e4baeaa3c58628acfd7058b9d434ab2e6a7400445f55685169a79f045810298c

Analysis

max time kernel
290s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2024, 09:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SKlauncher-3.2.10.exe
Size

1.6MB
MD5

ebb40145a6bfbed88859e41689315d82
SHA1

7bb2c82ef24ef919d04592930bceae039f78aebf
SHA256

e4baeaa3c58628acfd7058b9d434ab2e6a7400445f55685169a79f045810298c
SHA512

67c6601bed14363e6850d93cf2b90c1e4f69c7cd5098d548aa0f378fb42dc6e32fe52cb81aeb232a365a3edb24fdc6ef46f6400cf1709e1d5ee22fa4ac4e07ae
SSDEEP

49152:HIBc3nmd69QkYtO9Kgl/+e6k4F57YyAzlzHsrviO5:oBhHtRSWet2YyidsR5

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
4080	SKlauncher-3.2.10.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4080	SKlauncher-3.2.10.exe
4080	SKlauncher-3.2.10.exe
4080	SKlauncher-3.2.10.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4080 wrote to memory of 3116	4080	SKlauncher-3.2.10.exe	82
PID 4080 wrote to memory of 3116	4080	SKlauncher-3.2.10.exe	82
PID 4080 wrote to memory of 4264	4080	SKlauncher-3.2.10.exe	84
PID 4080 wrote to memory of 4264	4080	SKlauncher-3.2.10.exe	84
PID 4080 wrote to memory of 4472	4080	SKlauncher-3.2.10.exe	90
PID 4080 wrote to memory of 4472	4080	SKlauncher-3.2.10.exe	90

C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.10.exe
"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.10.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4080
- \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
  "c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version
  2⤵
  PID:3116
- \??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
  "c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version
  2⤵
  PID:4264
- C:\Windows\SYSTEM32\reg.exe
  reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme
  2⤵
  PID:4472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
4ad5c7e09a23cb0178513cc0850cdc7c

SHA1
5246b162d5d5e674e2cca0e6d513355db49f372a

SHA256
a206a281530a9ea802610609ab5b57e2f43d0d3164c2175e4919d3bedff94bc1

SHA512
abe1403b2c1891aab91cb00ef0196f0c58e10c69d5e1fc20a003c0f0ea8258e46580b6eee9722f31a36179dcb6338eeab45239164b9dc8d18df7fc12e0e6087b

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF1776311559300453366.tmp

Filesize
405KB

MD5
8f2869a84ad71f156a17bb66611ebe22

SHA1
0325b9b3992fa2fdc9c715730a33135696c68a39

SHA256
0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1

SHA512
3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF2498632636689238169.tmp

Filesize
398KB

MD5
ff5fdc6f42c720a3ebd7b60f6d605888

SHA1
460c18ddf24846e3d8792d440fd9a750503aef1b

SHA256
1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1

SHA512
d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF5099328511505900016.tmp

Filesize
397KB

MD5
fdb50e0d48cdcf775fa1ac0dc3c33bd4

SHA1
5c95e5d66572aeca303512ba41a8dde0cea92c80

SHA256
64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123

SHA512
20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j7484.tmp_dir1732182407\SKlauncher-3.2.10.jar

Filesize
1.1MB

MD5
1495e81aa573744050268cb330af8281

SHA1
b67d9bda787a526c79128179e5000924bca11dd4

SHA256
3ce7e5aff85320e1d393eb34e918a6b71a667bccf08252fbdd512443e5d62f9a

SHA512
e321e4b9243815b4d0b3ab34c380c2b8da0e8e264b791018a4385967946e8cf320fb5bcb695b7aa75e5a9420ae6ced6ea3c05ecfaedb7a1a6e02a1438a2c9d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4687889019700.dll

Filesize
23KB

MD5
8b9f16320499ece60d7ff0c1249c6df7

SHA1
cd8fc57c064533df66f0ceaaf5d76f8c4f8cb3a0

SHA256
f8a3af19341ac0f12f55ad28169d22b75aa66ed818692541307393c22f986727

SHA512
97384ee1faa1be807388f4077fde5db94010f06420b1ff3a05edf77fb91c9a8163b0a91cb1b7e648c0cd8c4d599e552050f64b8f7c5c81c1be60cd35f062e9d3

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\launcher_profiles.json.bak

Filesize
559B

MD5
a9603b834b8cd92c592c2e30857c452f

SHA1
e148f55e9d4bda3d0c057a03f8a770e0b2fa4a7d

SHA256
29c28c738ff4f18edadbfbb85ffb166a886d4005da1158e61eca8da4eb0e01bd

SHA512
eaf890e7c60012613037a6007d3f3f318da0e915bfac27df89e2ddf4d8c4b5cce5b49734d3d39a0d0ad722711f8584cb7c503b00881d40e5f9ec55e140a2d0c3

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.httpserver\LICENSE

Filesize
32B

MD5
663f71c746cc2002aa53b066b06c88ab

SHA1
12976a6c2b227cbac58969c1455444596c894656

SHA256
d60635c89c9f352ae1e66ef414344f290f5b5f7ce5c23d9633d41fde0909df80

SHA512
507b7d09d3bcd9a24f0b4eeda67167595ac6ad37cd19fb31cd8f5ce8466826840c582cb5dc012a4bd51b55e01bb551e207e9da9e0d51948e89f962ba09606aab

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.internal.le\ADDITIONAL_LICENSE_INFO

Filesize
48B

MD5
512f151af02b6bd258428b784b457531

SHA1
84d2102ad171863db04e7ee22a259d1f6c5de4a5

SHA256
d255311b0a181e243de326d111502a8b1dc7277b534a295a8340ab5230e74c83

SHA512
1a305bc333c7c2055a334dc67734db587fd6fda457b46c8df8f17ded0a8982e3830970bee75cc17274aa0a4082f32792b5dbff88410fa43cc61b55c1dce4c129

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\runtime\java-runtime-delta\legal\jdk.internal.vm.ci\ASSEMBLY_EXCEPTION

Filesize
43B

MD5
bd468da51b15a9f09778545b00265f34

SHA1
c80e4bab46e34d02826eab226a4441d0970f2aba

SHA256
7901499314e881a978d80a31970f0daec92d4995f3305e31fb53c38d9cc6ec3b

SHA512
2c1d43c3e17bb2fca24a77bea3d2b3954a47da92e0cdd0738509bffcdbe2935c11764cd5af50439061638bba8b8d59da29e97ea7404ea605f7575fc13395ca93

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar

Filesize
14.3MB

MD5
1f5e761bcd1d9ea6e5ddf191a0666add

SHA1
62464cf46ca6104b261d8e08c9c3fa565b7d324a

SHA256
6598b69de6da68c58343c6bff478379eb8bbdfae7c8c26e3994a209816a81b5f

SHA512
57256e99812caf4d4b787896db3d5355474ec90f38ae24f3bef7863866481a6507bbc89144f34f97cc9e22a2bf5dff472210f3edd86f024e170dc7cedc91b4a2

Download Submit
memory/3116-16-0x000002A225240000-0x000002A2254B0000-memory.dmp

Filesize
2.4MB

Download
memory/3116-15-0x000002A225220000-0x000002A225221000-memory.dmp

Filesize
4KB

Download
memory/3116-5-0x000002A225240000-0x000002A2254B0000-memory.dmp

Filesize
2.4MB

Download
memory/4080-231-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/4080-263-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/4080-175-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/4080-174-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/4080-207-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/4080-206-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/4080-209-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/4080-225-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/4080-126-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/4080-238-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/4080-241-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/4080-245-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/4080-247-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/4080-253-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/4080-254-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/4080-161-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/4080-266-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/4080-267-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/4080-271-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/4080-268-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/4080-269-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/4080-121-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/4080-107-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/4080-529-0x00000000023F0000-0x0000000002660000-memory.dmp

Filesize
2.4MB

Download
memory/4080-82-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/4080-48-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/4080-35-0x00000000023F0000-0x0000000002660000-memory.dmp

Filesize
2.4MB

Download
memory/4264-30-0x000001A29EBB0000-0x000001A29EE20000-memory.dmp

Filesize
2.4MB

Download
memory/4264-29-0x000001A29EB90000-0x000001A29EB91000-memory.dmp

Filesize
4KB

Download
memory/4264-19-0x000001A29EBB0000-0x000001A29EE20000-memory.dmp

Filesize
2.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads