Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

3

SKlauncher-3.2.exe

windows10-1703-x64

7

SKlauncher-3.2.exe

windows10-2004-x64

7

Resubmissions

05/04/2024, 03:14

240405-drr37sag7s 7

Analysis

  • max time kernel
    189s
  • max time network
    196s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-es
  • resource tags

    arch:x64arch:x86image:win10-20240404-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    05/04/2024, 03:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SKlauncher-3.2.exe

  • Size

    1.6MB

  • MD5

    b63468dd118dfbca5ef7967ba344e0e3

  • SHA1

    2ba4f0df5f3bd284bf2a89aba320e4440d8b8355

  • SHA256

    05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf

  • SHA512

    007ecb7445dc0c01a802b5a2c91313aae59f9dc96e27455dd85e7a92a4e649d683fbc2ada5f48925d9ab3b4fdaea20aa89eeb442fde079902aecb5ca3454a548

  • SSDEEP

    49152:HIBc3n9dRvwVlzhFAQ/ggUTPQjYEiim7V:oBaO/FAqMQjYEXm

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Modifies file permissions 1 TTPs 1 IoCs
    discovery
  • Drops file in Program Files directory 12 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe
    "C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2412
    • \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
      "c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:3596
      • C:\Windows\system32\icacls.exe
        C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
        3⤵
        • Modifies file permissions
        PID:3952
    • \??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
      "c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version
      2⤵
        PID:3224
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:2600

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp
        Filesize

        46B

        MD5

        a8da705062312d0e2716c55d7428def7

        SHA1

        611c43ffd06d4446d0077cd2737891c54990db0c

        SHA256

        cd1510f2260d466b1e921f89a6ba8626e8e196e6bfbd473e3928e32ed38748fd

        SHA512

        bb21768ad2743dd9c9a7cb9082e7896e3eeb557159d45202c98463a53f66bc17ba699e85a055649a4669c5c42414d10764551ac1026291a9b5cf0539998db583

        Download Submit

      • \Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-5108383204450.dll
        Filesize

        22KB

        MD5

        dcd68a87b7e6edbcfde48150403b22eb

        SHA1

        28e4839a29725075772fccc39b44e194eb91e477

        SHA256

        ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c

        SHA512

        ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71

        Download Submit

      • memory/2412-78-0x0000000002920000-0x0000000002921000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2412-80-0x0000000002C10000-0x0000000003C10000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/2412-134-0x0000000002C10000-0x0000000003C10000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/2412-35-0x0000000002C10000-0x0000000003C10000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/2412-43-0x0000000002920000-0x0000000002921000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2412-47-0x0000000002920000-0x0000000002921000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2412-122-0x0000000002920000-0x0000000002921000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2412-60-0x0000000002C10000-0x0000000003C10000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/2412-119-0x0000000002C10000-0x0000000003C10000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/2412-116-0x0000000002920000-0x0000000002921000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2412-81-0x0000000002920000-0x0000000002921000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2412-84-0x0000000002920000-0x0000000002921000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2412-90-0x0000000002C10000-0x0000000003C10000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/2412-99-0x0000000002920000-0x0000000002921000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2412-105-0x0000000002C10000-0x0000000003C10000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/3224-21-0x0000025BBBF50000-0x0000025BBCF50000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/3224-29-0x0000025BBA690000-0x0000025BBA691000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3596-7-0x000002560B430000-0x000002560C430000-memory.dmp

        Filesize

        16.0MB

        Download

      • memory/3596-15-0x0000025609BF0000-0x0000025609BF1000-memory.dmp

        Filesize

        4KB

        Download