File name:

SKlauncher-3.2.8.jar

Full analysis: https://app.any.run/tasks/3747112e-6c15-4e26-9fa5-c22ccc61dbc7
Verdict: Malicious activity
Analysis date: June 03, 2024, 21:02:32
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract, compression method=deflate
MD5:

3F6AE53541622BFD30D2D6A850A1C7FC

SHA1:

FDF2493EBB654889B16E87DE32BA353905B3F8A3

SHA256:

4BC59DACFA6A02B5E825CCB4D545E6749393B30783459637C5075A6C2B60BC68

SSDEEP:

49152:WLEmVnVgdzyad3ySXmnET2MgvHG7+y+Z3iqN5FfdUz3Ser27hDjFj9qiFxdYRTdW:PmVYeCyMmEivmWwqN3fdUmeoj9qiJWhW

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • javaw.exe (PID: 1652)

  • SUSPICIOUS

    • Checks for Java to be installed

      • java.exe (PID: 3972)

    • Executable content was dropped or overwritten

      • javaw.exe (PID: 1652)

  • INFO

    • Checks supported languages

      • java.exe (PID: 3972)
      • javaw.exe (PID: 1652)
      • wmpnscfg.exe (PID: 2336)

    • Manual execution by a user

      • javaw.exe (PID: 1652)
      • explorer.exe (PID: 2108)
      • wmpnscfg.exe (PID: 2336)
      • explorer.exe (PID: 2808)

    • Creates files in the program directory

      • java.exe (PID: 3972)

    • Create files in a temporary directory

      • java.exe (PID: 3972)
      • javaw.exe (PID: 1652)

    • Reads the computer name

      • javaw.exe (PID: 1652)
      • wmpnscfg.exe (PID: 2336)

    • Reads the machine GUID from the registry

      • javaw.exe (PID: 1652)

    • Creates files or folders in the user directory

      • javaw.exe (PID: 1652)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.jar | Java Archive (78.3)
.zip | ZIP compressed archive (21.6)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: 0x0800
ZipCompression: Deflated
ZipModifyDate: 2024:04:07 23:15:22
ZipCRC: 0x00000000
ZipCompressedSize: 2
ZipUncompressedSize: -
ZipFileName: META-INF/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
49
Monitored processes
7
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start java.exe no specs icacls.exe no specs explorer.exe no specs javaw.exe reg.exe no specs wmpnscfg.exe no specs explorer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1652"C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe" -jar "C:\Users\admin\Desktop\SKlauncher-3.2.8.jar" C:\Program Files\Java\jre1.8.0_271\bin\javaw.exe
explorer.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Version:
8.0.2710.9
Modules
Images
c:\program files\java\jre1.8.0_271\bin\javaw.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2108"C:\Windows\explorer.exe" C:\Windows\explorer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2284reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightThemeC:\Windows\System32\reg.exejavaw.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Console Tool
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2336"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2808"C:\Windows\explorer.exe" C:\Windows\explorer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3972"C:\Program Files\Common Files\Oracle\Java\javapath\java.exe" -cp C:\Users\admin\Desktop\SKlauncher-3.2.8.jarC:\Program Files\Common Files\Oracle\Java\javapath_target_52116515\java.exeexplorer.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
1
Version:
8.0.2710.9
Modules
Images
c:\program files\common files\oracle\java\javapath_target_52116515\java.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
4068C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)MC:\Windows\System32\icacls.exejava.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\icacls.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\ntmarta.dll
c:\windows\system32\wldap32.dll
Total events
2 128
Read events
2 126
Write events
2
Delete events
0

Modification events

(PID) Process:(1652) javaw.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
javaw.exe
Executable files
46
Suspicious files
1 621
Text files
22
Unknown types
99

Dropped files

PID
Process
Filename
Type
1652javaw.exeC:\Users\admin\AppData\Roaming\.minecraft\sklauncher\sklauncher-fx.jar.xz
MD5:
SHA256:
1652javaw.exeC:\Users\admin\AppData\Local\Temp\imageio518879011541996765.tmpimage
MD5:4BC22D05B225A34A3DDB4F17D2469B77
SHA256:FACE76C9C4FAD9476A1D80483D41772C805808A1383012B1C22065E30D32EDE6
1652javaw.exeC:\Users\admin\AppData\Local\Temp\+JXF728986728425469401.tmppi2
MD5:FDB50E0D48CDCF775FA1AC0DC3C33BD4
SHA256:64F8BE6E55C37E32EF03DA99714BF3AA58B8F2099BFE4F759A7578E3B8291123
1652javaw.exeC:\Users\admin\AppData\Local\Temp\+JXF4985943266517984340.tmppi2
MD5:4154321279162CEAC54088ECA13D3E59
SHA256:6BDEBEB76083E187C7AE59420BFC24E851EDB572E1A8D97C1C37B7B2DC26148C
1652javaw.exeC:\Users\admin\AppData\Local\Temp\+JXF1659418963458438592.tmppi2
MD5:C5C41F7587F272A4C43A265D0286F7BB
SHA256:D549110689CDDE0821CA2C7148F7B47A097166B4169786A4A9EDE675F5CE87F3
1652javaw.exeC:\Users\admin\AppData\Local\Temp\+JXF3025733028159518775.tmpbinary
MD5:C4C47E3D7ED51A6BB67B7B8088A4B0E3
SHA256:5E606F805A71432D4875DE7DAB737BF9DEA1187090F0A5190DA9B1BBAB09F57C
1652javaw.exeC:\Users\admin\AppData\Local\Temp\+JXF2281872197650449419.tmpbinary
MD5:8F2869A84AD71F156A17BB66611EBE22
SHA256:0CB1BC1335372D9E3A0CF6F5311C7CCE87AF90D2A777FDEEC18BE605A2A70BC1
1652javaw.exeC:\Users\admin\AppData\Local\Temp\+JXF2627710311497524359.tmppi2
MD5:FDB50E0D48CDCF775FA1AC0DC3C33BD4
SHA256:64F8BE6E55C37E32EF03DA99714BF3AA58B8F2099BFE4F759A7578E3B8291123
1652javaw.exeC:\Users\admin\AppData\Local\Temp\+JXF8612958439133600321.tmpbinary
MD5:4B1FFAD3C0075AF22674765FF1EE2F56
SHA256:FE3714926082AC5764327E3B67AE52CB6F0CF6B8C4221C064A6CACF821079414
1652javaw.exeC:\Users\admin\AppData\Local\Temp\imageio6613989175752475885.tmpimage
MD5:8EE50698797304540FC85117D67FE39A
SHA256:90F1E2BCC7B6C2E9B5ACBF3211ECB0B58F9E36B4F3DB56ACFC07F2A3577B644A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
63
DNS requests
19
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
1652
javaw.exe
188.114.96.3:443
files.skmedix.pl
CLOUDFLARENET
NL
unknown
1652
javaw.exe
188.114.97.3:443
files.skmedix.pl
CLOUDFLARENET
NL
unknown
1652
javaw.exe
13.107.246.44:443
piston-meta.mojang.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
1652
javaw.exe
172.217.16.200:443
www.googletagmanager.com
GOOGLE
US
whitelisted
1652
javaw.exe
104.21.234.235:443
rsms.me
CLOUDFLARENET
unknown
1652
javaw.exe
104.16.80.73:443
static.cloudflareinsights.com
CLOUDFLARENET
unknown

DNS requests

Domain
IP
Reputation
files.skmedix.pl
  • 188.114.96.3
  • 188.114.97.3
unknown
piston-meta.mojang.com
  • 13.107.246.44
unknown
meta.skmedix.pl
  • 188.114.97.3
  • 188.114.96.3
unknown
beta.skmedix.pl
  • 188.114.97.3
  • 188.114.96.3
unknown
rsms.me
  • 104.21.234.235
  • 104.21.234.234
whitelisted
www.googletagmanager.com
  • 172.217.16.200
whitelisted
static.cloudflareinsights.com
  • 104.16.80.73
  • 104.16.79.73
whitelisted
launchercontent.mojang.com
  • 13.107.246.44
whitelisted
region1.analytics.google.com
  • 216.239.32.36
  • 216.239.34.36
whitelisted
stats.g.doubleclick.net
  • 64.233.166.154
  • 64.233.166.157
  • 64.233.166.156
  • 64.233.166.155
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SKlauncher-3.2.8.jar