e4baeaa3c58628acfd7058b9d434ab2e6a7400445f55685169a79f045810298c

General

Target

SKlauncher-3.2.10.exe
Size

1.6MB
MD5

ebb40145a6bfbed88859e41689315d82
SHA1

7bb2c82ef24ef919d04592930bceae039f78aebf
SHA256

e4baeaa3c58628acfd7058b9d434ab2e6a7400445f55685169a79f045810298c
SHA512

67c6601bed14363e6850d93cf2b90c1e4f69c7cd5098d548aa0f378fb42dc6e32fe52cb81aeb232a365a3edb24fdc6ef46f6400cf1709e1d5ee22fa4ac4e07ae
SSDEEP

49152:HIBc3nmd69QkYtO9Kgl/+e6k4F57YyAzlzHsrviO5:oBhHtRSWet2YyidsR5

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
544	SKlauncher-3.2.10.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
544	SKlauncher-3.2.10.exe
544	SKlauncher-3.2.10.exe
544	SKlauncher-3.2.10.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 544 wrote to memory of 3172	544	SKlauncher-3.2.10.exe	85
PID 544 wrote to memory of 3172	544	SKlauncher-3.2.10.exe	85
PID 544 wrote to memory of 4316	544	SKlauncher-3.2.10.exe	87
PID 544 wrote to memory of 4316	544	SKlauncher-3.2.10.exe	87
PID 544 wrote to memory of 2764	544	SKlauncher-3.2.10.exe	96
PID 544 wrote to memory of 2764	544	SKlauncher-3.2.10.exe	96

C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.10.exe
"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.10.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:544
- \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
  "c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version
  2⤵
  PID:3172
- \??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
  "c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version
  2⤵
  PID:4316
- C:\Windows\SYSTEM32\reg.exe
  reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme
  2⤵
  PID:2764

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
9a4b941a4500c4545ebd4308fb6e09ab

SHA1
7928667fdff9f9b0bdd2fe82d270864434eeeabb

SHA256
8efe03ce93caf0fd8b275cd6f29ccd37601e52537e60d14c6dc160dd46ca7af0

SHA512
51c48321cb3e3739624b7be469a0a4c8c92531fee496652994e22a3602cf6f875377544188d0bb612160570735a3a6660e6a2619f08ecdc7794d95f94ea1e7b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF5453918971604886830.tmp

Filesize
405KB

MD5
8f2869a84ad71f156a17bb66611ebe22

SHA1
0325b9b3992fa2fdc9c715730a33135696c68a39

SHA256
0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1

SHA512
3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF5758734743062952758.tmp

Filesize
397KB

MD5
fdb50e0d48cdcf775fa1ac0dc3c33bd4

SHA1
5c95e5d66572aeca303512ba41a8dde0cea92c80

SHA256
64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123

SHA512
20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF90850211503555054.tmp

Filesize
398KB

MD5
ff5fdc6f42c720a3ebd7b60f6d605888

SHA1
460c18ddf24846e3d8792d440fd9a750503aef1b

SHA256
1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1

SHA512
d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j954B.tmp_dir1724000607\SKlauncher-3.2.10.jar

Filesize
1.1MB

MD5
1495e81aa573744050268cb330af8281

SHA1
b67d9bda787a526c79128179e5000924bca11dd4

SHA256
3ce7e5aff85320e1d393eb34e918a6b71a667bccf08252fbdd512443e5d62f9a

SHA512
e321e4b9243815b4d0b3ab34c380c2b8da0e8e264b791018a4385967946e8cf320fb5bcb695b7aa75e5a9420ae6ced6ea3c05ecfaedb7a1a6e02a1438a2c9d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4777041047400.dll

Filesize
23KB

MD5
8b9f16320499ece60d7ff0c1249c6df7

SHA1
cd8fc57c064533df66f0ceaaf5d76f8c4f8cb3a0

SHA256
f8a3af19341ac0f12f55ad28169d22b75aa66ed818692541307393c22f986727

SHA512
97384ee1faa1be807388f4077fde5db94010f06420b1ff3a05edf77fb91c9a8163b0a91cb1b7e648c0cd8c4d599e552050f64b8f7c5c81c1be60cd35f062e9d3

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar

Filesize
14.2MB

MD5
877d1de4055700d423e6520c68e911f1

SHA1
04cb1e91ad4ec05ab3e8e7b0220ee09c7cab6ee6

SHA256
45d333ebb6fd6f3d46b4be2f21d70ab49a703f8f871c1d7d7ece455d083e19a5

SHA512
516ec20ff5ccdad38252ea10d56a29feb1f0d903bbbc54002a9ad8bdcd464b9ab4f5eeaf7ebd925def3e1a0f09536eda404a8854553b84ebbea7dfd29d3d57fe

Download Submit
memory/544-48-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/544-249-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/544-33-0x00000000027B0000-0x0000000002A20000-memory.dmp

Filesize
2.4MB

Download
memory/544-82-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/544-122-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/544-127-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/544-134-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/544-166-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/544-165-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/544-485-0x00000000027B0000-0x0000000002A20000-memory.dmp

Filesize
2.4MB

Download
memory/544-180-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/544-182-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/544-228-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/544-267-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/544-253-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/544-256-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/544-259-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/544-261-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/544-264-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/544-265-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/544-268-0x0000000002530000-0x0000000002531000-memory.dmp

Filesize
4KB

Download
memory/3172-5-0x000001C6697B0000-0x000001C669A20000-memory.dmp

Filesize
2.4MB

Download
memory/3172-16-0x000001C6697B0000-0x000001C669A20000-memory.dmp

Filesize
2.4MB

Download
memory/3172-15-0x000001C667ED0000-0x000001C667ED1000-memory.dmp

Filesize
4KB

Download
memory/4316-29-0x00000225C6980000-0x00000225C6981000-memory.dmp

Filesize
4KB

Download
memory/4316-19-0x00000225C69A0000-0x00000225C6C10000-memory.dmp

Filesize
2.4MB

Download
memory/4316-30-0x00000225C69A0000-0x00000225C6C10000-memory.dmp

Filesize
2.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads