Analysis
-
max time kernel
135s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
16/03/2024, 07:50
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
SKlauncher-3.2.exe
Resource
win7-20240221-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
SKlauncher-3.2.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
5 signatures
150 seconds
General
-
Target
SKlauncher-3.2.exe
-
Size
1.6MB
-
MD5
b63468dd118dfbca5ef7967ba344e0e3
-
SHA1
2ba4f0df5f3bd284bf2a89aba320e4440d8b8355
-
SHA256
05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf
-
SHA512
007ecb7445dc0c01a802b5a2c91313aae59f9dc96e27455dd85e7a92a4e649d683fbc2ada5f48925d9ab3b4fdaea20aa89eeb442fde079902aecb5ca3454a548
-
SSDEEP
49152:HIBc3n9dRvwVlzhFAQ/ggUTPQjYEiim7V:oBaO/FAqMQjYEXm
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2876 taskmgr.exe -
Suspicious use of FindShellTrayWindow 40 IoCs
pid Process 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe -
Suspicious use of SendNotifyMessage 40 IoCs
pid Process 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe 2876 taskmgr.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"1⤵PID:828
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:1636
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵PID:1792
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵PID:2712
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵PID:2232
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵PID:1576
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2876