File name:

SKlauncher-3.2.5.jar

Full analysis: https://app.any.run/tasks/94ba584c-23aa-4f4f-a69f-b9701ec1a376
Verdict: Malicious activity
Analysis date: February 01, 2024, 15:05:39
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract
MD5:

7454D24AE19035309AB3EEA108FBB777

SHA1:

CE3DBBC97A10CB7D08D4D8AF4A245F148EFD5B11

SHA256:

1293A729057DEDB90D5271621AFBCD14B38BE19B2A31570A330E2EBCB3EB1BB3

SSDEEP:

49152:hlXnFEjAibAqXmneqj+jM3iyvr0H7XcvL5zz6m8rnFCMHxjWSidSNrwHfz26JOd/:hxFxibAEmLj2BorI7XqL5zzlkLidSOrK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • javaw.exe (PID: 1380)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • javaw.exe (PID: 1380)

    • Executable content was dropped or overwritten

      • javaw.exe (PID: 1380)

    • The process creates files with name similar to system file names

      • javaw.exe (PID: 1380)

    • The process drops C-runtime libraries

      • javaw.exe (PID: 1380)

  • INFO

    • Creates files in the program directory

      • javaw.exe (PID: 1380)

    • Checks supported languages

      • javaw.exe (PID: 1380)

    • Reads the computer name

      • javaw.exe (PID: 1380)

    • Reads the machine GUID from the registry

      • javaw.exe (PID: 1380)

    • Create files in a temporary directory

      • javaw.exe (PID: 1380)

    • Creates files or folders in the user directory

      • javaw.exe (PID: 1380)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.jar | Java Archive (78.3)
.zip | ZIP compressed archive (21.6)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: 0x0800
ZipCompression: Deflated
ZipModifyDate: 2023:12:20 05:57:34
ZipCRC: 0x00000000
ZipCompressedSize: 2
ZipUncompressedSize: -
ZipFileName: META-INF/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start javaw.exe icacls.exe no specs reg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1380"C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe" -jar "C:\Users\admin\AppData\Local\Temp\SKlauncher-3.2.5.jar"C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe
explorer.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.2710.9
Modules
Images
c:\program files\java\jre1.8.0_271\bin\javaw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3052reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightThemeC:\Windows\System32\reg.exejavaw.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3468C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)MC:\Windows\System32\icacls.exejavaw.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\icacls.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
Total events
655
Read events
653
Write events
2
Delete events
0

Modification events

(PID) Process:(1380) javaw.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
Explorer.EXE
(PID) Process:(1380) javaw.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
javaw.exe
Executable files
165
Suspicious files
1 405
Text files
279
Unknown types
0

Dropped files

PID
Process
Filename
Type
1380javaw.exeC:\Users\admin\AppData\Roaming\.minecraft\sklauncher\sklauncher-fx.jar.xz
MD5:
SHA256:
1380javaw.exeC:\Users\admin\AppData\Local\Temp\+JXF6322310814889654169.tmpbinary
MD5:6BD386A46712982DA250B5C18ACA6FE6
SHA256:880B9E6E8936D828FF72139E5D885E35CC1C2AABE05E1D2DF233B5EF33414DA6
1380javaw.exeC:\Users\admin\AppData\Local\Temp\+JXF6339662341249576452.tmpbinary
MD5:52355593E805F6C172BFDC156A39A031
SHA256:529BE850E06F62F8904F22BDA77E45BDE4834498FDBEC4FF4201FA3177447A3A
1380javaw.exeC:\Users\admin\AppData\Local\Temp\+JXF7966238292452037075.tmpbinary
MD5:52355593E805F6C172BFDC156A39A031
SHA256:529BE850E06F62F8904F22BDA77E45BDE4834498FDBEC4FF4201FA3177447A3A
1380javaw.exeC:\Users\admin\AppData\Local\Temp\+JXF4516168249872124684.tmpbinary
MD5:250894A9A597C4362471DCB111934943
SHA256:E6C172FD8A2F957414A7A63EC8DEB7F2AA239182394CFA5EE2EA6927C6194389
1380javaw.exeC:\Users\admin\AppData\Local\Temp\imageio8487193712412136840.tmpimage
MD5:4BC22D05B225A34A3DDB4F17D2469B77
SHA256:FACE76C9C4FAD9476A1D80483D41772C805808A1383012B1C22065E30D32EDE6
1380javaw.exeC:\Users\admin\AppData\Local\Temp\+JXF6035783106675431335.tmpbinary
MD5:C10484D6B9BE5C545CF20FFDBE27ECB2
SHA256:D253C410F4D0FD7F16D7B2ECAEA19B60FB877CB94F5B2752FDA272A3A86FA908
1380javaw.exeC:\Users\admin\AppData\Roaming\.minecraft\sklauncher-fx.jarcompressed
MD5:EF474E7655D22EB820457B25021B03B2
SHA256:21D001831E80C6F89F93E2A892ABCCCA7EB0CC47608A3AD96D677061940AB2F9
1380javaw.exeC:\Users\admin\AppData\Local\Temp\+JXF7122483829205375262.tmpbinary
MD5:6531CC951551AB62277D8928F4294264
SHA256:1CBE9C8CD83A2B04A0B8BD7B0FF1372A56E0935FEEA33AA132D91C2899291542
1380javaw.exeC:\Users\admin\AppData\Local\Temp\imageio8366434477965390366.tmpimage
MD5:4BC22D05B225A34A3DDB4F17D2469B77
SHA256:FACE76C9C4FAD9476A1D80483D41772C805808A1383012B1C22065E30D32EDE6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
84
DNS requests
23
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
1380
javaw.exe
188.114.97.3:443
files.skmedix.pl
CLOUDFLARENET
NL
unknown
1380
javaw.exe
13.107.246.45:443
launchermeta.mojang.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1380
javaw.exe
13.107.246.62:443
piston-meta.mojang.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1380
javaw.exe
13.107.213.62:443
piston-meta.mojang.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1380
javaw.exe
188.114.96.3:443
files.skmedix.pl
CLOUDFLARENET
NL
unknown
1380
javaw.exe
185.199.111.153:443
meta.skmedix.pl
FASTLY
US
shared
1380
javaw.exe
142.250.186.168:443
www.googletagmanager.com
GOOGLE
US
unknown

DNS requests

Domain
IP
Reputation
files.skmedix.pl
  • 188.114.97.3
  • 188.114.96.3
unknown
launchermeta.mojang.com
  • 13.107.246.45
  • 13.107.213.45
whitelisted
piston-meta.mojang.com
  • 13.107.246.62
  • 13.107.213.62
  • 13.107.246.45
  • 13.107.213.45
unknown
resources.download.minecraft.net
  • 13.107.246.45
  • 13.107.213.45
  • 13.107.246.67
  • 13.107.213.67
shared
libraries.minecraft.net
  • 13.107.213.62
  • 13.107.246.62
  • 13.107.213.45
  • 13.107.246.45
shared
sessionserver.skmedix.pl
  • 188.114.97.3
  • 188.114.96.3
unknown
textures.skmedix.pl
  • 188.114.96.3
  • 188.114.97.3
unknown
beta.skmedix.pl
  • 188.114.96.3
  • 188.114.97.3
unknown
meta.skmedix.pl
  • 185.199.111.153
  • 185.199.110.153
  • 185.199.109.153
  • 185.199.108.153
unknown
rsms.me
  • 104.21.234.235
  • 104.21.234.234
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SKlauncher-3.2.5.jar