File name:

Sentry MBA 1.5.0 (Latest Version).rar

Full analysis: https://app.any.run/tasks/167a2de5-b6d8-46ad-8b4c-24529170477c
Verdict: Malicious activity
Analysis date: December 27, 2019, 14:29:33
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
evasion
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

6542F14ECC113A3AD51308B3FD67E2F4

SHA1:

ED396909B0F20220B84C65EC384B4A24CA2D29DE

SHA256:

122CEEFBBC77B8AB3772DE3FA49EBAC4252A70E2862BB0FF6901E1E952C00499

SSDEEP:

196608:NB94LK8B9pDU9ilRhST9aoB1gewwc3FK9+nNogZRXID3KUYZnkYDz7OCH36ZfYs2:N34d9OgU9sewPO+nPB26JJdbdeBw

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Sentry_MBA.exe (PID: 516)

  • SUSPICIOUS

    • Checks for external IP

      • Sentry_MBA.exe (PID: 516)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3132)

  • INFO

    • Dropped object may contain Bitcoin addresses

      • WinRAR.exe (PID: 3132)

    • Manual execution by user

      • Sentry_MBA.exe (PID: 516)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

CompressedSize: 73
UncompressedSize: -
OperatingSystem: Win32
ModifyDate: 2016:06:15 04:29:09
PackingMethod: Stored
ArchivedFileName: Sentry MBA 1.5.0 (Latest Version)\Blacklist.ini
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe sentry_mba.exe

Process information

PID
CMD
Path
Indicators
Parent process
516"C:\Users\admin\Desktop\Sentry MBA 1.5.0 (Latest Version)\Sentry_MBA.exe" C:\Users\admin\Desktop\Sentry MBA 1.5.0 (Latest Version)\Sentry_MBA.exe
explorer.exe
User:
admin
Company:
www.crackingcore.com
Integrity Level:
MEDIUM
Description:
Sentry MBA
Exit code:
0
Version:
1.5.0
Modules
Images
c:\users\admin\desktop\sentry mba 1.5.0 (latest version)\sentry_mba.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3132"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Sentry MBA 1.5.0 (Latest Version).rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
439
Read events
420
Write events
19
Delete events
0

Modification events

(PID) Process:(3132) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3132) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3132) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3132) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Sentry MBA 1.5.0 (Latest Version).rar
(PID) Process:(3132) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3132) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3132) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3132) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3132) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
(PID) Process:(3132) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\General
Operation:writeName:LastFolder
Value:
C:\Users\admin\AppData\Local\Temp
Executable files
7
Suspicious files
5
Text files
548
Unknown types
1

Dropped files

PID
Process
Filename
Type
3132WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3132.417\Sentry MBA 1.5.0 (Latest Version)\cp10.jpgimage
MD5:
SHA256:
3132WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3132.417\Sentry MBA 1.5.0 (Latest Version)\cp1.jpgimage
MD5:
SHA256:
3132WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3132.417\Sentry MBA 1.5.0 (Latest Version)\cnTraining.exeexecutable
MD5:
SHA256:
3132WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3132.417\Sentry MBA 1.5.0 (Latest Version)\config.xmltext
MD5:
SHA256:
3132WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3132.417\Sentry MBA 1.5.0 (Latest Version)\cp11.jpgimage
MD5:
SHA256:
3132WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3132.417\Sentry MBA 1.5.0 (Latest Version)\cp2.jpgimage
MD5:
SHA256:
3132WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3132.417\Sentry MBA 1.5.0 (Latest Version)\cp25.jpgimage
MD5:
SHA256:
3132WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3132.417\Sentry MBA 1.5.0 (Latest Version)\cp18.jpgimage
MD5:
SHA256:
3132WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3132.417\Sentry MBA 1.5.0 (Latest Version)\cp14.jpgimage
MD5:
SHA256:
3132WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3132.417\Sentry MBA 1.5.0 (Latest Version)\cp19.jpgimage
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
1
DNS requests
1
Threats
4

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
516
Sentry_MBA.exe
GET
200
131.186.161.70:80
http://checkip.dyndns.org/
US
html
106 b
shared
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
516
Sentry_MBA.exe
131.186.161.70:80
checkip.dyndns.org
US
malicious

DNS requests

Domain
IP
Reputation
checkip.dyndns.org
  • 131.186.161.70
  • 162.88.193.70
  • 216.146.43.70
  • 216.146.43.71
  • 131.186.113.70
shared

Threats

PID
Process
Class
Message
1080
svchost.exe
Misc activity
ET INFO DYNAMIC_DNS Query to *.dyndns. Domain
1080
svchost.exe
Misc activity
AV INFO Query to checkip.dyndns. Domain
516
Sentry_MBA.exe
Potential Corporate Privacy Violation
ET POLICY External IP Lookup - checkip.dyndns.org
516
Sentry_MBA.exe
Potentially Bad Traffic
ET POLICY DynDNS CheckIp External IP Address Server Response
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Sentry MBA 1.5.0 (Latest Version).rar