File name:

Launcher1.0.0.exe

Full analysis: https://app.any.run/tasks/11728ce2-25fd-40f1-af3f-38a5d89faf0e
Verdict: Malicious activity
Analysis date: November 13, 2024, 22:32:05
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

50D9FE99F65BB8AF4CA058D23EA8DE0C

SHA1:

041D1B6307B0323CFAAC612E7DD912A67ABE9FAD

SHA256:

0AFAB4B26C198530FCABA9DFA5EE813EA3AFC3427CB7CEF62E3FB624538BF894

SSDEEP:

1572864:48wWDIs1SlaEOotIcH4kUlPiwDtuE/c+g:48wWDd1saEP+cHpWP3DtuE01

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Launcher1.0.0.exe (PID: 7096)

    • The process creates files with name similar to system file names

      • Launcher1.0.0.exe (PID: 7096)

    • Drops 7-zip archiver for unpacking

      • Launcher1.0.0.exe (PID: 7096)

    • Reads security settings of Internet Explorer

      • Launcher1.0.0.exe (PID: 7096)

    • Process drops legitimate windows executable

      • Launcher1.0.0.exe (PID: 7096)

    • Executable content was dropped or overwritten

      • Launcher1.0.0.exe (PID: 7096)
      • Launcher.exe (PID: 5948)

    • Starts CMD.EXE for commands execution

      • Launcher.exe (PID: 5948)

    • Accesses product unique identifier via WMI (SCRIPT)

      • WMIC.exe (PID: 7136)

    • Uses WMIC.EXE to obtain Windows Installer data

      • cmd.exe (PID: 4476)

    • Application launched itself

      • Launcher.exe (PID: 5948)

    • Uses WMIC.EXE to obtain memory chip information

      • cmd.exe (PID: 5828)

    • Uses WMIC.EXE to obtain BIOS management information

      • cmd.exe (PID: 3944)

  • INFO

    • Checks supported languages

      • Launcher1.0.0.exe (PID: 7096)
      • Launcher.exe (PID: 5948)
      • Launcher.exe (PID: 6704)
      • Launcher.exe (PID: 1176)

    • Reads the computer name

      • Launcher1.0.0.exe (PID: 7096)
      • Launcher.exe (PID: 5948)
      • Launcher.exe (PID: 1176)
      • Launcher.exe (PID: 6704)

    • Reads product name

      • Launcher.exe (PID: 5948)

    • Reads Environment values

      • Launcher.exe (PID: 5948)

    • Process checks computer location settings

      • Launcher.exe (PID: 5948)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 7136)
      • WMIC.exe (PID: 7128)
      • WMIC.exe (PID: 2380)

    • Create files in a temporary directory

      • Launcher.exe (PID: 5948)
      • Launcher1.0.0.exe (PID: 7096)

    • Reads the machine GUID from the registry

      • Launcher.exe (PID: 5948)

    • Checks proxy server information

      • Launcher.exe (PID: 5948)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:12:15 22:26:14+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 473088
UninitializedDataSize: 16384
EntryPoint: 0x338f
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Unreal Game Inc.
FileDescription: MIT
FileVersion: 1.0.0
LegalCopyright: Copyright © 2024 Unreal Game Inc.
ProductName: Launcher
ProductVersion: 1.0.0
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
125
Monitored processes
14
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start launcher1.0.0.exe launcher.exe cmd.exe no specs conhost.exe no specs wmic.exe no specs cmd.exe no specs conhost.exe no specs wmic.exe no specs launcher.exe no specs launcher.exe no specs cmd.exe no specs conhost.exe no specs wmic.exe no specs find.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
824\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1176"C:\Users\admin\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1888 --field-trial-handle=1896,i,16413955466076171580,10550425262792933165,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2C:\Users\admin\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exeLauncher.exe
User:
admin
Company:
Unreal Game Inc.
Integrity Level:
LOW
Description:
Launcher
Exit code:
0
Version:
1.0.0
Modules
Images
c:\users\admin\appdata\local\temp\2ofve95kwdh6o0uphdplpdzmx4y\launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2380wmic MemoryChip get /format:list C:\Windows\System32\wbem\WMIC.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
WMI Commandline Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
3944C:\WINDOWS\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"C:\Windows\System32\cmd.exeLauncher.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
4476C:\WINDOWS\system32\cmd.exe /d /s /c "wmic csproduct get uuid"C:\Windows\System32\cmd.exeLauncher.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
5828C:\WINDOWS\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""C:\Windows\System32\cmd.exeLauncher.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
5896find /i "Speed"C:\Windows\System32\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (grep) Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\find.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
5948C:\Users\admin\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe C:\Users\admin\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe
Launcher1.0.0.exe
User:
admin
Company:
Unreal Game Inc.
Integrity Level:
MEDIUM
Description:
Launcher
Exit code:
1
Version:
1.0.0
Modules
Images
c:\users\admin\appdata\local\temp\2ofve95kwdh6o0uphdplpdzmx4y\launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\uiautomationcore.dll
6400\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6704"C:\Users\admin\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2108 --field-trial-handle=1896,i,16413955466076171580,10550425262792933165,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8C:\Users\admin\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exeLauncher.exe
User:
admin
Company:
Unreal Game Inc.
Integrity Level:
MEDIUM
Description:
Launcher
Exit code:
0
Version:
1.0.0
Modules
Images
c:\users\admin\appdata\local\temp\2ofve95kwdh6o0uphdplpdzmx4y\launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
2 284
Read events
2 284
Write events
0
Delete events
0

Modification events

No data
Executable files
19
Suspicious files
118
Text files
2
Unknown types
3

Dropped files

PID
Process
Filename
Type
7096Launcher1.0.0.exeC:\Users\admin\AppData\Local\Temp\nsp11C8.tmp\app-64.7z
MD5:
SHA256:
7096Launcher1.0.0.exeC:\Users\admin\AppData\Local\Temp\nsp11C8.tmp\7z-out\icudtl.dat
MD5:
SHA256:
7096Launcher1.0.0.exeC:\Users\admin\AppData\Local\Temp\nsp11C8.tmp\7z-out\LICENSES.chromium.html
MD5:
SHA256:
7096Launcher1.0.0.exeC:\Users\admin\AppData\Local\Temp\nsp11C8.tmp\nsis7z.dllexecutable
MD5:80E44CE4895304C6A3A831310FBF8CD0
SHA256:B393F05E8FF919EF071181050E1873C9A776E1A0AE8329AEFFF7007D0CADF592
7096Launcher1.0.0.exeC:\Users\admin\AppData\Local\Temp\nsp11C8.tmp\7z-out\locales\ca.pakbinary
MD5:01ACD6F7A4EA85D8E63099CE1262FBAD
SHA256:B48D1BAD676F2E718CBE548302127E0B3567913A2835522D6DD90279A6D2A56A
7096Launcher1.0.0.exeC:\Users\admin\AppData\Local\Temp\nsp11C8.tmp\7z-out\chrome_200_percent.pakpgc
MD5:4610337E3332B7E65B73A6EA738B47DF
SHA256:C91ABF556E55C29D1EA9F560BB17CC3489CB67A5D0C7A22B58485F5F2FBCF25C
7096Launcher1.0.0.exeC:\Users\admin\AppData\Local\Temp\nsp11C8.tmp\7z-out\locales\af.pakbinary
MD5:7E51349EDC7E6AED122BFA00970FAB80
SHA256:F528E698B164283872F76DF2233A47D7D41E1ABA980CE39F6B078E577FD14C97
7096Launcher1.0.0.exeC:\Users\admin\AppData\Local\Temp\nsp11C8.tmp\7z-out\locales\ar.pakbinary
MD5:56F6DC44CC50FC98314D0F88FCC2A962
SHA256:7018884D3C60A9C9D727B21545C7DBBCC7B57FA93A16FA97DECA0D35891E3465
7096Launcher1.0.0.exeC:\Users\admin\AppData\Local\Temp\nsp11C8.tmp\7z-out\locales\bn.pakbinary
MD5:8FEB4092426A0C2C167C0674114B014D
SHA256:FB0656A687555801EDFB9442B9F3E7F2B009BE1126F901CF4DA82D67AC4AD954
7096Launcher1.0.0.exeC:\Users\admin\AppData\Local\Temp\nsp11C8.tmp\7z-out\locales\bg.pakpgc
MD5:945DE8A62865092B8100E93EA3E9828D
SHA256:F0E39893A39CE6133C1B993F1792207830B8670A6EB3185B7E5826D50FEA7BA2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
29
DNS requests
9
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5488
MoUsoCoreWorker.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6944
svchost.exe
GET
200
2.16.241.14:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
2.16.241.14:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6944
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.16.241.14:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
2.23.209.130:443
www.bing.com
Akamai International B.V.
GB
whitelisted
4
System
192.168.100.255:138
whitelisted
6944
svchost.exe
2.16.241.14:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5488
MoUsoCoreWorker.exe
2.16.241.14:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2.16.241.14:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6944
svchost.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5488
MoUsoCoreWorker.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.104.136.2
  • 40.127.240.158
whitelisted
www.bing.com
  • 2.23.209.130
  • 2.23.209.179
  • 2.23.209.149
  • 2.23.209.182
  • 2.23.209.140
  • 2.23.209.133
whitelisted
google.com
  • 142.250.186.46
whitelisted
crl.microsoft.com
  • 2.16.241.14
  • 2.16.241.12
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted
catbox.moe
  • 108.181.20.35
malicious
self.events.data.microsoft.com
  • 20.42.73.27
whitelisted

Threats

Found threats are available for the paid subscriptions
1 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Launcher1.0.0.exe