Malware Analysis Report

2024-10-16 06:33

Sample ID 240608-vsmzbadf8z
Target SKlauncher-3.2.exe
SHA256 05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf
Tags
discovery
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral16

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral11

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral5

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral6

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral12

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral20

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral10

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral15

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral18

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral21

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral22

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral7

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral9

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral13

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral14

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral17

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral19

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral8

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

05ae2f0dd61ef10019b94c200e8df192b767bb4cc24a7e7b329ab43cc9c74caf

Threat Level: Shows suspicious behavior

The file SKlauncher-3.2.exe was found to be: Shows suspicious behavior.

Malicious Activity Summary

discovery

Loads dropped DLL

Modifies file permissions

Unsigned PE

Suspicious use of SetWindowsHookEx

Enumerates system info in registry

Suspicious use of SendNotifyMessage

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-06-08 17:15

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral16

Detonation Overview

Submitted

2024-06-08 17:15

Reported

2024-06-08 17:16

Platform

debian9-armhf-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-08 17:15

Reported

2024-06-08 17:21

Platform

win7-20240419-en

Max time kernel

117s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"

Signatures

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2760 wrote to memory of 2160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 2160 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 2568 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1672 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 1648 wrote to memory of 1984 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 1704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 1704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 1704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 1704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 1704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 1704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 1704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 1704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 1704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 1704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 1704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 1704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 1704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 1704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 1704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2760 wrote to memory of 1704 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe

"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6879758,0x7fef6879768,0x7fef6879778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6879758,0x7fef6879768,0x7fef6879778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1188 --field-trial-handle=1340,i,9731245441374297185,14300689091545502933,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1480 --field-trial-handle=1340,i,9731245441374297185,14300689091545502933,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1400,i,6195621203490550672,3934868574132342615,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1412 --field-trial-handle=1400,i,6195621203490550672,3934868574132342615,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1492 --field-trial-handle=1400,i,6195621203490550672,3934868574132342615,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2044 --field-trial-handle=1400,i,6195621203490550672,3934868574132342615,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2064 --field-trial-handle=1400,i,6195621203490550672,3934868574132342615,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2016 --field-trial-handle=1400,i,6195621203490550672,3934868574132342615,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3248 --field-trial-handle=1400,i,6195621203490550672,3934868574132342615,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3524 --field-trial-handle=1400,i,6195621203490550672,3934868574132342615,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3536 --field-trial-handle=1400,i,6195621203490550672,3934868574132342615,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3720 --field-trial-handle=1400,i,6195621203490550672,3934868574132342615,131072 /prefetch:8

Network

Country Destination Domain Proto
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:443 www.google.com tcp
FR 172.217.20.196:443 www.google.com udp
US 8.8.8.8:53 apis.google.com udp
FR 142.250.178.142:443 apis.google.com tcp
US 8.8.8.8:53 play.google.com udp
FR 172.217.20.174:443 play.google.com tcp
FR 172.217.20.174:443 play.google.com tcp
N/A 224.0.0.251:5353 udp

Files

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 9459aa09d99c77cd8234ab590a23f290
SHA1 a22d8eb9e980a15c7fca074d80ecafcbc9d5098f
SHA256 1ec747b8e12f84b4ce533c07f63fd573d066e366e44e3b81e2bc4a5a4c53e77f
SHA512 0415800bcf68d4c096a65aaed32477dd136f3e6a920fc2f96e6d2f849976d5ab0fe03619ac51e25201742ac75e4f72271d26de8ddd80d3e7904ffaf221a2b4cf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 f732dbed9289177d15e236d0f8f2ddd3
SHA1 53f822af51b014bc3d4b575865d9c3ef0e4debde
SHA256 2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93
SHA512 b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

MD5 18e723571b00fb1694a3bad6c78e4054
SHA1 afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA256 8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA512 43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

\??\pipe\crashpad_1648_FBLXLQRYEAWHAMTD

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d278e8e3-e7da-46d3-accd-45f90a69adf9.tmp

MD5 d4db0e27706e7a01af0b7760406b8ea6
SHA1 fc07c80b37d9695ff8902e06655262d218959f31
SHA256 dc4dfdd14f57d351b04ffb20079a11abcc41d804310120805fd3195a2986c3a4
SHA512 89e9f7feac00e9894f4393d42691f31c49ad763096b3c5f1905c24fe7a912639c99a22d93290fb31b6e55e7fe91ee7980a2976d9b50c25d843433a316707d91f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 3fa7e763fca3e2b4cc57e2101fdf2026
SHA1 10eedebf9e4de3256e83dd6e04aaf25f3630741d
SHA256 fb4905e281971880dd0acedf34ea7da48d7070932c5a86b5428f048ec3120e8e
SHA512 de6a6948a985fdbd7e63fa089b96e61ce9ab26e17b72c743f68ddeedf6657cc18fd2be878a0eb4313e5b8695664f77be02725c96c205582b572521827f281f7e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

MD5 aefd77f47fb84fae5ea194496b44c67a
SHA1 dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA256 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512 b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

MD5 bc6142469cd7dadf107be9ad87ea4753
SHA1 72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c
SHA256 b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557
SHA512 47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\85f26dc2-8a1a-4b80-9e35-54b1ed5b8e62.tmp

MD5 cf26c20d2a23785b6f62f4818d5eb8cf
SHA1 11a6fbbdb3b2e9ac24c5560382c0a3086acaf6a5
SHA256 47eb3c4291162e6129c6579e70c55b561e1d8e24c910db961ec536a9156cb1de
SHA512 ee0dace59e77024ae91d5e3f6f0f10425df3fefba68540d883caca4a97e90fc3e37a46ccd68664946a7e427f2522cf7d9e6cdeb85e1592e494013e42fd0d070a

Analysis: behavioral11

Detonation Overview

Submitted

2024-06-08 17:15

Reported

2024-06-08 17:21

Platform

macos-20240410-en

Max time kernel

235s

Max time network

263s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/SKlauncher-3.2.exe"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/SKlauncher-3.2.exe"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/SKlauncher-3.2.exe"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/SKlauncher-3.2.exe]

/bin/zsh

[/bin/zsh -c /Users/run/SKlauncher-3.2.exe]

/Users/run/SKlauncher-3.2.exe

[/Users/run/SKlauncher-3.2.exe]

/usr/bin/pluginkit

[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdater0BF23177/OneDrive.app]

/usr/sbin/spctl

[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]

/bin/launchctl

[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]

/usr/libexec/xpcproxy

[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]

/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService

[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]

Network

Country Destination Domain Proto
US 151.101.67.6:443 tcp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.42.73.27:443 tcp
US 8.8.8.8:53 api.apple-cloudkit.fe2.apple-dns.net udp
GB 17.250.81.67:443 api.apple-cloudkit.fe2.apple-dns.net tcp
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 mobile.events.data.trafficmanager.net udp
US 20.189.173.27:443 mobile.events.data.trafficmanager.net tcp
US 8.8.8.8:53 cds.apple.com udp
BE 104.68.86.71:443 cds.apple.com tcp
US 8.8.8.8:53 help.apple.com udp
US 23.220.113.166:443 help.apple.com tcp
US 23.220.113.166:443 help.apple.com tcp

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-08 17:15

Reported

2024-06-08 17:21

Platform

win10v2004-20240508-en

Max time kernel

300s

Max time network

202s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe

"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"

\??\c:\PROGRA~1\java\jre-1.8\bin\java.exe

"c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

\??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe

"c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version

C:\Windows\SYSTEM32\reg.exe

reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 217.106.137.52.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 files.skmedix.pl udp
US 172.67.199.2:443 files.skmedix.pl tcp
US 8.8.8.8:53 2.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 piston-meta.mojang.com udp
US 8.8.8.8:53 meta.skmedix.pl udp
US 13.107.246.64:443 piston-meta.mojang.com tcp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 12.50.21.104.in-addr.arpa udp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 8.8.8.8:53 beta.skmedix.pl udp
US 104.21.50.12:443 beta.skmedix.pl tcp
US 8.8.8.8:53 232.168.11.51.in-addr.arpa udp
US 104.21.50.12:443 beta.skmedix.pl tcp
US 104.21.50.12:443 beta.skmedix.pl tcp
US 8.8.8.8:53 rsms.me udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.21.234.235:443 rsms.me tcp
US 104.16.79.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 235.234.21.104.in-addr.arpa udp
US 8.8.8.8:53 72.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 73.79.16.104.in-addr.arpa udp
US 8.8.8.8:53 launchercontent.mojang.com udp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 8.8.8.8:53 analytics.google.com udp
US 8.8.8.8:53 stats.g.doubleclick.net udp
BE 64.233.166.154:443 stats.g.doubleclick.net tcp
FR 172.217.20.206:443 analytics.google.com tcp
US 104.21.50.12:443 beta.skmedix.pl tcp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 8.8.8.8:53 154.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 206.20.217.172.in-addr.arpa udp
US 8.8.8.8:53 183.59.114.20.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 udp
N/A 20.189.173.7:443 tcp

Files

memory/5052-5-0x000001F3066E0000-0x000001F306950000-memory.dmp

memory/5052-15-0x000001F3066C0000-0x000001F3066C1000-memory.dmp

memory/5052-16-0x000001F3066E0000-0x000001F306950000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 1065bf2c6d107c566ff15d742122bea6
SHA1 8722b7f2e99afa74e63ba0341e7ade88f0476e81
SHA256 8f96157d598e04767a9f182967be5a90ced6d2535657230e673e5af4bf0a1a59
SHA512 68e2869b447372fb28b32114f6a90c0be7332756973220e41857f8b8747996565a8a33c7b3fb9bc3b335dab7beac8e7ca2eb92e7a68497e252026e363baeb5ca

memory/1776-20-0x000001A43B780000-0x000001A43B9F0000-memory.dmp

memory/1776-30-0x000001A43B760000-0x000001A43B761000-memory.dmp

memory/1776-31-0x000001A43B780000-0x000001A43B9F0000-memory.dmp

memory/2492-34-0x00000000028E0000-0x0000000002B50000-memory.dmp

memory/2492-45-0x0000000002590000-0x0000000002591000-memory.dmp

memory/2492-49-0x0000000002590000-0x0000000002591000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4688587410400.dll

MD5 dcd68a87b7e6edbcfde48150403b22eb
SHA1 28e4839a29725075772fccc39b44e194eb91e477
SHA256 ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c
SHA512 ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71

memory/2492-82-0x0000000002590000-0x0000000002591000-memory.dmp

memory/2492-121-0x0000000002590000-0x0000000002591000-memory.dmp

memory/2492-125-0x0000000002590000-0x0000000002591000-memory.dmp

memory/2492-139-0x0000000002590000-0x0000000002591000-memory.dmp

memory/2492-164-0x0000000002590000-0x0000000002591000-memory.dmp

memory/2492-166-0x0000000002590000-0x0000000002591000-memory.dmp

C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar

MD5 9b59fa715db2f9f8f6ed9e14f3768ed3
SHA1 9d46c5898c653fb1785e399b74f26633107d0bde
SHA256 fab6dede2f59dc4b7b6be032fbce1209a93aca02b7d6c126e3f1584148230146
SHA512 e9e84b056e0f1d8be544194a275ca61b5e6820dbbd701dec5aa75b804705ab33cb826314c0f6edd527cffa84de80062c559f9fb49c53b5bbfda9481bd138be5f

memory/2492-182-0x0000000002590000-0x0000000002591000-memory.dmp

memory/2492-184-0x0000000002590000-0x0000000002591000-memory.dmp

memory/2492-183-0x0000000002590000-0x0000000002591000-memory.dmp

memory/2492-187-0x0000000002590000-0x0000000002591000-memory.dmp

memory/2492-249-0x0000000002590000-0x0000000002591000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\+JXF4588858999821118875.tmp

MD5 fdb50e0d48cdcf775fa1ac0dc3c33bd4
SHA1 5c95e5d66572aeca303512ba41a8dde0cea92c80
SHA256 64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123
SHA512 20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53

memory/2492-298-0x0000000002590000-0x0000000002591000-memory.dmp

memory/2492-300-0x0000000002590000-0x0000000002591000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\e4j7474.tmp_dir1717866990\SKlauncher-3.2.jar

MD5 4d653e61ba01a521c56b9a70a9c9814e
SHA1 de855dc3dbc914b497b58da92e0c21fff660796d
SHA256 f7d3e01dcfc001cc80a988c518d4358955842d140054214d1367972c5c543350
SHA512 e6a7db6e2893b5b01dd0c84a230d88abf50da63ceb1af5754a2c4c1fbd307a799a74f3f368430d3beb33590cda2e0a3cf509fef11c4477b76e8d3c4a582b5def

C:\Users\Admin\AppData\Local\Temp\+JXF4095237203492466448.tmp

MD5 8f2869a84ad71f156a17bb66611ebe22
SHA1 0325b9b3992fa2fdc9c715730a33135696c68a39
SHA256 0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1
SHA512 3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834

C:\Users\Admin\AppData\Local\Temp\+JXF1738032737083720138.tmp

MD5 ff5fdc6f42c720a3ebd7b60f6d605888
SHA1 460c18ddf24846e3d8792d440fd9a750503aef1b
SHA256 1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1
SHA512 d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3

memory/2492-788-0x00000000028E0000-0x0000000002B50000-memory.dmp

Analysis: behavioral5

Detonation Overview

Submitted

2024-06-08 17:15

Reported

2024-06-08 17:21

Platform

win11-20240426-en

Max time kernel

291s

Max time network

202s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe

"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"

\??\c:\PROGRA~1\java\jre-1.8\bin\java.exe

"c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

\??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe

"c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version

C:\Windows\SYSTEM32\reg.exe

reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme

Network

Country Destination Domain Proto
US 8.8.8.8:53 files.skmedix.pl udp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 8.8.8.8:53 12.50.21.104.in-addr.arpa udp
US 13.107.246.64:443 piston-meta.mojang.com tcp
US 104.21.50.12:443 beta.skmedix.pl tcp
US 104.21.50.12:443 beta.skmedix.pl tcp
US 104.21.50.12:443 beta.skmedix.pl tcp
US 104.21.50.12:443 beta.skmedix.pl tcp
US 104.21.50.12:443 beta.skmedix.pl tcp
US 104.21.50.12:443 beta.skmedix.pl tcp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.21.234.235:443 rsms.me tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 13.107.246.64:443 piston-meta.mojang.com tcp
BE 64.233.166.154:443 stats.g.doubleclick.net tcp
US 216.239.32.181:443 analytics.google.com tcp
US 13.107.246.64:443 piston-meta.mojang.com tcp
US 13.107.246.64:443 piston-meta.mojang.com tcp
US 13.107.246.64:443 piston-meta.mojang.com tcp
US 8.8.8.8:53 181.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 154.166.233.64.in-addr.arpa udp

Files

memory/4136-5-0x0000026080000000-0x0000026080270000-memory.dmp

memory/4136-15-0x00000260F5430000-0x00000260F5431000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 d81753b021dce2495d11d060d65ab619
SHA1 4c82d967abd848b6cb787f85b6ddeca53a06ba7b
SHA256 6945b7a070498ebc220c200930a3b45f6d1027f9bbf1d07e144643cf610ffdcd
SHA512 4172cd9550cfa45e973d49621305a7ec637432e1261ac7717576340f6f1921f91ece0979b92f46e0b60a589dc33e956966d333ce1af181692e131402e5b4820e

memory/4136-17-0x0000026080000000-0x0000026080270000-memory.dmp

memory/3172-20-0x000002A1BD340000-0x000002A1BD5B0000-memory.dmp

memory/3172-30-0x000002A1BBA50000-0x000002A1BBA51000-memory.dmp

memory/3172-31-0x000002A1BD340000-0x000002A1BD5B0000-memory.dmp

memory/1548-34-0x0000000002D50000-0x0000000002FC0000-memory.dmp

memory/1548-45-0x0000000002990000-0x0000000002991000-memory.dmp

memory/1548-49-0x0000000002990000-0x0000000002991000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4513705589200.dll

MD5 dcd68a87b7e6edbcfde48150403b22eb
SHA1 28e4839a29725075772fccc39b44e194eb91e477
SHA256 ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c
SHA512 ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71

memory/1548-81-0x0000000002990000-0x0000000002991000-memory.dmp

memory/1548-121-0x0000000002990000-0x0000000002991000-memory.dmp

memory/1548-124-0x0000000002990000-0x0000000002991000-memory.dmp

memory/1548-135-0x0000000002990000-0x0000000002991000-memory.dmp

memory/1548-165-0x0000000002990000-0x0000000002991000-memory.dmp

C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar

MD5 9b59fa715db2f9f8f6ed9e14f3768ed3
SHA1 9d46c5898c653fb1785e399b74f26633107d0bde
SHA256 fab6dede2f59dc4b7b6be032fbce1209a93aca02b7d6c126e3f1584148230146
SHA512 e9e84b056e0f1d8be544194a275ca61b5e6820dbbd701dec5aa75b804705ab33cb826314c0f6edd527cffa84de80062c559f9fb49c53b5bbfda9481bd138be5f

memory/1548-186-0x0000000002990000-0x0000000002991000-memory.dmp

memory/1548-219-0x0000000002990000-0x0000000002991000-memory.dmp

memory/1548-230-0x0000000002990000-0x0000000002991000-memory.dmp

memory/1548-248-0x0000000002990000-0x0000000002991000-memory.dmp

memory/1548-251-0x0000000002990000-0x0000000002991000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\+JXF7281405468618339245.tmp

MD5 fdb50e0d48cdcf775fa1ac0dc3c33bd4
SHA1 5c95e5d66572aeca303512ba41a8dde0cea92c80
SHA256 64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123
SHA512 20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53

memory/1548-306-0x0000000002990000-0x0000000002991000-memory.dmp

memory/1548-317-0x0000000002990000-0x0000000002991000-memory.dmp

memory/1548-315-0x0000000002990000-0x0000000002991000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\e4j5062.tmp_dir1717866991\SKlauncher-3.2.jar

MD5 4d653e61ba01a521c56b9a70a9c9814e
SHA1 de855dc3dbc914b497b58da92e0c21fff660796d
SHA256 f7d3e01dcfc001cc80a988c518d4358955842d140054214d1367972c5c543350
SHA512 e6a7db6e2893b5b01dd0c84a230d88abf50da63ceb1af5754a2c4c1fbd307a799a74f3f368430d3beb33590cda2e0a3cf509fef11c4477b76e8d3c4a582b5def

C:\Users\Admin\AppData\Local\Temp\+JXF6092277588602530086.tmp

MD5 8f2869a84ad71f156a17bb66611ebe22
SHA1 0325b9b3992fa2fdc9c715730a33135696c68a39
SHA256 0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1
SHA512 3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834

C:\Users\Admin\AppData\Local\Temp\+JXF3745586560683833877.tmp

MD5 ff5fdc6f42c720a3ebd7b60f6d605888
SHA1 460c18ddf24846e3d8792d440fd9a750503aef1b
SHA256 1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1
SHA512 d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3

memory/1548-812-0x0000000002D50000-0x0000000002FC0000-memory.dmp

Analysis: behavioral6

Detonation Overview

Submitted

2024-06-08 17:15

Reported

2024-06-08 17:16

Platform

android-x64-arm64-20240603-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral12

Detonation Overview

Submitted

2024-06-08 17:15

Reported

2024-06-08 17:21

Platform

macos-20240410-en

Max time kernel

110s

Max time network

148s

Command Line

[sh -c sudo /bin/zsh -c "/Users/run/SKlauncher-3.2.exe"]

Signatures

N/A

Processes

/bin/sh

[sh -c sudo /bin/zsh -c "/Users/run/SKlauncher-3.2.exe"]

/bin/bash

[sh -c sudo /bin/zsh -c "/Users/run/SKlauncher-3.2.exe"]

/usr/bin/sudo

[sudo /bin/zsh -c /Users/run/SKlauncher-3.2.exe]

/bin/zsh

[/bin/zsh -c /Users/run/SKlauncher-3.2.exe]

/Users/run/SKlauncher-3.2.exe

[/Users/run/SKlauncher-3.2.exe]

Network

Country Destination Domain Proto
US 8.8.8.8:53 bag-cdn-lb.itunes-apple.com.akadns.net udp
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral20

Detonation Overview

Submitted

2024-06-08 17:15

Reported

2024-06-08 17:16

Platform

ubuntu2004-amd64-20240508-en

Max time kernel

0s

Max time network

0s

Command Line

[/tmp/SKlauncher-3.2.exe]

Signatures

N/A

Processes

/tmp/SKlauncher-3.2.exe

[/tmp/SKlauncher-3.2.exe]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-08 17:15

Reported

2024-06-08 17:21

Platform

win10-20240404-en

Max time kernel

259s

Max time network

255s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"

Signatures

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe N/A

Modifies file permissions

discovery
Description Indicator Process Target
N/A N/A C:\Windows\system32\icacls.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe

"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"

\??\c:\PROGRA~1\java\jre-1.8\bin\java.exe

"c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version

C:\Windows\system32\icacls.exe

C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M

\??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe

"c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version

C:\Windows\SYSTEM32\reg.exe

reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme

Network

Country Destination Domain Proto
US 8.8.8.8:53 files.skmedix.pl udp
US 172.67.199.2:443 files.skmedix.pl tcp
US 8.8.8.8:53 2.199.67.172.in-addr.arpa udp
US 8.8.8.8:53 piston-meta.mojang.com udp
US 8.8.8.8:53 meta.skmedix.pl udp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 13.107.246.64:443 piston-meta.mojang.com tcp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 104.21.50.12:443 meta.skmedix.pl tcp
US 8.8.8.8:53 12.50.21.104.in-addr.arpa udp
US 8.8.8.8:53 beta.skmedix.pl udp
US 104.21.50.12:443 beta.skmedix.pl tcp
US 104.21.50.12:443 beta.skmedix.pl tcp
US 104.21.50.12:443 beta.skmedix.pl tcp
US 8.8.8.8:53 rsms.me udp
US 8.8.8.8:53 static.cloudflareinsights.com udp
US 104.21.234.235:443 rsms.me tcp
US 104.16.80.73:443 static.cloudflareinsights.com tcp
US 8.8.8.8:53 235.234.21.104.in-addr.arpa udp
US 8.8.8.8:53 launchercontent.mojang.com udp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 8.8.8.8:53 stats.g.doubleclick.net udp
US 8.8.8.8:53 analytics.google.com udp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 13.107.246.64:443 launchercontent.mojang.com tcp
US 216.239.36.181:443 analytics.google.com tcp
BE 64.233.166.154:443 stats.g.doubleclick.net tcp
US 8.8.8.8:53 73.80.16.104.in-addr.arpa udp
US 8.8.8.8:53 72.214.58.216.in-addr.arpa udp
US 8.8.8.8:53 181.36.239.216.in-addr.arpa udp
US 8.8.8.8:53 154.166.233.64.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 27.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 203.107.17.2.in-addr.arpa udp

Files

memory/3028-5-0x000001DE06150000-0x000001DE063C0000-memory.dmp

memory/3028-15-0x000001DE04910000-0x000001DE04911000-memory.dmp

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

MD5 5a40a7278c74dba2540bfa474fdd114d
SHA1 b90f32064eac253e7402e676eaf114ff3a4bf826
SHA256 43beeb1eb3f9e5d51267ed1bd3fe441c13037757eeab4fad0d5d6c3654140fde
SHA512 5c5a1720626782952f93a59aa4fba6dca94488a6453700d1f2dc7fc8f7929a700c5b885bcb23b410914345f465bdd825554f88b4801139b177a8677f22dca734

memory/3028-17-0x000001DE06150000-0x000001DE063C0000-memory.dmp

memory/3212-20-0x000002D61BE10000-0x000002D61C080000-memory.dmp

memory/3212-30-0x000002D61A480000-0x000002D61A481000-memory.dmp

memory/3212-31-0x000002D61BE10000-0x000002D61C080000-memory.dmp

memory/2804-44-0x00000000029E0000-0x00000000029E1000-memory.dmp

memory/2804-48-0x00000000029E0000-0x00000000029E1000-memory.dmp

\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4631121504700.dll

MD5 dcd68a87b7e6edbcfde48150403b22eb
SHA1 28e4839a29725075772fccc39b44e194eb91e477
SHA256 ae3352b6ad6cffaae55f4387f9f5e79365ea17f8d5fb45ef11d21c3300a49a4c
SHA512 ac2a6bc0afcd08c56090536a937772edd54f35505c9a5837d9bc8e91c31edb6137cf5191986b3473e9e2f512950b4dbfe4088598bfd1faf47088124c70aeba71

memory/2804-81-0x00000000029E0000-0x00000000029E1000-memory.dmp

memory/2804-120-0x00000000029E0000-0x00000000029E1000-memory.dmp

memory/2804-126-0x00000000029E0000-0x00000000029E1000-memory.dmp

memory/2804-159-0x00000000029E0000-0x00000000029E1000-memory.dmp

C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar

MD5 9b59fa715db2f9f8f6ed9e14f3768ed3
SHA1 9d46c5898c653fb1785e399b74f26633107d0bde
SHA256 fab6dede2f59dc4b7b6be032fbce1209a93aca02b7d6c126e3f1584148230146
SHA512 e9e84b056e0f1d8be544194a275ca61b5e6820dbbd701dec5aa75b804705ab33cb826314c0f6edd527cffa84de80062c559f9fb49c53b5bbfda9481bd138be5f

memory/2804-209-0x00000000029E0000-0x00000000029E1000-memory.dmp

memory/2804-211-0x00000000029E0000-0x00000000029E1000-memory.dmp

memory/2804-217-0x00000000029E0000-0x00000000029E1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\+JXF8273423094982734323.tmp

MD5 fdb50e0d48cdcf775fa1ac0dc3c33bd4
SHA1 5c95e5d66572aeca303512ba41a8dde0cea92c80
SHA256 64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123
SHA512 20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53

memory/2804-285-0x00000000029E0000-0x00000000029E1000-memory.dmp

memory/2804-286-0x00000000029E0000-0x00000000029E1000-memory.dmp

memory/2804-299-0x00000000029E0000-0x00000000029E1000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\e4j5F46.tmp_dir1717866990\SKlauncher-3.2.jar

MD5 4d653e61ba01a521c56b9a70a9c9814e
SHA1 de855dc3dbc914b497b58da92e0c21fff660796d
SHA256 f7d3e01dcfc001cc80a988c518d4358955842d140054214d1367972c5c543350
SHA512 e6a7db6e2893b5b01dd0c84a230d88abf50da63ceb1af5754a2c4c1fbd307a799a74f3f368430d3beb33590cda2e0a3cf509fef11c4477b76e8d3c4a582b5def

C:\Users\Admin\AppData\Local\Temp\+JXF363496828975697099.tmp

MD5 8f2869a84ad71f156a17bb66611ebe22
SHA1 0325b9b3992fa2fdc9c715730a33135696c68a39
SHA256 0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1
SHA512 3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834

C:\Users\Admin\AppData\Local\Temp\+JXF672270662575264628.tmp

MD5 ff5fdc6f42c720a3ebd7b60f6d605888
SHA1 460c18ddf24846e3d8792d440fd9a750503aef1b
SHA256 1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1
SHA512 d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3

Analysis: behavioral10

Detonation Overview

Submitted

2024-06-08 17:15

Reported

2024-06-08 17:16

Platform

android-x86-arm-20240603-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral15

Detonation Overview

Submitted

2024-06-08 17:15

Reported

2024-06-08 17:16

Platform

debian12-mipsel-20240221-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral18

Detonation Overview

Submitted

2024-06-08 17:15

Reported

2024-06-08 17:16

Platform

debian9-mipsel-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral21

Detonation Overview

Submitted

2024-06-08 17:15

Reported

2024-06-08 17:16

Platform

ubuntu2204-amd64-20240522.1-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral22

Detonation Overview

Submitted

2024-06-08 17:15

Reported

2024-06-08 17:16

Platform

ubuntu2404-amd64-20240523-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral7

Detonation Overview

Submitted

2024-06-08 17:15

Reported

2024-06-08 17:16

Platform

android-x64-20240603-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp

Files

N/A

Analysis: behavioral9

Detonation Overview

Submitted

2024-06-08 17:15

Reported

2024-06-08 17:16

Platform

android-33-x64-arm64-20240603-en

Max time network

8s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
GB 216.58.204.74:443 udp
GB 216.58.204.74:443 tcp
GB 216.58.212.196:443 udp
N/A 224.0.0.251:5353 udp
GB 216.58.212.196:443 udp

Files

N/A

Analysis: behavioral13

Detonation Overview

Submitted

2024-06-08 17:15

Reported

2024-06-08 17:16

Platform

ubuntu2404-amd64-20240523-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral14

Detonation Overview

Submitted

2024-06-08 17:15

Reported

2024-06-08 17:16

Platform

debian12-armhf-20240418-en

Max time network

1s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Files

N/A

Analysis: behavioral17

Detonation Overview

Submitted

2024-06-08 17:15

Reported

2024-06-08 17:16

Platform

debian9-mipsbe-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral19

Detonation Overview

Submitted

2024-06-08 17:15

Reported

2024-06-08 17:16

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Command Line

[/tmp/SKlauncher-3.2.exe]

Signatures

N/A

Processes

/tmp/SKlauncher-3.2.exe

[/tmp/SKlauncher-3.2.exe]

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-08 17:15

Reported

2024-06-08 17:21

Platform

win7-20240419-en

Max time kernel

118s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"

Signatures

N/A

Processes

C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe

"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.exe"

Network

N/A

Files

N/A

Analysis: behavioral8

Detonation Overview

Submitted

2024-06-08 17:15

Reported

2024-06-08 17:16

Platform

android-x64-arm64-20240603-en

Max time network

7s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 142.250.187.238:443 tcp
GB 142.250.187.238:443 tcp

Files

N/A