File name:

Cospuri 503 Shinanoazur Lane Cospuri 503 Shinanoazur Lane c528.zip

Full analysis: https://app.any.run/tasks/3a5e5884-9dcf-4b7e-8ed9-0c683a0b39af
Verdict: Malicious activity
Analysis date: June 16, 2024, 11:57:57
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
autoit
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=store
MD5:

D73BFE55D427745F4561E914AD658CD8

SHA1:

68FA8F0E5F5643BE59FEDEFE27D41BB301C2C103

SHA256:

04E9ADDC341CF9D8C14B9E092353F208FA70975FCA32BAFD86A95BB430EFF4F7

SSDEEP:

98304:lDiMaMVTfOYdbJ50GcqlbwaqfWhxgW5uUNZ0y3U96x/vOpcO5K4+OXdghIbvCer/:TK3QCGWmM3EUA1u34KbsAZIr4BpTjtJH

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3976)

  • SUSPICIOUS

    • Starts CMD.EXE for commands execution

      • 0.scr (PID: 372)

    • Reads the Internet Settings

      • info.exe (PID: 1024)

    • Potential Corporate Privacy Violation

      • info.exe (PID: 1024)

    • Reads security settings of Internet Explorer

      • info.exe (PID: 1024)

  • INFO

    • Checks supported languages

      • info.exe (PID: 1024)
      • 0.scr (PID: 372)
      • wmpnscfg.exe (PID: 1664)

    • Reads the computer name

      • info.exe (PID: 1024)
      • wmpnscfg.exe (PID: 1664)

    • Checks proxy server information

      • info.exe (PID: 1024)

    • Reads mouse settings

      • info.exe (PID: 1024)
      • 0.scr (PID: 372)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3976)

    • Reads the machine GUID from the registry

      • info.exe (PID: 1024)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 1664)
      • 0.scr (PID: 372)
      • info.exe (PID: 1024)

    • Creates files or folders in the user directory

      • info.exe (PID: 1024)

    • Create files in a temporary directory

      • info.exe (PID: 1024)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2024:05:18 12:28:06
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: Cospuri 503 Shinanoazur Lane Cospuri 503 Shinanoazur Lane c528/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
6
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe info.exe 0.scr no specs cmd.exe no specs PhotoViewer.dll no specs wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
372"C:\Users\admin\Desktop\Cospuri 503 Shinanoazur Lane Cospuri 503 Shinanoazur Lane c528\0.scr" /SC:\Users\admin\Desktop\Cospuri 503 Shinanoazur Lane Cospuri 503 Shinanoazur Lane c528\0.screxplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\cospuri 503 shinanoazur lane cospuri 503 shinanoazur lane c528\0.scr
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
1024"C:\Users\admin\Desktop\Cospuri 503 Shinanoazur Lane Cospuri 503 Shinanoazur Lane c528\info.exe" C:\Users\admin\Desktop\Cospuri 503 Shinanoazur Lane Cospuri 503 Shinanoazur Lane c528\info.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Modules
Images
c:\users\admin\desktop\cospuri 503 shinanoazur lane cospuri 503 shinanoazur lane c528\info.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
1184C:\Windows\system32\cmd.exe /c 1.jpgC:\Windows\System32\cmd.exe0.scr
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1664"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2312C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}C:\Windows\System32\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
COM Surrogate
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3976"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Cospuri 503 Shinanoazur Lane Cospuri 503 Shinanoazur Lane c528.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
4 893
Read events
4 852
Write events
35
Delete events
6

Modification events

(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3976) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Cospuri 503 Shinanoazur Lane Cospuri 503 Shinanoazur Lane c528.zip
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
3
Suspicious files
0
Text files
35
Unknown types
0

Dropped files

PID
Process
Filename
Type
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.40415\Cospuri 503 Shinanoazur Lane Cospuri 503 Shinanoazur Lane c528\10__c5288becb84a7dd0.jpgimage
MD5:058D26FAE3F4CAFED2489BFECB76AABB
SHA256:C755E5931AB09CBB8D6D3DCD36B6E8EBA945D21130F507710AFBD5A1750762FE
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.40415\Cospuri 503 Shinanoazur Lane Cospuri 503 Shinanoazur Lane c528\11__c5288becb84a7dd0.jpgimage
MD5:05E18D9D5C0BCFC9F179F15FBED43B91
SHA256:138C60D46931887C0E11F9106A9574D44131AE61AD370065E78F3E37A1C40690
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.40415\Cospuri 503 Shinanoazur Lane Cospuri 503 Shinanoazur Lane c528\0.screxecutable
MD5:6CBBF6FD42173A836D36E97B0439E8F9
SHA256:28FD6817E73D063F2AEB8990DDEC202B45457B18A7FA92963399FB388DB51D6A
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.40415\Cospuri 503 Shinanoazur Lane Cospuri 503 Shinanoazur Lane c528\22__c5288becb84a7dd0.jpgimage
MD5:3D5B3CBB6AE4415AB0E5F4450B847BF2
SHA256:A64F65B1EF623B86D58316555657A46A88D712BF55DCE7ACEE22D6E3CA479F92
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.40415\Cospuri 503 Shinanoazur Lane Cospuri 503 Shinanoazur Lane c528\1__c5288becb84a7dd0.jpgimage
MD5:EB8B56C9B5AB2FF8B2804654F33A31DC
SHA256:38B765FD1C3F1C1435E2CA44815E469CF32C7DB8C8B0B6BEBEA2386B9725CA76
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.40415\Cospuri 503 Shinanoazur Lane Cospuri 503 Shinanoazur Lane c528\26__c5288becb84a7dd0.jpgimage
MD5:2977297BA7DDBEAF36EE3C09FB49BE50
SHA256:FCB404FA421A99019D4A26ED2A9E238A41E47F0BCD495942E7CC1BA1FDD77BDF
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.40415\Cospuri 503 Shinanoazur Lane Cospuri 503 Shinanoazur Lane c528\23__c5288becb84a7dd0.jpgimage
MD5:953957B39E2FFFBBEE897E292EECFF0A
SHA256:60F077662FD344AADF011EE60848BDF2909E1F890908AA8AD2E630A9D1F6E599
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.40415\Cospuri 503 Shinanoazur Lane Cospuri 503 Shinanoazur Lane c528\24__c5288becb84a7dd0.jpgimage
MD5:E9B3F8355DB00009697EC1644D8C4770
SHA256:BFE7A2A1D70DCF02B69603B68E3530B4E02FB1ABD9726F339969056C12F2031B
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.40415\Cospuri 503 Shinanoazur Lane Cospuri 503 Shinanoazur Lane c528\21__c5288becb84a7dd0.jpgimage
MD5:35776443D2FC9EBF7411407FE4642D56
SHA256:81B16CE1EFA7D34D27BF7A17CB1EF05A813E2E660683928D98768DDEF553E491
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.40415\Cospuri 503 Shinanoazur Lane Cospuri 503 Shinanoazur Lane c528\25__c5288becb84a7dd0.jpgimage
MD5:FAE018ACB762EDCE92F2CC20ED7E5B7B
SHA256:C6689F742FE995C6401454D7F21028ADFF7ACD9C59C2DE98638F6A6DA7A64D19
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
5
DNS requests
1
Threats
2

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1024
info.exe
GET
77.81.120.23:80
http://forum.helenheaven.xyz/c.7z
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
1088
svchost.exe
224.0.0.252:5355
unknown
1024
info.exe
77.81.120.23:80
forum.helenheaven.xyz
KnownSRV Ltd.
NL
unknown

DNS requests

Domain
IP
Reputation
forum.helenheaven.xyz
  • 77.81.120.23
unknown

Threats

PID
Process
Class
Message
1024
info.exe
Potential Corporate Privacy Violation
ET POLICY Autoit Windows Automation tool User-Agent in HTTP Request - Possibly Hostile
1 ETPRO signatures available at the full report
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Cospuri 503 Shinanoazur Lane Cospuri 503 Shinanoazur Lane c528.zip