File name: | Soar.Launcher.V1.zip |
Full analysis: | https://app.any.run/tasks/8467086d-3690-4214-8619-143d5d4761ec |
Verdict: | Malicious activity |
Analysis date: | May 21, 2022, 00:22:29 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 60280521BBFD36C93A325BD978D87735 |
SHA1: | 3FF95EFF4D43D94B9FB6789AA28AEAB819E0DBF2 |
SHA256: | A29B78612233387EA983280821FDBC76F8D72F4DE76E9CDAD3B70F66B3587E12 |
SSDEEP: | 24576:U0bMgNTm9OF/mS6uJY9FvlUsj8uhz23zO18xw5TZU7nkn0j:U0lREuJuFvlUsoO6zOOw5y7nk0j |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | CmlLib.Core.Auth.Microsoft.dll |
---|---|
ZipUncompressedSize: | 11776 |
ZipCompressedSize: | 5080 |
ZipCRC: | 0xc8311ec5 |
ZipModifyDate: | 2022:05:15 12:15:05 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2764 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\Soar.Launcher.V1.zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | ||||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 Modules
| |||||||||||||||
3448 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\system32\SearchProtocolHost.exe | — | SearchIndexer.exe | |||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211) Modules
| |||||||||||||||
684 | "C:\Users\admin\Desktop\SoarLauncher.exe" | C:\Users\admin\Desktop\SoarLauncher.exe | — | Explorer.EXE | |||||||||||
User: admin Integrity Level: MEDIUM Description: SoarLauncher Exit code: 2148734720 Version: 1.0.0.0 Modules
| |||||||||||||||
1116 | "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.6.2&processName=SoarLauncher.exe&platform=0000&osver=5&isServer=0&shimver=4.0.30319.34209 | C:\Program Files\Internet Explorer\iexplore.exe | SoarLauncher.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1380 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1116 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
888 | "C:\Users\admin\Desktop\SoarLauncher.exe" | C:\Users\admin\Desktop\SoarLauncher.exe | — | Explorer.EXE | |||||||||||
User: admin Integrity Level: MEDIUM Description: SoarLauncher Exit code: 2148734720 Version: 1.0.0.0 Modules
| |||||||||||||||
3428 | "C:\Users\admin\Desktop\SoarLauncher.exe" | C:\Users\admin\Desktop\SoarLauncher.exe | — | Explorer.EXE | |||||||||||
User: admin Integrity Level: MEDIUM Description: SoarLauncher Exit code: 2148734720 Version: 1.0.0.0 Modules
| |||||||||||||||
1884 | "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.6.2&processName=SoarLauncher.exe&platform=0000&osver=5&isServer=0&shimver=4.0.30319.34209 | C:\Program Files\Internet Explorer\iexplore.exe | SoarLauncher.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2288 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1884 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1144 | "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\ndp48-web.exe" | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\ndp48-web.exe | — | iexplore.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft .NET Framework 4.8 Setup Exit code: 3221226540 Version: 4.8.04115.00 Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2764 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2764.21653\CmlLib.Core.Auth.Microsoft.pdb | binary | |
MD5:9594C9B01A378565F207F9BEA743A8F2 | SHA256:3D0E939BCDF429FAA5B757B66FC3D5D8A37434FCB9768A69D01C0B7C7E9B712B | |||
2764 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2764.21653\SevenZip.dll | executable | |
MD5:3C933A17D4C6A8D46819FABB2930C5AA | SHA256:2E6726224DC56B42F457DE1BEEBFCC9061433A86E127EC608A247F2710608E26 | |||
2764 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2764.21653\CmlLib.Core.Auth.Microsoft.dll | executable | |
MD5:BD0FC2EE9052E5FF48A3D379AFE2A1A9 | SHA256:CD83FC97EA150926C44F4CC8763CF32A14377ADD0F1E95EA6456A1DC3A658FBD | |||
2764 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2764.21653\Microsoft.Web.WebView2.WinForms.dll | executable | |
MD5:BB0C41C9FD5327D00FF3A896180E7554 | SHA256:1858D4DBF4AF0BE62117A9387EA91C37342B1896509F8F9704758710FCB391E9 | |||
2764 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2764.21653\SevenZip.xml | xml | |
MD5:140DD7C9541B2EFCA5506B069FA31481 | SHA256:85B35574B9960FDAA5F2E36F09C0962876DF13BC697F385ED6BC6D942E912CCE | |||
2764 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2764.21653\CmlLib.Core.Auth.Microsoft.UI.WinForm.dll | executable | |
MD5:B92762D7FFB0A06C83CCD71009E81F25 | SHA256:537C2ADCEC0B3B782E7B830EC47345678879BC0744FFAD14F06240D32F5502E4 | |||
2764 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2764.21653\ICSharpCode.SharpZipLib.xml | xml | |
MD5:5C154669300FED0DE91C91B4CC1D8D0A | SHA256:ED45BCBC288668CF5C992A609E81B416832B5CDC972080137C6DD95E4FF368E0 | |||
2764 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2764.21653\ICSharpCode.SharpZipLib.dll | executable | |
MD5:D59EF46A5F01DDFE7EB691E6C725A247 | SHA256:C287E9B07A8251828F35914364C89A37DB606B0C1D64457F9EB8FA2258F0DEE3 | |||
2764 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2764.21653\Newtonsoft.Json.dll | executable | |
MD5:081D9558BBB7ADCE142DA153B2D5577A | SHA256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3 | |||
2764 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2764.21653\CmlLib.Core.Auth.Microsoft.dll.config | xml | |
MD5:B6C8B39062178DEA6A21B466F36B340D | SHA256:5D818AFC8AE194380B60787BBD244F8F939489CD26BF26B4713D249BBC03E4DF |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
880 | svchost.exe | HEAD | 302 | 104.90.179.99:80 | http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net48Rel1&plcid=0x409&clcid=0x409&ar=03761.00&sar=x86&o1=netfx_Full.mzz | NL | — | — | whitelisted |
880 | svchost.exe | GET | 302 | 104.90.179.99:80 | http://go.microsoft.com/fwlink/?prd=11324&pver=netfx&sbp=Net48Rel1&plcid=0x409&clcid=0x409&ar=03761.00&sar=x86&o1=netfx_Full.mzz | NL | — | — | whitelisted |
1380 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
1380 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEALnkXH7gCHpP%2BLZg4NMUMA%3D | US | der | 471 b | whitelisted |
1380 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D | US | der | 471 b | whitelisted |
1380 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D | US | der | 471 b | whitelisted |
1380 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D | US | der | 471 b | whitelisted |
1380 | iexplore.exe | GET | 200 | 204.79.197.203:80 | http://oneocsp.microsoft.com/ocsp/MFQwUjBQME4wTDAJBgUrDgMCGgUABBQN1VoiX40jVOMldh7uDThi9DqeewQU1cFnOsKjnfR3UltZEjgp5lVou6UCEzMAHEqTV2OkE3jHH8YAAAAcSpM%3D | US | der | 1.74 Kb | whitelisted |
1380 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
1380 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1380 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1380 | iexplore.exe | 204.79.197.203:80 | oneocsp.microsoft.com | Microsoft Corporation | US | whitelisted |
1380 | iexplore.exe | 104.90.179.99:443 | go.microsoft.com | Akamai Technologies, Inc. | NL | malicious |
1380 | iexplore.exe | 152.199.19.161:443 | az416426.vo.msecnd.net | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1380 | iexplore.exe | 92.123.195.75:443 | statics-marketingsites-wcus-ms-com.akamaized.net | Akamai International B.V. | — | unknown |
1380 | iexplore.exe | 13.107.246.45:443 | dotnet.microsoft.com | Microsoft Corporation | US | suspicious |
1380 | iexplore.exe | 184.30.21.171:443 | www.microsoft.com | GTT Communications Inc. | US | suspicious |
1380 | iexplore.exe | 95.140.236.0:80 | ctldl.windowsupdate.com | Limelight Networks, Inc. | GB | whitelisted |
1380 | iexplore.exe | 92.123.195.73:443 | img-prod-cms-rt-microsoft-com.akamaized.net | Akamai International B.V. | — | whitelisted |
1116 | iexplore.exe | 13.107.21.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
go.microsoft.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
dotnet.microsoft.com |
| whitelisted |
oneocsp.microsoft.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
statics-marketingsites-wcus-ms-com.akamaized.net |
| whitelisted |
az416426.vo.msecnd.net |
| whitelisted |