File name:

Solara Beta V3 _48751246.exe

Full analysis: https://app.any.run/tasks/d62e027f-e608-4eff-b1e2-0d5e5486c72f
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: May 12, 2024, 04:19:41
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
pua
adware
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

1198DAAA23F0AF650C7CD4555FBEF9E8

SHA1:

783F86460785027A41A84E41B42A05B4D4A1A462

SHA256:

25C846183E10BD2A146325EFFECDDBABF0F390717FD11D597012A033E6DAF600

SSDEEP:

98304:pQR6VdJ09uqigD3RAMF6LgaZze6wXCawiMVQwP3F1PwuQqkZObuyX+QuZUREMsLb:A1+GiB+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Solara Beta V3 _48751246.exe (PID: 2072)
      • setup48751246.exe (PID: 1112)

    • Actions looks like stealing of personal data

      • setup48751246.exe (PID: 1112)

    • ADWARE has been detected (SURICATA)

      • setup48751246.exe (PID: 1112)

  • SUSPICIOUS

    • Reads the Internet Settings

      • Solara Beta V3 _48751246.exe (PID: 2072)
      • setup48751246.exe (PID: 1112)

    • Reads security settings of Internet Explorer

      • Solara Beta V3 _48751246.exe (PID: 2072)
      • setup48751246.exe (PID: 1112)

    • Reads settings of System Certificates

      • Solara Beta V3 _48751246.exe (PID: 2072)
      • setup48751246.exe (PID: 1112)

    • Executable content was dropped or overwritten

      • Solara Beta V3 _48751246.exe (PID: 2072)
      • setup48751246.exe (PID: 1112)

    • Checks Windows Trust Settings

      • Solara Beta V3 _48751246.exe (PID: 2072)
      • setup48751246.exe (PID: 1112)

    • Process drops legitimate windows executable

      • setup48751246.exe (PID: 1112)

    • The process drops C-runtime libraries

      • setup48751246.exe (PID: 1112)

    • Searches for installed software

      • setup48751246.exe (PID: 1112)

    • Access to an unwanted program domain was detected

      • setup48751246.exe (PID: 1112)

    • The process creates files with name similar to system file names

      • setup48751246.exe (PID: 1112)

    • Reads the Windows owner or organization settings

      • setup48751246.exe (PID: 1112)

    • Adds/modifies Windows certificates

      • setup48751246.exe (PID: 1112)

  • INFO

    • Reads the machine GUID from the registry

      • Solara Beta V3 _48751246.exe (PID: 2072)
      • setup48751246.exe (PID: 1112)

    • Checks supported languages

      • Solara Beta V3 _48751246.exe (PID: 2072)
      • setup48751246.exe (PID: 1112)
      • wmpnscfg.exe (PID: 552)

    • Reads the computer name

      • Solara Beta V3 _48751246.exe (PID: 2072)
      • setup48751246.exe (PID: 1112)
      • wmpnscfg.exe (PID: 552)

    • Checks proxy server information

      • Solara Beta V3 _48751246.exe (PID: 2072)

    • Creates files or folders in the user directory

      • Solara Beta V3 _48751246.exe (PID: 2072)
      • setup48751246.exe (PID: 1112)

    • Reads the software policy settings

      • Solara Beta V3 _48751246.exe (PID: 2072)
      • setup48751246.exe (PID: 1112)

    • Create files in a temporary directory

      • setup48751246.exe (PID: 1112)
      • Solara Beta V3 _48751246.exe (PID: 2072)

    • Reads product name

      • setup48751246.exe (PID: 1112)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 552)

    • Reads Environment values

      • setup48751246.exe (PID: 1112)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:02:24 20:04:55+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.22
CodeSize: 4347392
InitializedDataSize: 5656576
UninitializedDataSize: -
EntryPoint: 0x396dbb
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Unknown (0)
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Unicode
FileDescription: Download Manager
FileVersion: 1
InternalName: Download Manager
LegalCopyright: Download Manager
OriginalFileName: Download Manager
ProductName: Download Manager
ProductVersion: 1
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
4
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start solara beta v3 _48751246.exe #ADWARE setup48751246.exe wmpnscfg.exe no specs solara beta v3 _48751246.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
552"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1112C:\Users\admin\AppData\Local\setup48751246.exe hhwnd=131370 hreturntoinstaller hextras=id:282b064416bc854-CZ-HS9TBC:\Users\admin\AppData\Local\setup48751246.exe
Solara Beta V3 _48751246.exe
User:
admin
Company:
DT001
Integrity Level:
HIGH
Description:
Software Installation
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\setup48751246.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2072"C:\Users\admin\AppData\Local\Temp\Solara Beta V3 _48751246.exe" C:\Users\admin\AppData\Local\Temp\Solara Beta V3 _48751246.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
Download Manager
Version:
1
Modules
Images
c:\users\admin\appdata\local\temp\solara beta v3 _48751246.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3984"C:\Users\admin\AppData\Local\Temp\Solara Beta V3 _48751246.exe" C:\Users\admin\AppData\Local\Temp\Solara Beta V3 _48751246.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Download Manager
Exit code:
3221226540
Version:
1
Modules
Images
c:\users\admin\appdata\local\temp\solara beta v3 _48751246.exe
c:\windows\system32\ntdll.dll
Total events
18 414
Read events
18 278
Write events
119
Delete events
17

Modification events

(PID) Process:(2072) Solara Beta V3 _48751246.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:writeName:ProxyEnable
Value:
0
(PID) Process:(2072) Solara Beta V3 _48751246.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyServer
Value:
(PID) Process:(2072) Solara Beta V3 _48751246.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:ProxyOverride
Value:
(PID) Process:(2072) Solara Beta V3 _48751246.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoConfigURL
Value:
(PID) Process:(2072) Solara Beta V3 _48751246.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
Operation:delete valueName:AutoDetect
Value:
(PID) Process:(2072) Solara Beta V3 _48751246.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
Operation:writeName:SavedLegacySettings
Value:
460000005D010000090000000000000000000000000000000400000000000000C0E333BBEAB1D3010000000000000000000000000100000002000000C0A8016B000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
(PID) Process:(2072) Solara Beta V3 _48751246.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2072) Solara Beta V3 _48751246.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2072) Solara Beta V3 _48751246.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2072) Solara Beta V3 _48751246.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
23
Suspicious files
19
Text files
17
Unknown types
0

Dropped files

PID
Process
Filename
Type
2072Solara Beta V3 _48751246.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:DC34F9FCFBC3CAF77D03DD8C89330139
SHA256:0D0809A1AB52BC6DEAED5C149412590A7622ED60209734EE12292FA09BF947DD
1112setup48751246.exeC:\Users\admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.dllexecutable
MD5:08112F27DCD8F1D779231A7A3E944CB1
SHA256:11C6A8470A3F2B2BE9B8CAFE5F9A0AFCE7303BFD02AB783A0F0EE09A184649FA
2072Solara Beta V3 _48751246.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\700B9980BA1F8C3D19B9578F56B7386F_345749F8109B3F0DBE7840DC04B120E5binary
MD5:E93B5B61A6028238FBF47AC573BC68A7
SHA256:E783A5F2DB7A990547ED1A150CEBADD04A63C50E17D6EE4748078441D7FADDAD
2072Solara Beta V3 _48751246.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAbinary
MD5:4B09249C4DC1BC93B4DA6CB25FAFC481
SHA256:0E2C7DE0CC9D540BE78B781938C3F93CD89A4EA410450202A480A49C99B258DF
1112setup48751246.exeC:\Users\admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\vcruntime140.dllexecutable
MD5:1A84957B6E681FCA057160CD04E26B27
SHA256:9FAEAA45E8CC986AF56F28350B38238B03C01C355E9564B849604B8D690919C5
2072Solara Beta V3 _48751246.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\700B9980BA1F8C3D19B9578F56B7386F_345749F8109B3F0DBE7840DC04B120E5der
MD5:8698C2014D5CFECA695F6F8E0067CB14
SHA256:1E1CDABBC44F536DF9A2CB9D602307E5C166D58665BCF2F020CC275BF0FF3D9F
2072Solara Beta V3 _48751246.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\service[1].htmtext
MD5:F9F9E0BEFF1AC9AD451F42F902B99279
SHA256:09498EEF217D2D302181B86139144035D749BA717390239748EC73D4D6D750C0
2072Solara Beta V3 _48751246.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\geo[1].htmtext
MD5:58CC12E875E2088F62B920F5D000CCB5
SHA256:90E17AA7490B69496D703EEA507DDC86C9AEC021873F1AEFF5BE1BA4B5278CF1
2072Solara Beta V3 _48751246.exeC:\Users\admin\AppData\Local\setup48751246.exeexecutable
MD5:29D3A70CEC060614E1691E64162A6C1E
SHA256:CC70B093A19610E9752794D757AEC9EF07CA862EA9267EC6F9CC92B2AA882C72
1112setup48751246.exeC:\Users\admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.dllexecutable
MD5:72990C7E32EE6C811EA3D2EA64523234
SHA256:E77E0B4F2762F76A3EAAADF5A3138A35EC06ECE80EDC4B3396DE7A601F8DA1B3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
21
DNS requests
14
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2072
Solara Beta V3 _48751246.exe
GET
304
23.223.17.200:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?cfe0a7f8e7962138
unknown
unknown
2072
Solara Beta V3 _48751246.exe
GET
200
216.58.212.131:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
unknown
2072
Solara Beta V3 _48751246.exe
GET
200
216.58.212.131:80
http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIAjrICMzZli2TN25s%3D
unknown
unknown
2072
Solara Beta V3 _48751246.exe
GET
200
216.58.212.131:80
http://ocsp.pki.goog/s/gts1d4/w2JVwme7rvU/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSMBFDqU0NJQdZdEGU3bkhj0FoRrQQUJeIYDrJXkZQq5dRdhpCD3lOzuJICEELAll3IHWDiEuOptsbe6aY%3D
unknown
unknown
1112
setup48751246.exe
GET
200
23.223.17.200:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?6332dae1732afbf8
unknown
unknown
2072
Solara Beta V3 _48751246.exe
GET
200
216.58.212.131:80
http://ocsp.pki.goog/s/gts1d4/c60NpY15aYI/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBSMBFDqU0NJQdZdEGU3bkhj0FoRrQQUJeIYDrJXkZQq5dRdhpCD3lOzuJICEQDIkRwUzpFoGQr1j0t77Yt6
unknown
unknown
2072
Solara Beta V3 _48751246.exe
GET
200
23.223.17.200:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?8a7a0a8b0d4837c1
unknown
unknown
2072
Solara Beta V3 _48751246.exe
GET
200
184.24.206.119:80
http://x1.c.lencr.org/
unknown
unknown
2072
Solara Beta V3 _48751246.exe
GET
200
184.24.206.119:80
http://x2.c.lencr.org/
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2072
Solara Beta V3 _48751246.exe
35.190.60.70:443
www.dlsft.com
GOOGLE
US
whitelisted
2072
Solara Beta V3 _48751246.exe
23.223.17.200:80
ctldl.windowsupdate.com
AKAMAI-AS
US
unknown
2072
Solara Beta V3 _48751246.exe
216.58.212.131:80
ocsp.pki.goog
GOOGLE
US
whitelisted
1112
setup48751246.exe
104.16.149.130:443
flow.lavasoft.com
CLOUDFLARENET
unknown
1112
setup48751246.exe
104.16.213.94:443
sos.adaware.com
CLOUDFLARENET
unknown
1112
setup48751246.exe
23.223.17.200:80
ctldl.windowsupdate.com
AKAMAI-AS
US
unknown
2072
Solara Beta V3 _48751246.exe
188.114.96.3:443
filedm.com
CLOUDFLARENET
NL
unknown

DNS requests

Domain
IP
Reputation
www.dlsft.com
  • 35.190.60.70
unknown
ctldl.windowsupdate.com
  • 23.223.17.200
  • 23.223.17.198
whitelisted
ocsp.pki.goog
  • 216.58.212.131
whitelisted
www.google.com
  • 142.250.186.100
whitelisted
flow.lavasoft.com
  • 104.16.149.130
  • 104.16.148.130
whitelisted
sos.adaware.com
  • 104.16.213.94
  • 104.16.212.94
whitelisted
dlsft.com
  • 35.190.60.70
unknown
filedm.com
  • 188.114.96.3
  • 188.114.97.3
malicious
x1.c.lencr.org
  • 184.24.206.119
whitelisted
x2.c.lencr.org
  • 184.24.206.119
whitelisted

Threats

Found threats are available for the paid subscriptions
4 ETPRO signatures available at the full report
Process
Message
Solara Beta V3 _48751246.exe
Solara Beta V3 _48751246.exe
Error: (undefined) has no property - value
Solara Beta V3 _48751246.exe
at initializeDynamicVariables (this://app/main.html(329))
Solara Beta V3 _48751246.exe
Solara Beta V3 _48751246.exe
at getFileInfo.@285@39 (this://app/main.html(307))
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Solara Beta V3 _48751246.exe