05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf

Resubmissions

31/05/2024, 21:27

240531-1avt4aeg77 7

31/05/2024, 21:23

240531-z8y4qsdh2s 7

Analysis

max time kernel
150s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 21:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SKlauncher-3.2.exe
Size

1.6MB
MD5

b63468dd118dfbca5ef7967ba344e0e3
SHA1

2ba4f0df5f3bd284bf2a89aba320e4440d8b8355
SHA256

05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf
SHA512

007ecb7445dc0c01a802b5a2c91313aae59f9dc96e27455dd85e7a92a4e649d683fbc2ada5f48925d9ab3b4fdaea20aa89eeb442fde079902aecb5ca3454a548
SSDEEP

49152:HIBc3n9dRvwVlzhFAQ/ggUTPQjYEiim7V:oBaO/FAqMQjYEXm

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
4404	SKlauncher-3.2.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
1240	icacls.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4404	SKlauncher-3.2.exe
4404	SKlauncher-3.2.exe
4404	SKlauncher-3.2.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 4404 wrote to memory of 3516	4404	SKlauncher-3.2.exe	82
PID 4404 wrote to memory of 3516	4404	SKlauncher-3.2.exe	82
PID 3516 wrote to memory of 1240	3516	java.exe	85
PID 3516 wrote to memory of 1240	3516	java.exe	85
PID 4404 wrote to memory of 2924	4404	SKlauncher-3.2.exe	87
PID 4404 wrote to memory of 2924	4404	SKlauncher-3.2.exe	87
PID 4404 wrote to memory of 996	4404	SKlauncher-3.2.exe	95
PID 4404 wrote to memory of 996	4404	SKlauncher-3.2.exe	95

C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe
"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4404
- \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
  "c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3516
- - C:\Windows\system32\icacls.exe
    C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
    3⤵
    - Modifies file permissions
    PID:1240
- \??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
  "c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version
  2⤵
  PID:2924
- C:\Windows\SYSTEM32\reg.exe
  reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme
  2⤵
  PID:996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
34c54203dc26f97bf20ee31095eb3926

SHA1
395a98fc911738b46963a830235be0aca4be619d

SHA256
e679d3c73c024bb90d94f3d8881ecb00ddcc1afe962c2840d67ad6bf7f799e71

SHA512
4c15e875a29e92d4c22e47d400bf73a09de73f59e2ea9ba1b102baab286bac112f2bc2b20290d671ed3a595c9c88e2dde0536d91a8ab135f6f3db5b0cadcc27c

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF1337749269612244474.tmp

Filesize
405KB

MD5
8f2869a84ad71f156a17bb66611ebe22

SHA1
0325b9b3992fa2fdc9c715730a33135696c68a39

SHA256
0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1

SHA512
3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF4513574062861803808.tmp

Filesize
397KB

MD5
fdb50e0d48cdcf775fa1ac0dc3c33bd4

SHA1
5c95e5d66572aeca303512ba41a8dde0cea92c80

SHA256
64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123

SHA512
20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF74008788615945911.tmp

Filesize
398KB

MD5
ff5fdc6f42c720a3ebd7b60f6d605888

SHA1
460c18ddf24846e3d8792d440fd9a750503aef1b

SHA256
1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1

SHA512
d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j4853.tmp_dir1717190858\SKlauncher-3.2.jar

Filesize
1.1MB

MD5
4d653e61ba01a521c56b9a70a9c9814e

SHA1
de855dc3dbc914b497b58da92e0c21fff660796d

SHA256
f7d3e01dcfc001cc80a988c518d4358955842d140054214d1367972c5c543350

SHA512
e6a7db6e2893b5b01dd0c84a230d88abf50da63ceb1af5754a2c4c1fbd307a799a74f3f368430d3beb33590cda2e0a3cf509fef11c4477b76e8d3c4a582b5def

Download Submit
C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4583219637600.dll

Filesize
22KB

MD5
dcd68a87b7e6edbcfde48150403b22eb

SHA1
28e4839a29725075772fccc39b44e194eb91e477

SHA256
ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c

SHA512
ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_profiles.json.bak

Filesize
559B

MD5
a35de960013f925b564bf3981923f75d

SHA1
ee48d21680d14250dc21d8179c8df50c72993c7d

SHA256
120abdd8b429fd0e43d344742a390c8cf540a16cea1ca7164da5fff03680644c

SHA512
db241da29f4f2c2bb5c184fecf5d3af962e8026c20c925b7a410acfaad5cd826039893f28b7f955d55b7eccc357a75957262b085bcc92bc2b452835c5de05f1d

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\java.scripting\ASSEMBLY_EXCEPTION

Filesize
43B

MD5
bd468da51b15a9f09778545b00265f34

SHA1
c80e4bab46e34d02826eab226a4441d0970f2aba

SHA256
7901499314e881a978d80a31970f0daec92d4995f3305e31fb53c38d9cc6ec3b

SHA512
2c1d43c3e17bb2fca24a77bea3d2b3954a47da92e0cdd0738509bffcdbe2935c11764cd5af50439061638bba8b8d59da29e97ea7404ea605f7575fc13395ca93

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.incubator.vector\ADDITIONAL_LICENSE_INFO

Filesize
48B

MD5
512f151af02b6bd258428b784b457531

SHA1
84d2102ad171863db04e7ee22a259d1f6c5de4a5

SHA256
d255311b0a181e243de326d111502a8b1dc7277b534a295a8340ab5230e74c83

SHA512
1a305bc333c7c2055a334dc67734db587fd6fda457b46c8df8f17ded0a8982e3830970bee75cc17274aa0a4082f32792b5dbff88410fa43cc61b55c1dce4c129

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.internal.opt\LICENSE

Filesize
32B

MD5
663f71c746cc2002aa53b066b06c88ab

SHA1
12976a6c2b227cbac58969c1455444596c894656

SHA256
d60635c89c9f352ae1e66ef414344f290f5b5f7ce5c23d9633d41fde0909df80

SHA512
507b7d09d3bcd9a24f0b4eeda67167595ac6ad37cd19fb31cd8f5ce8466826840c582cb5dc012a4bd51b55e01bb551e207e9da9e0d51948e89f962ba09606aab

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar

Filesize
14.1MB

MD5
ac8b9c127c61312f910e7b03623dd371

SHA1
8c646ae823bb4446300cb6818cc0c31e607c688c

SHA256
f4cd3f5c38ef14a95e5a1ff84151fc4e84e3ca26d4b0cbdbc711d5c60adc5ea7

SHA512
bf9fec51dbbba852450f202cf355c0810c09a4a0912c810a69e7b516cfaba0066b61adc6fafd25a0eac102409089133168b3eb29700c7c6a5a1cd3fcedf77864

Download Submit
memory/2924-31-0x00000115B3F30000-0x00000115B41A0000-memory.dmp

Filesize
2.4MB

Download
memory/2924-30-0x00000115B2700000-0x00000115B2701000-memory.dmp

Filesize
4KB

Download
memory/2924-20-0x00000115B3F30000-0x00000115B41A0000-memory.dmp

Filesize
2.4MB

Download
memory/3516-5-0x000002C5A26A0000-0x000002C5A2910000-memory.dmp

Filesize
2.4MB

Download
memory/3516-16-0x000002C5A26A0000-0x000002C5A2910000-memory.dmp

Filesize
2.4MB

Download
memory/3516-15-0x000002C5A2680000-0x000002C5A2681000-memory.dmp

Filesize
4KB

Download
memory/4404-34-0x0000000003050000-0x00000000032C0000-memory.dmp

Filesize
2.4MB

Download
memory/4404-202-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/4404-207-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/4404-219-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/4404-181-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/4404-179-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/4404-154-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/4404-136-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/4404-778-0x0000000003050000-0x00000000032C0000-memory.dmp

Filesize
2.4MB

Download
memory/4404-131-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/4404-83-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/4404-49-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download
memory/4404-45-0x0000000002EA0000-0x0000000002EA1000-memory.dmp

Filesize
4KB

Download