File name:

AULA_F75_RGB.zip

Full analysis: https://app.any.run/tasks/767b4a24-5ba1-42b1-9354-e11e26980d0a
Verdict: Malicious activity
Analysis date: June 01, 2024, 11:45:33
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

3642CA0B1FE79E6A37EAB0D8449515BD

SHA1:

ACFF6EC5B27013C46F7629FB41E509C36869CC4D

SHA256:

04A95519722CD2B79AF6C5D934EC536B34969A6F86BC0D6F1EE95E02C2D5E953

SSDEEP:

98304:tHj88nRL9X9j+2C2xNOiYVapDwlFUrYnLyKHa7T0t7jFiWh//ZkgNItbI68EElGq:IdbuUPD

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3976)
      • AULA F75 Setup v2.0 20230923(1).exe (PID: 2044)
      • AULA F75 Setup v2.0 20230923(1).tmp (PID: 116)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • AULA F75 Setup v2.0 20230923(1).exe (PID: 2044)
      • AULA F75 Setup v2.0 20230923(1).tmp (PID: 116)

    • Process drops legitimate windows executable

      • AULA F75 Setup v2.0 20230923(1).tmp (PID: 116)

    • Reads the Windows owner or organization settings

      • AULA F75 Setup v2.0 20230923(1).tmp (PID: 116)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3976)

    • Manual execution by a user

      • AULA F75 Setup v2.0 20230923(1).exe (PID: 4072)
      • AULA F75 Setup v2.0 20230923(1).exe (PID: 2044)

    • Checks supported languages

      • AULA F75 Setup v2.0 20230923(1).exe (PID: 2044)
      • AULA F75 Setup v2.0 20230923(1).tmp (PID: 116)
      • OemDrv.exe (PID: 1768)

    • Create files in a temporary directory

      • AULA F75 Setup v2.0 20230923(1).exe (PID: 2044)
      • AULA F75 Setup v2.0 20230923(1).tmp (PID: 116)

    • Reads the computer name

      • AULA F75 Setup v2.0 20230923(1).tmp (PID: 116)
      • OemDrv.exe (PID: 1768)

    • Creates files in the program directory

      • AULA F75 Setup v2.0 20230923(1).tmp (PID: 116)

    • Creates files or folders in the user directory

      • AULA F75 Setup v2.0 20230923(1).tmp (PID: 116)

    • Creates a software uninstall entry

      • AULA F75 Setup v2.0 20230923(1).tmp (PID: 116)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0800
ZipCompression: Deflated
ZipModifyDate: 2023:11:27 13:39:42
ZipCRC: 0x272c7756
ZipCompressedSize: 2964062
ZipUncompressedSize: 3138372
ZipFileName: AULA F75 Setup v2.0 20230923(1).exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
6
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe aula f75 setup v2.0 20230923(1).exe no specs aula f75 setup v2.0 20230923(1).exe aula f75 setup v2.0 20230923(1).tmp oemdrv.exe no specs devicedisplayobjectprovider.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
116"C:\Users\admin\AppData\Local\Temp\is-6VDPN.tmp\AULA F75 Setup v2.0 20230923(1).tmp" /SL5="$6015A,2712295,281088,C:\Users\admin\Desktop\AULA F75 Setup v2.0 20230923(1).exe" C:\Users\admin\AppData\Local\Temp\is-6VDPN.tmp\AULA F75 Setup v2.0 20230923(1).tmp
AULA F75 Setup v2.0 20230923(1).exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1048.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-6vdpn.tmp\aula f75 setup v2.0 20230923(1).tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
764C:\Windows\system32\DeviceDisplayObjectProvider.exe -EmbeddingC:\Windows\System32\DeviceDisplayObjectProvider.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Device Display Object Function Discovery Provider
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\devicedisplayobjectprovider.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1768"C:\Program Files\AULA\F75\OemDrv.exe"C:\Program Files\AULA\F75\OemDrv.exeAULA F75 Setup v2.0 20230923(1).tmp
User:
admin
Integrity Level:
HIGH
Version:
1, 0, 0, 0
Modules
Images
c:\program files\aula\f75\oemdrv.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\msimg32.dll
2044"C:\Users\admin\Desktop\AULA F75 Setup v2.0 20230923(1).exe" C:\Users\admin\Desktop\AULA F75 Setup v2.0 20230923(1).exe
explorer.exe
User:
admin
Company:
AULA
Integrity Level:
HIGH
Description:
Exit code:
0
Version:
Modules
Images
c:\users\admin\desktop\aula f75 setup v2.0 20230923(1).exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3976"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\AULA_F75_RGB.zipC:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
4072"C:\Users\admin\Desktop\AULA F75 Setup v2.0 20230923(1).exe" C:\Users\admin\Desktop\AULA F75 Setup v2.0 20230923(1).exeexplorer.exe
User:
admin
Company:
AULA
Integrity Level:
MEDIUM
Description:
Exit code:
3221226540
Version:
Modules
Images
c:\users\admin\desktop\aula f75 setup v2.0 20230923(1).exe
c:\windows\system32\ntdll.dll
Total events
6 738
Read events
6 711
Write events
27
Delete events
0

Modification events

(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3976) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\AULA_F75_RGB.zip
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
17
Suspicious files
6
Text files
295
Unknown types
0

Dropped files

PID
Process
Filename
Type
116AULA F75 Setup v2.0 20230923(1).tmpC:\Program Files\AULA\F75\skins\is-R9GCM.tmpimage
MD5:F2D89DA5DF2B6905E9AEA92A8FFA9BFB
SHA256:39ABBC4504208A3DDFD2242EF3E336F42B869C1B1D6AEB7E8E1CBB7936638470
116AULA F75 Setup v2.0 20230923(1).tmpC:\Program Files\AULA\F75\skins\audio_bar.pngimage
MD5:7F6993CD644D8EC5D6766613B4BBFB10
SHA256:7FC2904D8EBF6270D0927A2F087949E31F65EF5D34A2A1FDA9CB4B477E764301
116AULA F75 Setup v2.0 20230923(1).tmpC:\Program Files\AULA\F75\skins\is-BMHA2.tmpimage
MD5:7F6993CD644D8EC5D6766613B4BBFB10
SHA256:7FC2904D8EBF6270D0927A2F087949E31F65EF5D34A2A1FDA9CB4B477E764301
116AULA F75 Setup v2.0 20230923(1).tmpC:\Program Files\AULA\F75\skins\bar_ov.pngimage
MD5:F2D89DA5DF2B6905E9AEA92A8FFA9BFB
SHA256:39ABBC4504208A3DDFD2242EF3E336F42B869C1B1D6AEB7E8E1CBB7936638470
116AULA F75 Setup v2.0 20230923(1).tmpC:\Program Files\AULA\F75\skins\button_nr.pngimage
MD5:11A10943AE8859990E1B1CC4499FEEFF
SHA256:1B69AEE17E5B1E54530F8958F63FC36EFC5704AEDE580C8ED5369E3164D56F44
116AULA F75 Setup v2.0 20230923(1).tmpC:\Program Files\AULA\F75\skins\btn_tip.pngimage
MD5:F280C63A5839B0934ADFAD1DB3E294A7
SHA256:2BCF22070C224A20FD959BCA4D3D61281DAE24281183DD4C0168F840BBD57568
116AULA F75 Setup v2.0 20230923(1).tmpC:\Program Files\AULA\F75\skins\button01_dn.pngimage
MD5:1F0C2C13A82D737395EC081D9E25F1B6
SHA256:D7E2EA68865A2E64888DFFE3EF076249A5C5F82344E3DFA7312685A20BBE6DB1
116AULA F75 Setup v2.0 20230923(1).tmpC:\Program Files\AULA\F75\skins\is-Q8VJN.tmpimage
MD5:F5D717DE64D690E2323905B64CAAA756
SHA256:A4754B1697572981F62082510C243D2E48326874595066FBEFB4469D902572D4
116AULA F75 Setup v2.0 20230923(1).tmpC:\Program Files\AULA\F75\skins\button01_nr.pngimage
MD5:F5D717DE64D690E2323905B64CAAA756
SHA256:A4754B1697572981F62082510C243D2E48326874595066FBEFB4469D902572D4
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.16003\AULA F75 Setup v2.0 20230923(1).exeexecutable
MD5:D2FE9AA9AA2373A22FF48C2CBC49B4F9
SHA256:53C05F8669AA0BB2FD950650EA845E9410205F5D543FE192C6C3563FC46CC1CE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
unknown
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
Process
Message
AULA F75 Setup v2.0 20230923(1).tmp
InitSetup: Remove Folder OK.
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
AULA_F75_RGB.zip