File name:

Solara Beta V3 _48751246.exe

Full analysis: https://app.any.run/tasks/d62e027f-e608-4eff-b1e2-0d5e5486c72f
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: May 12, 2024, 04:19:41
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
pua
adware
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

1198DAAA23F0AF650C7CD4555FBEF9E8

SHA1:

783F86460785027A41A84E41B42A05B4D4A1A462

SHA256:

25C846183E10BD2A146325EFFECDDBABF0F390717FD11D597012A033E6DAF600

SSDEEP:

98304:pQR6VdJ09uqigD3RAMF6LgaZze6wXCawiMVQwP3F1PwuQqkZObuyX+QuZUREMsLb:A1+GiB+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Solara Beta V3 _48751246.exe (PID: 2072)
      • setup48751246.exe (PID: 1112)

    • Actions looks like stealing of personal data

      • setup48751246.exe (PID: 1112)

    • ADWARE has been detected (SURICATA)

      • setup48751246.exe (PID: 1112)

  • SUSPICIOUS

    • Reads the Internet Settings

      • Solara Beta V3 _48751246.exe (PID: 2072)
      • setup48751246.exe (PID: 1112)

    • Reads settings of System Certificates

      • Solara Beta V3 _48751246.exe (PID: 2072)
      • setup48751246.exe (PID: 1112)

    • Reads security settings of Internet Explorer

      • Solara Beta V3 _48751246.exe (PID: 2072)
      • setup48751246.exe (PID: 1112)

    • Checks Windows Trust Settings

      • Solara Beta V3 _48751246.exe (PID: 2072)
      • setup48751246.exe (PID: 1112)

    • Executable content was dropped or overwritten

      • Solara Beta V3 _48751246.exe (PID: 2072)
      • setup48751246.exe (PID: 1112)

    • The process drops C-runtime libraries

      • setup48751246.exe (PID: 1112)

    • Process drops legitimate windows executable

      • setup48751246.exe (PID: 1112)

    • The process creates files with name similar to system file names

      • setup48751246.exe (PID: 1112)

    • Reads the Windows owner or organization settings

      • setup48751246.exe (PID: 1112)

    • Searches for installed software

      • setup48751246.exe (PID: 1112)

    • Access to an unwanted program domain was detected

      • setup48751246.exe (PID: 1112)

    • Adds/modifies Windows certificates

      • setup48751246.exe (PID: 1112)

  • INFO

    • Reads the computer name

      • Solara Beta V3 _48751246.exe (PID: 2072)
      • setup48751246.exe (PID: 1112)
      • wmpnscfg.exe (PID: 552)

    • Checks supported languages

      • Solara Beta V3 _48751246.exe (PID: 2072)
      • setup48751246.exe (PID: 1112)
      • wmpnscfg.exe (PID: 552)

    • Checks proxy server information

      • Solara Beta V3 _48751246.exe (PID: 2072)

    • Reads the software policy settings

      • Solara Beta V3 _48751246.exe (PID: 2072)
      • setup48751246.exe (PID: 1112)

    • Creates files or folders in the user directory

      • Solara Beta V3 _48751246.exe (PID: 2072)
      • setup48751246.exe (PID: 1112)

    • Reads the machine GUID from the registry

      • Solara Beta V3 _48751246.exe (PID: 2072)
      • setup48751246.exe (PID: 1112)

    • Create files in a temporary directory

      • setup48751246.exe (PID: 1112)
      • Solara Beta V3 _48751246.exe (PID: 2072)

    • Reads Environment values

      • setup48751246.exe (PID: 1112)

    • Reads product name

      • setup48751246.exe (PID: 1112)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 552)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:02:24 20:04:55+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.22
CodeSize: 4347392
InitializedDataSize: 5656576
UninitializedDataSize: -
EntryPoint: 0x396dbb
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Unknown (0)
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: Download Manager
FileVersion: 1
InternalName: Download Manager
LegalCopyright: Download Manager
OriginalFileName: Download Manager
ProductName: Download Manager
ProductVersion: 1
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
4
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start solara beta v3 _48751246.exe #ADWARE setup48751246.exe wmpnscfg.exe no specs solara beta v3 _48751246.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
552"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1112C:\Users\admin\AppData\Local\setup48751246.exe hhwnd=131370 hreturntoinstaller hextras=id:282b064416bc854-CZ-HS9TBC:\Users\admin\AppData\Local\setup48751246.exe
Solara Beta V3 _48751246.exe
User:
admin
Company:
DT001
Integrity Level:
HIGH
Description:
Software Installation
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\setup48751246.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2072"C:\Users\admin\AppData\Local\Temp\Solara Beta V3 _48751246.exe" C:\Users\admin\AppData\Local\Temp\Solara Beta V3 _48751246.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
Download Manager
Version:
1
Modules
Images
c:\users\admin\appdata\local\temp\solara beta v3 _48751246.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3984"C:\Users\admin\AppData\Local\Temp\Solara Beta V3 _48751246.exe" C:\Users\admin\AppData\Local\Temp\Solara Beta V3 _48751246.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Download Manager
Exit code:
3221226540
Version:
1
Modules
Images
c:\users\admin\appdata\local\temp\solara beta v3 _48751246.exe
c:\windows\system32\ntdll.dll
Total events
18 414
Read events
18 278
Write events
119
Delete events
17

Modification events

(PID) Process:(2072) Solara Beta V3 _48751246.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2072) Solara Beta V3 _48751246.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyServer
Value:
(PID) Process:(2072) Solara Beta V3 _48751246.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyOverride
Value:
(PID) Process:(2072) Solara Beta V3 _48751246.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoConfigURL
Value:
(PID) Process:(2072) Solara Beta V3 _48751246.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoDetect
Value:
(PID) Process:(2072) Solara Beta V3 _48751246.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005D010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2072) Solara Beta V3 _48751246.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2072) Solara Beta V3 _48751246.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2072) Solara Beta V3 _48751246.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2072) Solara Beta V3 _48751246.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
23
Suspicious files
19
Text files
17
Unknown types
0

Dropped files

PID
Process
Filename
Type
2072Solara Beta V3 _48751246.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_45E3C223BCF135987E4038FB6B0DBA13der
MD5:037AE8164352CA91E80AD33054D1906D
SHA256:07C018EB07002663D5248DAA8A65EAF587955E3DB45735E7E3AC9CB13D7D664E
2072Solara Beta V3 _48751246.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\700B9980BA1F8C3D19B9578F56B7386F_345749F8109B3F0DBE7840DC04B120E5binary
MD5:E93B5B61A6028238FBF47AC573BC68A7
SHA256:E783A5F2DB7A990547ED1A150CEBADD04A63C50E17D6EE4748078441D7FADDAD
1112setup48751246.exeC:\Users\admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.dllexecutable
MD5:72990C7E32EE6C811EA3D2EA64523234
SHA256:E77E0B4F2762F76A3EAAADF5A3138A35EC06ECE80EDC4B3396DE7A601F8DA1B3
2072Solara Beta V3 _48751246.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_45E3C223BCF135987E4038FB6B0DBA13binary
MD5:9455055DD8624BC5E45BEC9A332E4CC6
SHA256:B3C5A6B17398A3A4AA6704DDA8822CFB5416FC43098D0303FD0BE02302EE3D75
2072Solara Beta V3 _48751246.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\geo[1].htmtext
MD5:58CC12E875E2088F62B920F5D000CCB5
SHA256:90E17AA7490B69496D703EEA507DDC86C9AEC021873F1AEFF5BE1BA4B5278CF1
2072Solara Beta V3 _48751246.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:4B09249C4DC1BC93B4DA6CB25FAFC481
SHA256:0E2C7DE0CC9D540BE78B781938C3F93CD89A4EA410450202A480A49C99B258DF
2072Solara Beta V3 _48751246.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\service[1].htmtext
MD5:F9F9E0BEFF1AC9AD451F42F902B99279
SHA256:09498EEF217D2D302181B86139144035D749BA717390239748EC73D4D6D750C0
1112setup48751246.exeC:\Users\admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.LastScreen.dllexecutable
MD5:6E001F8D0EE4F09A6673A9E8168836B6
SHA256:6A30F9C604C4012D1D2E1BA075213C378AFB1BFCB94276DE7995ED7BBF492859
2072Solara Beta V3 _48751246.exeC:\Users\admin\AppData\Local\setup48751246.exeexecutable
MD5:29D3A70CEC060614E1691E64162A6C1E
SHA256:CC70B093A19610E9752794D757AEC9EF07CA862EA9267EC6F9CC92B2AA882C72
1112setup48751246.exeC:\Users\admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\msvcp140.dllexecutable
MD5:8FF1898897F3F4391803C7253366A87B
SHA256:51398691FEEF7AE0A876B523AEC47C4A06D9A1EE62F1A0AEE27DE6D6191C68AD
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
21
DNS requests
14
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2072
Solara Beta V3 _48751246.exe
GET
304
23.223.17.200:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?cfe0a7f8e7962138
unknown
unknown
2072
Solara Beta V3 _48751246.exe
GET
200
216.58.212.131:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
unknown
2072
Solara Beta V3 _48751246.exe
GET
200
216.58.212.131:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIAjrICMzZli2TN25s%3D
unknown
unknown
2072
Solara Beta V3 _48751246.exe
GET
200
216.58.212.131:80
http://ocsp.pki.goog/s/gts1d4/w2JVwme7rvU/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSMBFDqU0NJQdZdEGU3bkhj0FoRrQQUJeIYDrJXkZQq5dRdhpCD3lOzuJICEELAll3IHWDiEuOptsbe6aY%3D
unknown
unknown
1112
setup48751246.exe
GET
200
23.223.17.200:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?6332dae1732afbf8
unknown
unknown
2072
Solara Beta V3 _48751246.exe
GET
200
216.58.212.131:80
http://ocsp.pki.goog/s/gts1d4/c60NpY15aYI/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSMBFDqU0NJQdZdEGU3bkhj0FoRrQQUJeIYDrJXkZQq5dRdhpCD3lOzuJICEQDIkRwUzpFoGQr1j0t77Yt6
unknown
unknown
2072
Solara Beta V3 _48751246.exe
GET
200
23.223.17.200:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?8a7a0a8b0d4837c1
unknown
unknown
2072
Solara Beta V3 _48751246.exe
GET
200
184.24.206.119:80
http://x2.c.lencr.org/
unknown
unknown
2072
Solara Beta V3 _48751246.exe
GET
200
184.24.206.119:80
http://x1.c.lencr.org/
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2072
Solara Beta V3 _48751246.exe
35.190.60.70:443
www.dlsft.com
GOOGLE
US
whitelisted
2072
Solara Beta V3 _48751246.exe
23.223.17.200:80
ctldl.windowsupdate.com
AKAMAI-AS
US
unknown
2072
Solara Beta V3 _48751246.exe
216.58.212.131:80
ocsp.pki.goog
GOOGLE
US
whitelisted
1112
setup48751246.exe
104.16.149.130:443
flow.lavasoft.com
CLOUDFLARENET
unknown
1112
setup48751246.exe
104.16.213.94:443
sos.adaware.com
CLOUDFLARENET
unknown
1112
setup48751246.exe
23.223.17.200:80
ctldl.windowsupdate.com
AKAMAI-AS
US
unknown
2072
Solara Beta V3 _48751246.exe
188.114.96.3:443
filedm.com
CLOUDFLARENET
NL
unknown

DNS requests

Domain
IP
Reputation
www.dlsft.com
  • 35.190.60.70
unknown
ctldl.windowsupdate.com
  • 23.223.17.200
  • 23.223.17.198
whitelisted
ocsp.pki.goog
  • 216.58.212.131
whitelisted
www.google.com
  • 142.250.186.100
whitelisted
flow.lavasoft.com
  • 104.16.149.130
  • 104.16.148.130
whitelisted
sos.adaware.com
  • 104.16.213.94
  • 104.16.212.94
whitelisted
dlsft.com
  • 35.190.60.70
unknown
filedm.com
  • 188.114.96.3
  • 188.114.97.3
malicious
x1.c.lencr.org
  • 184.24.206.119
whitelisted
x2.c.lencr.org
  • 184.24.206.119
whitelisted

Threats

Found threats are available for the paid subscriptions
4 ETPRO signatures available at the full report
Process
Message
Solara Beta V3 _48751246.exe
Solara Beta V3 _48751246.exe
Error: (undefined) has no property - value
Solara Beta V3 _48751246.exe
at initializeDynamicVariables (this://app/main.html(329))
Solara Beta V3 _48751246.exe
Solara Beta V3 _48751246.exe
at getFileInfo.@285@39 (this://app/main.html(307))
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Solara Beta V3 _48751246.exe