File name: | Nightlight-Game-Launcher-NLLauncherV3.zip |
Full analysis: | https://app.any.run/tasks/676d3f37-d206-47d2-8ae0-4bc7096c32ff |
Verdict: | Malicious activity |
Analysis date: | June 20, 2024, 17:08:22 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v1.0 to extract, compression method=store |
MD5: | B49F77FAB8ACD52A8037895927BFCA47 |
SHA1: | 58FB309602395D3F2C78A1B1F93A7CDA960C97AD |
SHA256: | C7E6730AED6ACD7E28A4E9B9AD73E7E35E0AACE769543318E312E52A5A23C38F |
SSDEEP: | 98304:lbBVwg0+J0tMim8QKM/MsZhGpmv/5irkRODYHaozcf6gRdKluO/XkxfwH3GMmKSj:gwYCdrSAePS0oz/NmBoyi+ |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 10 |
---|---|
ZipBitFlag: | - |
ZipCompression: | None |
ZipModifyDate: | 2024:06:18 12:57:20 |
ZipCRC: | 0x00000000 |
ZipCompressedSize: | - |
ZipUncompressedSize: | - |
ZipFileName: | Nightlight-Game-Launcher-NLLauncherV3/ |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1828 | C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503} | C:\Windows\System32\dllhost.exe | — | svchost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: COM Surrogate Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
2708 | "C:\Windows\System32\control.exe" SYSTEM | C:\Windows\System32\control.exe | — | explorer.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Control Panel Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
3320 | "C:\Users\admin\Desktop\NLGL.exe" | C:\Users\admin\Desktop\NLGL.exe | explorer.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Description: Nightlight Launcher Exit code: 0 Version: 1.0.0.0 Modules
| |||||||||||||||
3700 | "C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\Nightlight-Game-Launcher-NLLauncherV3.zip | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | ||||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 Modules
|
(PID) Process: | (3700) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (3700) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (3700) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (3700) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 3 |
Value: C:\Users\admin\Desktop\phacker.zip | |||
(PID) Process: | (3700) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
(PID) Process: | (3700) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip | |||
(PID) Process: | (3700) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\Nightlight-Game-Launcher-NLLauncherV3.zip | |||
(PID) Process: | (3700) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (3700) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (3700) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3700 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3700.12803\Nightlight-Game-Launcher-NLLauncherV3\Modules\GTAV\launc.dll | executable | |
MD5:54DB45E017F53F9D94CB4B941098F4AB | SHA256:CA5C7F415B7810A984778823E8052D18FFC4C2AAD1BB1F512FC6F8604E418EF9 | |||
3700 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3700.12803\Nightlight-Game-Launcher-NLLauncherV3\img\logo.png | image | |
MD5:A838F73CED41210C0E4E65DB17B0A814 | SHA256:453D08F9F5ED698233A138D27F3B0FEDA38E28330104C5942D7C7FF35A314D73 | |||
3700 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3700.12803\Nightlight-Game-Launcher-NLLauncherV3\Modules\GTAV\PlayGTAV.exe | executable | |
MD5:7B43B28B900A6F424424B130355143B4 | SHA256:09AD7647EA9B4AFCA94B33EFC9341CACDB248773778620C38F76565E59F383AD | |||
3700 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3700.12803\Nightlight-Game-Launcher-NLLauncherV3\Launchers\RDR2Launcher.py | text | |
MD5:8D0190463D6E736C9B796772BA08CEF3 | SHA256:D53A607BEDC90F124A10CFE6A6E6FD0C7A766395E71B47EC8634A9494337595B | |||
3700 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3700.12803\Nightlight-Game-Launcher-NLLauncherV3\Modules\GTAV\bink2w64.dll | executable | |
MD5:518C9DA8D048F1DB89E835254E369EE0 | SHA256:65617DFC0C8B44C7B45D9F3B3E08698349B3ED96F4627675EB8DD78CC99AF3A7 | |||
3700 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3700.12803\Nightlight-Game-Launcher-NLLauncherV3\SCRS\NLLMAIN.PNG | image | |
MD5:5B59B655AAA820C2AED2F3FA0C4F58A1 | SHA256:9A6D4A0049831AB0CF389A8AD582E4EC5357BBE420B556950F3CDEBFFC0DBDA2 | |||
3700 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3700.12803\Nightlight-Game-Launcher-NLLauncherV3\Modules\RDR2\1911.dll | executable | |
MD5:C310ED09A0538B45E36C4DBBEF18FA40 | SHA256:8377CEC57369DF051CD4DE71B7ACC0C55148C261D9575FA3EC97461C2773D85D | |||
3700 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3700.12803\Nightlight-Game-Launcher-NLLauncherV3\Modules\GTAV\socialclub.dll | executable | |
MD5:0078A3357B01B569B7168DF06B951C38 | SHA256:2130A3195FC093D2EB138D7E9A795461936F6F358FC98A67DEA3AE5EFFD6A2D7 | |||
3700 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3700.12803\Nightlight-Game-Launcher-NLLauncherV3\README.md | text | |
MD5:96896822FC574988B17C8CBBA0306B9E | SHA256:AB6C7C6731513EA0ECA0FF6FB197237090BE466341BF45A585419C00F1BBBC23 | |||
3700 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3700.12803\Nightlight-Game-Launcher-NLLauncherV3\Modules\MCForWIN10\Launcher.exe | executable | |
MD5:0D99A45748E44931D02FB41E9109E75F | SHA256:AF297A03AA02C3F3F77AB8C61D9E89F952C7EE41E646D6A93A0E2F050EB7C81F |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1372 | svchost.exe | GET | 304 | 193.108.153.18:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33 | unknown | — | — | — |
1372 | svchost.exe | GET | 200 | 23.48.23.143:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | — |
1372 | svchost.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | — |
1060 | svchost.exe | GET | 304 | 217.20.58.99:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?a9f83325acc8ca75 | unknown | — | — | — |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | unknown |
1372 | svchost.exe | 4.231.128.59:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | IE | unknown |
4 | System | 192.168.100.255:138 | — | — | — | unknown |
1060 | svchost.exe | 224.0.0.252:5355 | — | — | — | unknown |
1372 | svchost.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | unknown |
1372 | svchost.exe | 193.108.153.18:80 | ctldl.windowsupdate.com | Akamai International B.V. | DE | unknown |
1372 | svchost.exe | 23.48.23.143:80 | crl.microsoft.com | Akamai International B.V. | DE | unknown |
1372 | svchost.exe | 184.30.21.171:80 | www.microsoft.com | AKAMAI-AS | DE | unknown |
1060 | svchost.exe | 217.20.58.99:80 | ctldl.windowsupdate.com | — | US | unknown |
3320 | NLGL.exe | 13.107.42.12:443 | koyxlw.am.files.1drv.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | unknown |
Domain | IP | Reputation |
---|---|---|
settings-win.data.microsoft.com |
| unknown |
ctldl.windowsupdate.com |
| unknown |
crl.microsoft.com |
| unknown |
www.microsoft.com |
| unknown |
koyxlw.am.files.1drv.com |
| unknown |
github.com |
| unknown |