311e4e

SHA1
8003eb0fbddfcb5162bbf23c18787cd86bc7a853

SHA256
93c681c576cecac1646fa0047d049a115de5771ac3c6dc3d584795fd4a347cab

SHA512
9adcfb5d6f01bf37bae9d7ca3b0175735fa787bf60fb5c0ec9d8ac577f648e3dfaf5e54b05005d340bb91ada0ead226cb840ae757eab458738eca87f14d2a150

Download Submit
memory/2560-8-0x00000183D2DD0000-0x00000183D3DD0000-memory.dmp

Filesize
16.0MB

Download
memory/2560-15-0x00000183D1410000-0x00000183D1411000-memory.dmp

Filesize
4KB

Download
memory/2920-19-0x000002B88DEC0000-0x000002B88EEC0000-memory.dmp

Filesize
16.0MB

Download
memory/2920-29-0x000002B88C670000-0x000002B88C671000-memory.dmp

Filesize
4KB

Download