File name:

Launcher1.0.0.exe

Full analysis: https://app.any.run/tasks/11728ce2-25fd-40f1-af3f-38a5d89faf0e
Verdict: Malicious activity
Analysis date: November 13, 2024, 22:32:05
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

50D9FE99F65BB8AF4CA058D23EA8DE0C

SHA1:

041D1B6307B0323CFAAC612E7DD912A67ABE9FAD

SHA256:

0AFAB4B26C198530FCABA9DFA5EE813EA3AFC3427CB7CEF62E3FB624538BF894

SSDEEP:

1572864:48wWDIs1SlaEOotIcH4kUlPiwDtuE/c+g:48wWDd1saEP+cHpWP3DtuE01

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Launcher1.0.0.exe (PID: 7096)

    • The process creates files with name similar to system file names

      • Launcher1.0.0.exe (PID: 7096)

    • Process drops legitimate windows executable

      • Launcher1.0.0.exe (PID: 7096)

    • Reads security settings of Internet Explorer

      • Launcher1.0.0.exe (PID: 7096)

    • Drops 7-zip archiver for unpacking

      • Launcher1.0.0.exe (PID: 7096)

    • Executable content was dropped or overwritten

      • Launcher1.0.0.exe (PID: 7096)
      • Launcher.exe (PID: 5948)

    • Starts CMD.EXE for commands execution

      • Launcher.exe (PID: 5948)

    • Uses WMIC.EXE to obtain Windows Installer data

      • cmd.exe (PID: 4476)

    • Accesses product unique identifier via WMI (SCRIPT)

      • WMIC.exe (PID: 7136)

    • Uses WMIC.EXE to obtain BIOS management information

      • cmd.exe (PID: 3944)

    • Application launched itself

      • Launcher.exe (PID: 5948)

    • Uses WMIC.EXE to obtain memory chip information

      • cmd.exe (PID: 5828)

  • INFO

    • Reads the computer name

      • Launcher1.0.0.exe (PID: 7096)
      • Launcher.exe (PID: 5948)
      • Launcher.exe (PID: 1176)
      • Launcher.exe (PID: 6704)

    • Checks supported languages

      • Launcher1.0.0.exe (PID: 7096)
      • Launcher.exe (PID: 5948)
      • Launcher.exe (PID: 6704)
      • Launcher.exe (PID: 1176)

    • Reads product name

      • Launcher.exe (PID: 5948)

    • Reads Environment values

      • Launcher.exe (PID: 5948)

    • Create files in a temporary directory

      • Launcher.exe (PID: 5948)
      • Launcher1.0.0.exe (PID: 7096)

    • Reads security settings of Internet Explorer

      • WMIC.exe (PID: 7136)
      • WMIC.exe (PID: 7128)
      • WMIC.exe (PID: 2380)

    • Process checks computer location settings

      • Launcher.exe (PID: 5948)

    • Reads the machine GUID from the registry

      • Launcher.exe (PID: 5948)

    • Checks proxy server information

      • Launcher.exe (PID: 5948)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2018:12:15 22:26:14+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 26624
InitializedDataSize: 473088
UninitializedDataSize: 16384
EntryPoint: 0x338f
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Unreal Game Inc.
FileDescription: MIT
FileVersion: 1.0.0
LegalCopyright: Copyright © 2024 Unreal Game Inc.
ProductName: Launcher
ProductVersion: 1.0.0
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
125
Monitored processes
14
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start launcher1.0.0.exe launcher.exe cmd.exe no specs conhost.exe no specs wmic.exe no specs cmd.exe no specs conhost.exe no specs wmic.exe no specs launcher.exe no specs launcher.exe no specs cmd.exe no specs conhost.exe no specs wmic.exe no specs find.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
824\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
1176"C:\Users\admin\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe" --type=gpu-process --user-data-dir="C:\Users\admin\AppData\Roaming\unrealgame" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1888 --field-trial-handle=1896,i,16413955466076171580,10550425262792933165,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2C:\Users\admin\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exeLauncher.exe
User:
admin
Company:
Unreal Game Inc.
Integrity Level:
LOW
Description:
Launcher
Exit code:
0
Version:
1.0.0
Modules
Images
c:\users\admin\appdata\local\temp\2ofve95kwdh6o0uphdplpdzmx4y\launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
2380wmic MemoryChip get /format:list C:\Windows\System32\wbem\WMIC.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
WMI Commandline Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\wbem\wmic.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\framedynos.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
3944C:\WINDOWS\system32\cmd.exe /d /s /c "wmic bios get smbiosbiosversion"C:\Windows\System32\cmd.exeLauncher.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
4476C:\WINDOWS\system32\cmd.exe /d /s /c "wmic csproduct get uuid"C:\Windows\System32\cmd.exeLauncher.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
5828C:\WINDOWS\system32\cmd.exe /d /s /c "wmic MemoryChip get /format:list | find /i "Speed""C:\Windows\System32\cmd.exeLauncher.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
5896find /i "Speed"C:\Windows\System32\find.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Find String (grep) Utility
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\find.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ulib.dll
c:\windows\system32\fsutilext.dll
5948C:\Users\admin\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe C:\Users\admin\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe
Launcher1.0.0.exe
User:
admin
Company:
Unreal Game Inc.
Integrity Level:
MEDIUM
Description:
Launcher
Exit code:
1
Version:
1.0.0
Modules
Images
c:\users\admin\appdata\local\temp\2ofve95kwdh6o0uphdplpdzmx4y\launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\uiautomationcore.dll
6400\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
6704"C:\Users\admin\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\admin\AppData\Roaming\unrealgame" --mojo-platform-channel-handle=2108 --field-trial-handle=1896,i,16413955466076171580,10550425262792933165,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8C:\Users\admin\AppData\Local\Temp\2ofve95kWDh6o0UPHdPlPdzmX4y\Launcher.exeLauncher.exe
User:
admin
Company:
Unreal Game Inc.
Integrity Level:
MEDIUM
Description:
Launcher
Exit code:
0
Version:
1.0.0
Modules
Images
c:\users\admin\appdata\local\temp\2ofve95kwdh6o0uphdplpdzmx4y\launcher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
Total events
2 284
Read events
2 284
Write events
0
Delete events
0

Modification events

No data
Executable files
19
Suspicious files
118
Text files
2
Unknown types
3

Dropped files

PID
Process
Filename
Type
7096Launcher1.0.0.exeC:\Users\admin\AppData\Local\Temp\nsp11C8.tmp\app-64.7z
MD5:
SHA256:
7096Launcher1.0.0.exeC:\Users\admin\AppData\Local\Temp\nsp11C8.tmp\7z-out\icudtl.dat
MD5:
SHA256:
7096Launcher1.0.0.exeC:\Users\admin\AppData\Local\Temp\nsp11C8.tmp\7z-out\LICENSES.chromium.html
MD5:
SHA256:
7096Launcher1.0.0.exeC:\Users\admin\AppData\Local\Temp\nsp11C8.tmp\7z-out\chrome_100_percent.pakbinary
MD5:ACD0FA0A90B43CD1C87A55A991B4FAC3
SHA256:CCBCA246B9A93FA8D4F01A01345E7537511C590E4A8EFD5777B1596D10923B4B
7096Launcher1.0.0.exeC:\Users\admin\AppData\Local\Temp\nsp11C8.tmp\7z-out\LICENSE.electron.txttext
MD5:4D42118D35941E0F664DDDBD83F633C5
SHA256:5154E165BD6C2CC0CFBCD8916498C7ABAB0497923BAFCD5CB07673FE8480087D
7096Launcher1.0.0.exeC:\Users\admin\AppData\Local\Temp\nsp11C8.tmp\7z-out\locales\af.pakbinary
MD5:7E51349EDC7E6AED122BFA00970FAB80
SHA256:F528E698B164283872F76DF2233A47D7D41E1ABA980CE39F6B078E577FD14C97
7096Launcher1.0.0.exeC:\Users\admin\AppData\Local\Temp\nsp11C8.tmp\7z-out\locales\am.pakpgc
MD5:C6EF9C40B48A069B70ED3335B52A9A9C
SHA256:73A1034BE12ABDA7401EB601819657CD7ADDF011BFD9CE39F115A442BCCBA995
7096Launcher1.0.0.exeC:\Users\admin\AppData\Local\Temp\nsp11C8.tmp\7z-out\locales\ar.pakbinary
MD5:56F6DC44CC50FC98314D0F88FCC2A962
SHA256:7018884D3C60A9C9D727B21545C7DBBCC7B57FA93A16FA97DECA0D35891E3465
7096Launcher1.0.0.exeC:\Users\admin\AppData\Local\Temp\nsp11C8.tmp\System.dllexecutable
MD5:0D7AD4F45DC6F5AA87F606D0331C6901
SHA256:3EB38AE99653A7DBC724132EE240F6E5C4AF4BFE7C01D31D23FAF373F9F2EACA
7096Launcher1.0.0.exeC:\Users\admin\AppData\Local\Temp\nsp11C8.tmp\7z-out\locales\bg.pakpgc
MD5:945DE8A62865092B8100E93EA3E9828D
SHA256:F0E39893A39CE6133C1B993F1792207830B8670A6EB3185B7E5826D50FEA7BA2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
29
DNS requests
9
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6944
svchost.exe
GET
200
2.16.241.14:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
2.16.241.14:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
5488
MoUsoCoreWorker.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6944
svchost.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
2.16.241.14:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4
System
192.168.100.255:137
whitelisted
2.23.209.130:443
www.bing.com
Akamai International B.V.
GB
whitelisted
4
System
192.168.100.255:138
whitelisted
6944
svchost.exe
2.16.241.14:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
5488
MoUsoCoreWorker.exe
2.16.241.14:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
2.16.241.14:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
6944
svchost.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
5488
MoUsoCoreWorker.exe
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
88.221.169.152:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
  • 51.104.136.2
  • 40.127.240.158
whitelisted
www.bing.com
  • 2.23.209.130
  • 2.23.209.179
  • 2.23.209.149
  • 2.23.209.182
  • 2.23.209.140
  • 2.23.209.133
whitelisted
google.com
  • 142.250.186.46
whitelisted
crl.microsoft.com
  • 2.16.241.14
  • 2.16.241.12
whitelisted
www.microsoft.com
  • 88.221.169.152
whitelisted
catbox.moe
  • 108.181.20.35
malicious
self.events.data.microsoft.com
  • 20.42.73.27
whitelisted

Threats

Found threats are available for the paid subscriptions
1 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Launcher1.0.0.exe