4bc59dacfa6a02b5e825ccb4d545e6749393b30783459637c5075a6c2b60bc68

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SKlauncher-3.2.8.jar
Size

1.1MB
MD5

3f6ae53541622bfd30d2d6a850a1c7fc
SHA1

fdf2493ebb654889b16e87de32ba353905b3f8a3
SHA256

4bc59dacfa6a02b5e825ccb4d545e6749393b30783459637c5075a6c2b60bc68
SHA512

810ba9e2caf2fbfb008d6f6414ee8913d8bd83e8f5c66dba5f5eb0291c17abcabffc7655da17152cbb5ef3913df2abb2b918365027aed75ff1a6b610311faa10
SSDEEP

24576:k80pSuDlvPepesl6vypvWM1cetaYJXChAX/ChyYOkQ27vLKOBS:PmJ3eI86a9TUYJyhmB87vLZ4

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

Processes:

java.exe

pid process

4272 java.exe
4272 java.exe
Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

1936 icacls.exe
Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

java.exe

pid process

4272 java.exe
4272 java.exe
4272 java.exe

pid	process
4272	java.exe
4272	java.exe

pid	process
1936	icacls.exe

pid	process
4272	java.exe
4272	java.exe
4272	java.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

java.exe

description	pid	process	target process
PID 4272 wrote to memory of 1936	4272	java.exe	icacls.exe
PID 4272 wrote to memory of 1936	4272	java.exe	icacls.exe
PID 4272 wrote to memory of 1884	4272	java.exe	reg.exe
PID 4272 wrote to memory of 1884	4272	java.exe	reg.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.8.jar
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4272

C:\Windows\system32\icacls.exe
C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
2⤵
- Modifies file permissions
PID:1936

C:\Windows\SYSTEM32\reg.exe
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme
2⤵
PID:1884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
76467bf812f05468e430030b9952b118

SHA1
768f74b501f942b00ee2587a18a967eee9f4589c

SHA256
8221c228050ab237f8c532388b24355bce6bbf08b782fcac7b08d7e0c4c07933

SHA512
1c0f86299d84503ec807511d90ee742fb6ff2f75f11f1d62c9689de2d352fd46045565020aea234919257bb073640307f14a40c13ae1d9481dee04947d582dcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF3115822936754735764.tmp

Filesize
405KB

MD5
8f2869a84ad71f156a17bb66611ebe22

SHA1
0325b9b3992fa2fdc9c715730a33135696c68a39

SHA256
0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1

SHA512
3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF361737891372768591.tmp

Filesize
398KB

MD5
ff5fdc6f42c720a3ebd7b60f6d605888

SHA1
460c18ddf24846e3d8792d440fd9a750503aef1b

SHA256
1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1

SHA512
d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF6773170276116899139.tmp

Filesize
397KB

MD5
fdb50e0d48cdcf775fa1ac0dc3c33bd4

SHA1
5c95e5d66572aeca303512ba41a8dde0cea92c80

SHA256
64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123

SHA512
20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53

Download Submit
C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4572502473300.dll

Filesize
23KB

MD5
8b9f16320499ece60d7ff0c1249c6df7

SHA1
cd8fc57c064533df66f0ceaaf5d76f8c4f8cb3a0

SHA256
f8a3af19341ac0f12f55ad28169d22b75aa66ed818692541307393c22f986727

SHA512
97384ee1faa1be807388f4077fde5db94010f06420b1ff3a05edf77fb91c9a8163b0a91cb1b7e648c0cd8c4d599e552050f64b8f7c5c81c1be60cd35f062e9d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna4944332725065389367.dll

Filesize
248KB

MD5
719d6ba1946c25aa61ce82f90d77ffd5

SHA1
94d2191378cac5719daecc826fc116816284c406

SHA256
69c45175ecfd25af023f96ac0bb2c45e6a95e3ba8a5a50ee7969ccab14825c44

SHA512
119152b624948b76921aa91a5024006ef7c8fdbfe5f6fe71b1ec9f2c0e504b22508ff438c4183e60fa8de93eb35a8c7ccdda3a686e3c2f65c8185f1dd2ef248b

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar

Filesize
17.2MB

MD5
9ca5c6e6b0cf88e6e0bed4afc999a634

SHA1
a475f228191f297b8f624bfcabbd9e0872774ab7

SHA256
a296683c28d6c1d0fe56526ffd5b37f3f209ab5ee88664bfea56beca61a7f15e

SHA512
cb8d09c6652b9b1e3a5c32cf79505ff5fc0aedc2f27f23ffcee615f56d8d83d6b63d173cdb87d5ea99266eac63d310561a426e91259b7038336e4a36b1e4cf1c

Download Submit
memory/4272-127-0x0000021D119E0000-0x0000021D119F0000-memory.dmp

Filesize
64KB

Download
memory/4272-138-0x0000021D11A30000-0x0000021D11A40000-memory.dmp

Filesize
64KB

Download
memory/4272-35-0x0000021D118E0000-0x0000021D118F0000-memory.dmp

Filesize
64KB

Download
memory/4272-37-0x0000021D118F0000-0x0000021D11900000-memory.dmp

Filesize
64KB

Download
memory/4272-43-0x0000021D11900000-0x0000021D11910000-memory.dmp

Filesize
64KB

Download
memory/4272-46-0x0000021D11910000-0x0000021D11920000-memory.dmp

Filesize
64KB

Download
memory/4272-50-0x0000021D11920000-0x0000021D11930000-memory.dmp

Filesize
64KB

Download
memory/4272-54-0x0000021D11940000-0x0000021D11950000-memory.dmp

Filesize
64KB

Download
memory/4272-52-0x0000021D11930000-0x0000021D11940000-memory.dmp

Filesize
64KB

Download
memory/4272-57-0x0000021D0FE00000-0x0000021D0FE01000-memory.dmp

Filesize
4KB

Download
memory/4272-59-0x0000021D11650000-0x0000021D118C0000-memory.dmp

Filesize
2.4MB

Download
memory/4272-62-0x0000021D118C0000-0x0000021D118D0000-memory.dmp

Filesize
64KB

Download
memory/4272-61-0x0000021D11960000-0x0000021D11970000-memory.dmp

Filesize
64KB

Download
memory/4272-60-0x0000021D11950000-0x0000021D11960000-memory.dmp

Filesize
64KB

Download
memory/4272-65-0x0000021D11970000-0x0000021D11980000-memory.dmp

Filesize
64KB

Download
memory/4272-64-0x0000021D118D0000-0x0000021D118E0000-memory.dmp

Filesize
64KB

Download
memory/4272-68-0x0000021D11980000-0x0000021D11990000-memory.dmp

Filesize
64KB

Download
memory/4272-72-0x0000021D11990000-0x0000021D119A0000-memory.dmp

Filesize
64KB

Download
memory/4272-71-0x0000021D118F0000-0x0000021D11900000-memory.dmp

Filesize
64KB

Download
memory/4272-74-0x0000021D119A0000-0x0000021D119B0000-memory.dmp

Filesize
64KB

Download
memory/4272-134-0x0000021D11AF0000-0x0000021D11B00000-memory.dmp

Filesize
64KB

Download
memory/4272-67-0x0000021D118E0000-0x0000021D118F0000-memory.dmp

Filesize
64KB

Download
memory/4272-77-0x0000021D119B0000-0x0000021D119C0000-memory.dmp

Filesize
64KB

Download
memory/4272-76-0x0000021D11910000-0x0000021D11920000-memory.dmp

Filesize
64KB

Download
memory/4272-80-0x0000021D119C0000-0x0000021D119D0000-memory.dmp

Filesize
64KB

Download
memory/4272-79-0x0000021D11920000-0x0000021D11930000-memory.dmp

Filesize
64KB

Download
memory/4272-84-0x0000021D119D0000-0x0000021D119E0000-memory.dmp

Filesize
64KB

Download
memory/4272-83-0x0000021D11930000-0x0000021D11940000-memory.dmp

Filesize
64KB

Download
memory/4272-85-0x0000021D119E0000-0x0000021D119F0000-memory.dmp

Filesize
64KB

Download
memory/4272-93-0x0000021D11A10000-0x0000021D11A20000-memory.dmp

Filesize
64KB

Download
memory/4272-98-0x0000021D11A30000-0x0000021D11A40000-memory.dmp

Filesize
64KB

Download
memory/4272-97-0x0000021D11A20000-0x0000021D11A30000-memory.dmp

Filesize
64KB

Download
memory/4272-96-0x0000021D11950000-0x0000021D11960000-memory.dmp

Filesize
64KB

Download
memory/4272-92-0x0000021D11A00000-0x0000021D11A10000-memory.dmp

Filesize
64KB

Download
memory/4272-91-0x0000021D119F0000-0x0000021D11A00000-memory.dmp

Filesize
64KB

Download
memory/4272-89-0x0000021D11940000-0x0000021D11950000-memory.dmp

Filesize
64KB

Download
memory/4272-100-0x0000021D11A40000-0x0000021D11A50000-memory.dmp

Filesize
64KB

Download
memory/4272-99-0x0000021D11960000-0x0000021D11970000-memory.dmp

Filesize
64KB

Download
memory/4272-103-0x0000021D11970000-0x0000021D11980000-memory.dmp

Filesize
64KB

Download
memory/4272-105-0x0000021D11A50000-0x0000021D11A60000-memory.dmp

Filesize
64KB

Download
memory/4272-106-0x0000021D11A60000-0x0000021D11A70000-memory.dmp

Filesize
64KB

Download
memory/4272-107-0x0000021D11980000-0x0000021D11990000-memory.dmp

Filesize
64KB

Download
memory/4272-108-0x0000021D11A70000-0x0000021D11A80000-memory.dmp

Filesize
64KB

Download
memory/4272-113-0x0000021D11A80000-0x0000021D11A90000-memory.dmp

Filesize
64KB

Download
memory/4272-116-0x0000021D11AA0000-0x0000021D11AB0000-memory.dmp

Filesize
64KB

Download
memory/4272-114-0x0000021D11A90000-0x0000021D11AA0000-memory.dmp

Filesize
64KB

Download
memory/4272-121-0x0000021D11AC0000-0x0000021D11AD0000-memory.dmp

Filesize
64KB

Download
memory/4272-120-0x0000021D11AB0000-0x0000021D11AC0000-memory.dmp

Filesize
64KB

Download
memory/4272-119-0x0000021D119B0000-0x0000021D119C0000-memory.dmp

Filesize
64KB

Download
memory/4272-115-0x0000021D119A0000-0x0000021D119B0000-memory.dmp

Filesize
64KB

Download
memory/4272-112-0x0000021D11990000-0x0000021D119A0000-memory.dmp

Filesize
64KB

Download
memory/4272-123-0x0000021D119C0000-0x0000021D119D0000-memory.dmp

Filesize
64KB

Download
memory/4272-124-0x0000021D11AD0000-0x0000021D11AE0000-memory.dmp

Filesize
64KB

Download
memory/4272-126-0x0000021D119D0000-0x0000021D119E0000-memory.dmp

Filesize
64KB

Download
memory/4272-128-0x0000021D11AE0000-0x0000021D11AF0000-memory.dmp

Filesize
64KB

Download
memory/4272-137-0x0000021D11A20000-0x0000021D11A30000-memory.dmp

Filesize
64KB

Download
memory/4272-131-0x0000021D119F0000-0x0000021D11A00000-memory.dmp

Filesize
64KB

Download
memory/4272-132-0x0000021D11A00000-0x0000021D11A10000-memory.dmp

Filesize
64KB

Download
memory/4272-73-0x0000021D11900000-0x0000021D11910000-memory.dmp

Filesize
64KB

Download
memory/4272-25-0x0000021D118D0000-0x0000021D118E0000-memory.dmp

Filesize
64KB

Download
memory/4272-22-0x0000021D118C0000-0x0000021D118D0000-memory.dmp

Filesize
64KB

Download
memory/4272-139-0x0000021D11B00000-0x0000021D11B10000-memory.dmp

Filesize
64KB

Download
memory/4272-133-0x0000021D11A10000-0x0000021D11A20000-memory.dmp

Filesize
64KB

Download
memory/4272-143-0x0000021D11B10000-0x0000021D11B20000-memory.dmp

Filesize
64KB

Download
memory/4272-142-0x0000021D11A40000-0x0000021D11A50000-memory.dmp

Filesize
64KB

Download
memory/4272-147-0x0000021D11A60000-0x0000021D11A70000-memory.dmp

Filesize
64KB

Download
memory/4272-148-0x0000021D11B20000-0x0000021D11B30000-memory.dmp

Filesize
64KB

Download
memory/4272-146-0x0000021D11A50000-0x0000021D11A60000-memory.dmp

Filesize
64KB

Download
memory/4272-150-0x0000021D11A80000-0x0000021D11A90000-memory.dmp

Filesize
64KB

Download
memory/4272-151-0x0000021D11B30000-0x0000021D11B40000-memory.dmp

Filesize
64KB

Download
memory/4272-149-0x0000021D11A70000-0x0000021D11A80000-memory.dmp

Filesize
64KB

Download
memory/4272-154-0x0000021D11B40000-0x0000021D11B50000-memory.dmp

Filesize
64KB

Download
memory/4272-153-0x0000021D11A90000-0x0000021D11AA0000-memory.dmp

Filesize
64KB

Download
memory/4272-157-0x0000021D11AA0000-0x0000021D11AB0000-memory.dmp

Filesize
64KB

Download
memory/4272-159-0x0000021D11B60000-0x0000021D11B70000-memory.dmp

Filesize
64KB

Download
memory/4272-158-0x0000021D11B50000-0x0000021D11B60000-memory.dmp

Filesize
64KB

Download
memory/4272-164-0x0000021D11B70000-0x0000021D11B80000-memory.dmp

Filesize
64KB

Download
memory/4272-163-0x0000021D11AC0000-0x0000021D11AD0000-memory.dmp

Filesize
64KB

Download
memory/4272-162-0x0000021D11AB0000-0x0000021D11AC0000-memory.dmp

Filesize
64KB

Download
memory/4272-168-0x0000021D11B80000-0x0000021D11B90000-memory.dmp

Filesize
64KB

Download
memory/4272-167-0x0000021D11AD0000-0x0000021D11AE0000-memory.dmp

Filesize
64KB

Download
memory/4272-166-0x0000021D0FE00000-0x0000021D0FE01000-memory.dmp

Filesize
4KB

Download
memory/4272-172-0x0000021D11AE0000-0x0000021D11AF0000-memory.dmp

Filesize
64KB

Download
memory/4272-173-0x0000021D11B90000-0x0000021D11BA0000-memory.dmp

Filesize
64KB

Download
memory/4272-176-0x0000021D11BA0000-0x0000021D11BB0000-memory.dmp

Filesize
64KB

Download
memory/4272-175-0x0000021D11AF0000-0x0000021D11B00000-memory.dmp

Filesize
64KB

Download
memory/4272-180-0x0000021D11B00000-0x0000021D11B10000-memory.dmp

Filesize
64KB

Download
memory/4272-181-0x0000021D11BB0000-0x0000021D11BC0000-memory.dmp

Filesize
64KB

Download
memory/4272-183-0x0000021D11B10000-0x0000021D11B20000-memory.dmp

Filesize
64KB

Download
memory/4272-185-0x0000021D11BD0000-0x0000021D11BE0000-memory.dmp

Filesize
64KB

Download
memory/4272-184-0x0000021D11BC0000-0x0000021D11BD0000-memory.dmp

Filesize
64KB

Download
memory/4272-187-0x0000021D11B20000-0x0000021D11B30000-memory.dmp

Filesize
64KB

Download
memory/4272-188-0x0000021D11BE0000-0x0000021D11BF0000-memory.dmp

Filesize
64KB

Download
memory/4272-194-0x0000021D11B40000-0x0000021D11B50000-memory.dmp

Filesize
64KB

Download
memory/4272-193-0x0000021D11C00000-0x0000021D11C10000-memory.dmp

Filesize
64KB

Download
memory/4272-192-0x0000021D11BF0000-0x0000021D11C00000-memory.dmp

Filesize
64KB

Download
memory/4272-191-0x0000021D11B30000-0x0000021D11B40000-memory.dmp

Filesize
64KB

Download
memory/4272-197-0x0000021D0FE00000-0x0000021D0FE01000-memory.dmp

Filesize
4KB

Download
memory/4272-269-0x0000021D0FE00000-0x0000021D0FE01000-memory.dmp

Filesize
4KB

Download
memory/4272-270-0x0000021D0FE00000-0x0000021D0FE01000-memory.dmp

Filesize
4KB

Download
memory/4272-287-0x0000021D0FE00000-0x0000021D0FE01000-memory.dmp

Filesize
4KB

Download
memory/4272-290-0x0000021D0FE00000-0x0000021D0FE01000-memory.dmp

Filesize
4KB

Download
memory/4272-297-0x0000021D0FE00000-0x0000021D0FE01000-memory.dmp

Filesize
4KB

Download
memory/4272-299-0x0000021D0FE00000-0x0000021D0FE01000-memory.dmp

Filesize
4KB

Download
memory/4272-369-0x0000021D0FE00000-0x0000021D0FE01000-memory.dmp

Filesize
4KB

Download
memory/4272-377-0x0000021D0FE00000-0x0000021D0FE01000-memory.dmp

Filesize
4KB

Download
memory/4272-387-0x0000021D0FE00000-0x0000021D0FE01000-memory.dmp

Filesize
4KB

Download
memory/4272-396-0x0000021D0FE00000-0x0000021D0FE01000-memory.dmp

Filesize
4KB

Download
memory/4272-402-0x0000021D0FE00000-0x0000021D0FE01000-memory.dmp

Filesize
4KB

Download
memory/4272-408-0x0000021D0FE00000-0x0000021D0FE01000-memory.dmp

Filesize
4KB

Download
memory/4272-412-0x0000021D0FE00000-0x0000021D0FE01000-memory.dmp

Filesize
4KB

Download
memory/4272-411-0x0000021D0FE00000-0x0000021D0FE01000-memory.dmp

Filesize
4KB

Download
memory/4272-413-0x0000021D0FE00000-0x0000021D0FE01000-memory.dmp

Filesize
4KB

Download
memory/4272-15-0x0000021D0FE00000-0x0000021D0FE01000-memory.dmp

Filesize
4KB

Download
memory/4272-2-0x0000021D11650000-0x0000021D118C0000-memory.dmp

Filesize
2.4MB

Download
memory/4272-416-0x0000021D0FE00000-0x0000021D0FE01000-memory.dmp

Filesize
4KB

Download
memory/4272-422-0x0000021D0FE00000-0x0000021D0FE01000-memory.dmp

Filesize
4KB

Download