Overview

overview

8

Static

static

3

SKlauncher-3.2.exe

windows7-x64

1

SKlauncher-3.2.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    30s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    24/11/2023, 16:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    SKlauncher-3.2.exe

  • Size

    1.6MB

  • MD5

    b63468dd118dfbca5ef7967ba344e0e3

  • SHA1

    2ba4f0df5f3bd284bf2a89aba320e4440d8b8355

  • SHA256

    05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf

  • SHA512

    007ecb7445dc0c01a802b5a2c91313aae59f9dc96e27455dd85e7a92a4e649d683fbc2ada5f48925d9ab3b4fdaea20aa89eeb442fde079902aecb5ca3454a548

  • SSDEEP

    49152:HIBc3n9dRvwVlzhFAQ/ggUTPQjYEiim7V:oBaO/FAqMQjYEXm

Score
8/10
discoverypersistence

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 1 IoCs
    persistence
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe
    "C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2656
    • \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
      "c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2496
      • C:\Windows\system32\icacls.exe
        C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
        3⤵
        • Modifies file permissions
        PID:4472
    • \??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
      "c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version
      2⤵
        PID:64
    • C:\Windows\system32\werfault.exe
      werfault.exe /h /shared Global\e8270b35c58d47de8f797b25925c2a76 /t 3276 /p 3272
      1⤵
        PID:4732
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Modifies Installed Components in the registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:4616
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
          PID:816
        • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
          "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
          1⤵
            PID:4792
          • C:\Windows\system32\werfault.exe
            werfault.exe /hc /shared Global\27a200a789e34053a52b0a862c2310b4 /t 3656 /p 4792
            1⤵
              PID:1576

            Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
                    Filesize

                    46B

                    MD5

                    e06c8057efac7a3a7db35ae1d55d3ce1

                    SHA1

                    fb21ddbfb9e0a475891ccd11b822d4b16dcd3279

                    SHA256

                    35319a246aba3c4ca6cd7230cb0b30eafa98e71306dcc32441f59dbdbffaa4a4

                    SHA512

                    fe540e0b6b6f31457543103628de91e041fbaa4fe7d8170f5f9da438594883ce3e51f731e216ac788253b3350e3443febfa4cce1f8c99fe026668dc59ce8944c

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-5006209187000.dll
                    Filesize

                    22KB

                    MD5

                    dcd68a87b7e6edbcfde48150403b22eb

                    SHA1

                    28e4839a29725075772fccc39b44e194eb91e477

                    SHA256

                    ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c

                    SHA512

                    ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71

                    Download Submit

                  • memory/64-19-0x00000193C2370000-0x00000193C3370000-memory.dmp

                    Filesize

                    16.0MB

                    Download

                  • memory/64-29-0x00000193C2350000-0x00000193C2351000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2496-15-0x00000264632D0000-0x00000264632D1000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2496-176-0x00000264632F0000-0x00000264642F0000-memory.dmp

                    Filesize

                    16.0MB

                    Download

                  • memory/2496-9-0x00000264632F0000-0x00000264642F0000-memory.dmp

                    Filesize

                    16.0MB

                    Download

                  • memory/2656-105-0x00000000030C0000-0x00000000040C0000-memory.dmp

                    Filesize

                    16.0MB

                    Download

                  • memory/2656-146-0x00000000030A0000-0x00000000030A1000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2656-87-0x00000000030C0000-0x00000000040C0000-memory.dmp

                    Filesize

                    16.0MB

                    Download

                  • memory/2656-43-0x00000000030A0000-0x00000000030A1000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2656-115-0x00000000030C0000-0x00000000040C0000-memory.dmp

                    Filesize

                    16.0MB

                    Download

                  • memory/2656-118-0x00000000030A0000-0x00000000030A1000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2656-129-0x00000000030C0000-0x00000000040C0000-memory.dmp

                    Filesize

                    16.0MB

                    Download

                  • memory/2656-47-0x00000000030A0000-0x00000000030A1000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2656-148-0x00000000030A0000-0x00000000030A1000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2656-151-0x00000000030A0000-0x00000000030A1000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2656-196-0x00000000030A0000-0x00000000030A1000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/2656-38-0x00000000030C0000-0x00000000040C0000-memory.dmp

                    Filesize

                    16.0MB

                    Download

                  • memory/2656-186-0x00000000030A0000-0x00000000030A1000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/4616-155-0x00000000041C0000-0x00000000041C1000-memory.dmp

                    Filesize

                    4KB

                    Download