File name:

CCTools 6.5.rar

Full analysis: https://app.any.run/tasks/112b8767-0714-45c6-80d4-cadc387e233a
Verdict: Malicious activity
Analysis date: March 18, 2024, 13:37:23
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

9CEA09AD96CE771614031D9FF6D4D6AF

SHA1:

B9F470E6009DD511755F4A969CDA3D49353E758F

SHA256:

00960E325EE606732993204C166826995AE92D97AB30EB425797669B8C492264

SSDEEP:

49152:TLaw37DELnR4MIrlM1TKpiT0lzPGjxzjp20A06rShaFjmE6pcSwgc8q+4mZpFcWT:qw33EL8rO1mp/FGRY0A07habvVS40cJ4

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3956)

  • SUSPICIOUS

    • Reads the Windows owner or organization settings

      • CCTools.exe (PID: 3508)

    • Creates file in the systems drive root

      • CCTools.exe (PID: 3508)

  • INFO

    • Reads the machine GUID from the registry

      • CCTools.exe (PID: 2896)
      • CCTools.exe (PID: 3508)

    • Manual execution by a user

      • CCTools.exe (PID: 2896)
      • CCTools.exe (PID: 3508)

    • Checks supported languages

      • CCTools.exe (PID: 2896)
      • CCTools.exe (PID: 3508)

    • Reads the computer name

      • CCTools.exe (PID: 2896)
      • CCTools.exe (PID: 3508)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3956)

    • Reads Environment values

      • CCTools.exe (PID: 2896)
      • CCTools.exe (PID: 3508)

    • Reads CPU info

      • CCTools.exe (PID: 3508)

    • Reads Windows Product ID

      • CCTools.exe (PID: 3508)

    • Creates files or folders in the user directory

      • CCTools.exe (PID: 3508)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
3
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe cctools.exe no specs cctools.exe

Process information

PID
CMD
Path
Indicators
Parent process
2896"C:\Users\admin\Desktop\CCTools 6.5\CCTools.exe" C:\Users\admin\Desktop\CCTools 6.5\CCTools.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
CCTools 6.5
Exit code:
0
Version:
6.5.0.0
Modules
Images
c:\users\admin\desktop\cctools 6.5\cctools.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3508"C:\Users\admin\Desktop\CCTools 6.5\CCTools.exe" C:\Users\admin\Desktop\CCTools 6.5\CCTools.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
CCTools 6.5
Exit code:
0
Version:
6.5.0.0
Modules
Images
c:\users\admin\desktop\cctools 6.5\cctools.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3956"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\CCTools 6.5.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
8 206
Read events
8 194
Write events
12
Delete events
0

Modification events

(PID) Process:(3956) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3956) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3956) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3956) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3956) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3956) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3956) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\CCTools 6.5.rar
(PID) Process:(3956) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3956) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3956) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
2
Suspicious files
2
Text files
6
Unknown types
1

Dropped files

PID
Process
Filename
Type
3956WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3956.4064\CCTools 6.5\BINs\Database.txt
MD5:
SHA256:
3956WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3956.4064\CCTools 6.5\Processors.txttext
MD5:526136E78777B264F694CA9065B85FEF
SHA256:9DDA7E9DC8EFFF8597148A9BFC13135461D2C03B44ED5AC7996D531F48251C08
3956WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3956.4064\CCTools 6.5\CCTools.exeexecutable
MD5:DD5A31B21F6A9552694D47EFAC36A948
SHA256:7F03E355B4D923516E92B54A233431209EE1157E8B04D7561372D71C2E522E70
3956WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3956.4064\CCTools 6.5\database.mdbmdb
MD5:434486BC63306200C7760A2D62159C80
SHA256:02298C192EB5399F6BF09517325240D3D14154479EC371DAA27333C04C2D6153
3956WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3956.4064\CCTools 6.5\Company.txttext
MD5:55682B2A9DE9893C94E03BE99B47C302
SHA256:F56CEF4C570EEC8AABB099875FE3037EB2139370200F6CC14B436873331052C6
3956WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3956.4064\CCTools 6.5\Translated\image.translated.jpgimage
MD5:4863F3ADDF046742495532A4DD3F2AD9
SHA256:10A5DF0902C4B2EC927A6DC690CB0433CF4EFD861AF91BB7656CD4F809FD7593
3956WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3956.4064\CCTools 6.5\Смена Mac-адреса.exeexecutable
MD5:4B176638D027942D98889CD95870A8E3
SHA256:1F5E18041FAF038E3B403143023CD92A97AC46FCE2F78EFF14D5F72455B8E9B0
3956WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3956.4064\CCTools 6.5\Hosts.txttext
MD5:6DDC9EA0CEC8E7BC6A9048F87FF42169
SHA256:0CB13CDD1189CD83E4D0B36BB46613EDEDC2C844A0E540082759056AE3411B55
3956WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3956.4064\CCTools 6.5\Config.datpi2
MD5:5ED1ADB64FCA86E42616F762464083CA
SHA256:985E4E083C083437FF593100C858087C361AF384682D8617728E08BF24B106A8
3508CCTools.exeC:\Users\admin\AppData\Local\CCTools\CCTools.exe_Url_fkiyaitb30zajcwkm4qhaigxlotnlhuy\6.5.0.0\user.configxml
MD5:43CB2FF78EB6DACDA1772726216DD543
SHA256:C0705276128CDB4F80FDDC31CB31D6741B076CC551E5094864DEA21300194591
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
CCTools 6.5.rar