File name:

Onlan-SO-100-Gaming-Mouse.zip

Full analysis: https://app.any.run/tasks/d7228591-f1af-4b42-a28f-0f4160061dd8
Verdict: Malicious activity
Analysis date: December 02, 2023, 22:34:48
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

B2CF3A0C21AAB046601C9B2970AEB4BB

SHA1:

7781FA12CDBB1BA5E96524657595B68845F01ABB

SHA256:

80D68605897260845EA7D08C8DA53BACE2C89042C010000214F4D0A11D156FB6

SSDEEP:

98304:sUsNaBq/EpGePA4BO6yTNCGTjdmckuW5nBHv1q0/JzbCaBEGgnBMFa503Cqmjb/a:r/yZJg

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Onlan SO-100 Gaming Mouse.exe (PID: 2600)
      • Onlan SO-100 Gaming Mouse.tmp (PID: 1152)

  • SUSPICIOUS

    • Reads the Windows owner or organization settings

      • Onlan SO-100 Gaming Mouse.tmp (PID: 1152)

    • Process drops legitimate windows executable

      • Onlan SO-100 Gaming Mouse.tmp (PID: 1152)

  • INFO

    • Manual execution by a user

      • Onlan SO-100 Gaming Mouse.exe (PID: 2600)
      • Onlan SO-100 Gaming Mouse.exe (PID: 280)
      • OemDrv.exe (PID: 3144)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 2412)

    • Checks supported languages

      • Onlan SO-100 Gaming Mouse.exe (PID: 2600)
      • Onlan SO-100 Gaming Mouse.tmp (PID: 1152)
      • OemDrv.exe (PID: 3144)

    • Creates files in the program directory

      • Onlan SO-100 Gaming Mouse.tmp (PID: 1152)

    • Reads the computer name

      • Onlan SO-100 Gaming Mouse.tmp (PID: 1152)
      • OemDrv.exe (PID: 3144)

    • Create files in a temporary directory

      • Onlan SO-100 Gaming Mouse.exe (PID: 2600)
      • Onlan SO-100 Gaming Mouse.tmp (PID: 1152)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2023:09:27 15:20:24
ZipCRC: 0xf0dd5585
ZipCompressedSize: 3073486
ZipUncompressedSize: 3155002
ZipFileName: Onlan SO-100 Gaming Mouse.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
46
Monitored processes
5
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs onlan so-100 gaming mouse.exe no specs onlan so-100 gaming mouse.exe onlan so-100 gaming mouse.tmp oemdrv.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
280"C:\Users\admin\Desktop\Onlan SO-100 Gaming Mouse.exe" C:\Users\admin\Desktop\Onlan SO-100 Gaming Mouse.exeexplorer.exe
User:
admin
Company:
OnLan
Integrity Level:
MEDIUM
Description:
Exit code:
3221226540
Version:
Modules
Images
c:\users\admin\desktop\onlan so-100 gaming mouse.exe
c:\windows\system32\ntdll.dll
1152"C:\Users\admin\AppData\Local\Temp\is-D4MNM.tmp\Onlan SO-100 Gaming Mouse.tmp" /SL5="$100156,2770747,140800,C:\Users\admin\Desktop\Onlan SO-100 Gaming Mouse.exe" C:\Users\admin\AppData\Local\Temp\is-D4MNM.tmp\Onlan SO-100 Gaming Mouse.tmp
Onlan SO-100 Gaming Mouse.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1048.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-d4mnm.tmp\onlan so-100 gaming mouse.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2412"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\Onlan-SO-100-Gaming-Mouse.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2600"C:\Users\admin\Desktop\Onlan SO-100 Gaming Mouse.exe" C:\Users\admin\Desktop\Onlan SO-100 Gaming Mouse.exe
explorer.exe
User:
admin
Company:
OnLan
Integrity Level:
HIGH
Description:
Exit code:
0
Version:
Modules
Images
c:\users\admin\desktop\onlan so-100 gaming mouse.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3144"C:\Program Files\OnLan SO-100 PRO\OemDrv.exe" C:\Program Files\OnLan SO-100 PRO\OemDrv.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
2
Version:
1, 0, 0, 7
Modules
Images
c:\program files\onlan so-100 pro\oemdrv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msimg32.dll
Total events
1 499
Read events
1 480
Write events
19
Delete events
0

Modification events

(PID) Process:(2412) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2412) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(2412) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(2412) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(2412) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2412) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2412) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2412) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2412) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
(PID) Process:(2412) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\General
Operation:writeName:LastFolder
Value:
C:\Users\admin\Desktop
Executable files
15
Suspicious files
8
Text files
179
Unknown types
0

Dropped files

PID
Process
Filename
Type
2600Onlan SO-100 Gaming Mouse.exeC:\Users\admin\AppData\Local\Temp\is-D4MNM.tmp\Onlan SO-100 Gaming Mouse.tmpexecutable
MD5:A4CB46C715D6E7B72755EAB92123A3EA
SHA256:686699D59606CD7D2253DFF2C92003380361F00B168305E959E66BAB9BC725C0
1152Onlan SO-100 Gaming Mouse.tmpC:\Users\admin\AppData\Local\Temp\is-AICOJ.tmp\_isetup\_shfoldr.dllexecutable
MD5:92DC6EF532FBB4A5C3201469A5B5EB63
SHA256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
1152Onlan SO-100 Gaming Mouse.tmpC:\Users\admin\AppData\Local\Temp\is-AICOJ.tmp\InitSetup.dllexecutable
MD5:3BB4A9FD05F14CC833291F7332565843
SHA256:72F5CFE575253EAFF31E27CE8F70B4CAAA079D2C42A4130515EECF7F0967115D
1152Onlan SO-100 Gaming Mouse.tmpC:\Program Files\OnLan SO-100 PRO\skins\is-T0730.tmpimage
MD5:764250A3A48F9A0B8CD3A124463A5628
SHA256:E3D982CA585045D9407F6D7CDC0C454B42330B17A5198D3DD36722E74E608B7D
1152Onlan SO-100 Gaming Mouse.tmpC:\Program Files\OnLan SO-100 PRO\unins000.exeexecutable
MD5:96FB1D44AEC9A47D1044A3F350FBC363
SHA256:0678DAB71AFC73B1EF7B303011B9CDEF17CDE1B00CE59F19881DB4C412412AB3
1152Onlan SO-100 Gaming Mouse.tmpC:\Program Files\OnLan SO-100 PRO\is-QI48M.tmpexecutable
MD5:96FB1D44AEC9A47D1044A3F350FBC363
SHA256:0678DAB71AFC73B1EF7B303011B9CDEF17CDE1B00CE59F19881DB4C412412AB3
1152Onlan SO-100 Gaming Mouse.tmpC:\Program Files\OnLan SO-100 PRO\skins\is-GF7OC.tmpimage
MD5:784AA9F61FE065B25283D12D1483942E
SHA256:B07529B7EC8C61155523FC8D5155425004E1A30557A1E93FA750DBD163069684
1152Onlan SO-100 Gaming Mouse.tmpC:\Program Files\OnLan SO-100 PRO\skins\acow_nr.pngimage
MD5:764250A3A48F9A0B8CD3A124463A5628
SHA256:E3D982CA585045D9407F6D7CDC0C454B42330B17A5198D3DD36722E74E608B7D
1152Onlan SO-100 Gaming Mouse.tmpC:\Program Files\OnLan SO-100 PRO\skins\is-4MH5D.tmpimage
MD5:F88029AFE61E8724C21CC36B4F0C7F26
SHA256:E04ACDED41F34EC681B7C39B65D97E75E1147E6441C9FF0DED574DFAD3C4C041
1152Onlan SO-100 Gaming Mouse.tmpC:\Program Files\OnLan SO-100 PRO\skins\add_nr.pngimage
MD5:F88029AFE61E8724C21CC36B4F0C7F26
SHA256:E04ACDED41F34EC681B7C39B65D97E75E1147E6441C9FF0DED574DFAD3C4C041
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
Process
Message
Onlan SO-100 Gaming Mouse.tmp
InitSetup: Remove Folder OK.
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Onlan-SO-100-Gaming-Mouse.zip