analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Smart Pastebin Leecher v 0.1.rar

Full analysis: https://app.any.run/tasks/d0c98139-7875-4a20-a672-ce96db2107aa
Verdict: Malicious activity
Analysis date: April 14, 2019, 21:54:05
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

454352A79A2559C013BBDC29B6F44F83

SHA1:

156E623106CC9E6C00B13A8CB8836614DA6AB7F3

SHA256:

09B736C564526A7759B62CB54BC18303CDB0241EF52CB65F5C37C9169A694A7A

SSDEEP:

49152:o3LBonLbj7B+R2bTDuNBL56YaV6SOFoSL1Qq+DVnyRQDwLnf1z1wK60G:obB8LbjgQABL5/M6jFoSL1QqgVyG+fbM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Smart Pastebin Leecher v 0.1.exe (PID: 2292)
      • Smart Pastebin Leecher v 0.1.exe (PID: 2460)
    • Loads dropped or rewritten executable

      • Smart Pastebin Leecher v 0.1.exe (PID: 2292)
      • Smart Pastebin Leecher v 0.1.exe (PID: 2460)
  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Smart Pastebin Leecher v 0.1.exe (PID: 2292)
      • Smart Pastebin Leecher v 0.1.exe (PID: 2460)
      • WinRAR.exe (PID: 2432)
    • Reads internet explorer settings

      • Smart Pastebin Leecher v 0.1.exe (PID: 2460)
      • Smart Pastebin Leecher v 0.1.exe (PID: 2292)
  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe smart pastebin leecher v 0.1.exe smart pastebin leecher v 0.1.exe

Process information

PID
CMD
Path
Indicators
Parent process
2432"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Smart Pastebin Leecher v 0.1.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.60.0
2292"C:\Users\admin\AppData\Local\Temp\Smart Pastebin Leecher v 0.1\Smart Pastebin Leecher v 0.1\Smart Pastebin Leecher v 0.1.exe" C:\Users\admin\AppData\Local\Temp\Smart Pastebin Leecher v 0.1\Smart Pastebin Leecher v 0.1\Smart Pastebin Leecher v 0.1.exe
explorer.exe
User:
admin
Company:
Pasebin Leecher
Integrity Level:
MEDIUM
Description:
Pasebin Leecher
Version:
1.2.4.3
2460"C:\Users\admin\AppData\Local\Temp\Smart Pastebin Leecher v 0.1\Smart Pastebin Leecher v 0.1\Smart Pastebin Leecher v 0.1.exe" C:\Users\admin\AppData\Local\Temp\Smart Pastebin Leecher v 0.1\Smart Pastebin Leecher v 0.1\Smart Pastebin Leecher v 0.1.exe
explorer.exe
User:
admin
Company:
Pasebin Leecher
Integrity Level:
MEDIUM
Description:
Pasebin Leecher
Exit code:
0
Version:
1.2.4.3
Total events
465
Read events
455
Write events
10
Delete events
0

Modification events

(PID) Process:(2432) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2432) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2432) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2432) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Smart Pastebin Leecher v 0.1.rar
(PID) Process:(2432) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2432) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2432) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2432) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2432) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Smart Pastebin Leecher v 0.1
Executable files
5
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
2432WinRAR.exeC:\Users\admin\AppData\Local\Temp\Smart Pastebin Leecher v 0.1\Smart Pastebin Leecher v 0.1\README.txttext
MD5:20B5F478C227C8EAB2BAC9B930BD7C7A
SHA256:AEFF4F0680FE272C679D73F54819AD4F15F4AB20E1FD0067AB84C71DC4AA5EA4
2460Smart Pastebin Leecher v 0.1.exeC:\Users\admin\AppData\Local\SkinSoft\VisualStyler\2.5.0.0\x86\ssapihook.dllexecutable
MD5:9E7F44B8F1512476AA896E977C58830B
SHA256:8E6195B50BB0D22E4D346263F708F166DB726C84884FE78A6BB477CAED19E708
2432WinRAR.exeC:\Users\admin\AppData\Local\Temp\Smart Pastebin Leecher v 0.1\Smart Pastebin Leecher v 0.1\Smart Pastebin Leecher v 0.1.exeexecutable
MD5:0181D2E88BDFDF83296CC678722CCB3A
SHA256:7F9E41E8DA0DCC64EB0BC766357D8B55CDA649501ED7C08656B0F046F71C7270
2292Smart Pastebin Leecher v 0.1.exeC:\Users\admin\AppData\Local\SkinSoft\VisualStyler\2.5.0.0\x86\ssapihook.dllexecutable
MD5:9E7F44B8F1512476AA896E977C58830B
SHA256:8E6195B50BB0D22E4D346263F708F166DB726C84884FE78A6BB477CAED19E708
2432WinRAR.exeC:\Users\admin\AppData\Local\Temp\Smart Pastebin Leecher v 0.1\Smart Pastebin Leecher v 0.1\SkinSoft.VisualStyler.dllexecutable
MD5:69E6563E0E7EA843E9B37D58819F4136
SHA256:F9FA9F508B9350ED12ED3AA5B7F24AED901A6434B1B02D1F0EE301B8EEA54B06
2432WinRAR.exeC:\Users\admin\AppData\Local\Temp\Smart Pastebin Leecher v 0.1\Smart Pastebin Leecher v 0.1\xNet.dllexecutable
MD5:BF1F76644BDDD20339548EBACF7A48EB
SHA256:5D9C2B1822BCAA71DDEAA5426D4312D8E174766AE8864C7ADD29D7F44CEA87F2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info