analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

兵河五四3.6完美云库版加载佳佳2020新佳佳.7z

Full analysis: https://app.any.run/tasks/b5faac35-a070-474e-bb0d-1a314d92bb3b
Verdict: Malicious activity
Analysis date: July 13, 2020, 03:03:50
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

870263341683079D9543C89DE487BF9D

SHA1:

53FFB3E7E842F404635F8BF9C8E3C53449C54B4E

SHA256:

18712B1C13A01D416B0EC035B27C1B2CDB8976AEC7BD7E781BB1474758C90A53

SSDEEP:

393216:KOFB+Ewo+98IH6LQriV5LpVpCOVC9u1JA4Kgt:NH+i+FaYUL5COE9u1JSi

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 3588)
      • 兵河五四.exe (PID: 272)

    • Application was dropped or rewritten from another process

      • 兵河五四.exe (PID: 1236)
      • 兵河五四.exe (PID: 272)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2440)

    • Reads Internet Cache Settings

      • 兵河五四.exe (PID: 272)

  • INFO

    • Manual execution by user

      • 兵河五四.exe (PID: 1236)
      • 兵河五四.exe (PID: 272)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
4
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe searchprotocolhost.exe no specs 兵河五四.exe no specs 兵河五四.exe

Process information

PID
CMD
Path
Indicators
Parent process
2440"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\兵河五四3.6完美云库版加载佳佳2020新佳佳.7z"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
3588"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Version:
7.00.7600.16385 (win7_rtm.090713-1255)
1236"C:\Users\admin\Desktop\兵河五四.exe" C:\Users\admin\Desktop\兵河五四.exeexplorer.exe
User:
admin
Company:
CHINA
Integrity Level:
MEDIUM
Description:
Chinese Chess Gui
Exit code:
3221226540
Version:
3.6.0.0
272"C:\Users\admin\Desktop\兵河五四.exe" C:\Users\admin\Desktop\兵河五四.exe
explorer.exe
User:
admin
Company:
CHINA
Integrity Level:
HIGH
Description:
Chinese Chess Gui
Version:
3.6.0.0
Total events
814
Read events
779
Write events
0
Delete events
0

Modification events

No data
Executable files
5
Suspicious files
0
Text files
71
Unknown types
51

Dropped files

PID
Process
Filename
Type
2440WinRAR.exeC:\Users\admin\Desktop\Piece\large\mm.pngimage
MD5:43916530CFEDFEA33CCFACD034728C7F
SHA256:1D647DDFEDD097D1E5EA59FC8F755773BF6192D7344A4E9D9614270B7CACAD8A
2440WinRAR.exeC:\Users\admin\Desktop\account.dbsqlite
MD5:B041823AA89DF647C39443242537BE45
SHA256:DE14E8EDDA6C3B9676879794A475C1CBD1DB124F5A3805C43CA62B82C08FA41E
2440WinRAR.exeC:\Users\admin\Desktop\Piece\large\rk.pngimage
MD5:E068DF43FCEE08915A6D396672434BBB
SHA256:BEF663EFABB3620568F2702F1A739EE8FC6FB16658D2E461F678B89EFDED6B4E
2440WinRAR.exeC:\Users\admin\Desktop\Piece\large\bc.pngimage
MD5:6ACE9F9702A31D9AD69F02A3657331B3
SHA256:913A36E736CA9A66B4BEA1C63AD549363CD3D3C4041B2628E54DC0FA93527F51
2440WinRAR.exeC:\Users\admin\Desktop\Piece\large\rb.pngimage
MD5:EB8EF7FB97270460448F5A144EB80818
SHA256:6EABF303459658A8FAC06D6FF2E8D4FE945B8F723FA042199CD738286ADEDCB6
2440WinRAR.exeC:\Users\admin\Desktop\Piece\large\br.pngimage
MD5:58A39724C53BB2592FB30F5FAD507467
SHA256:40172EFA9BF65A8DD0400EA58E0F9C39B468008CFBD56B806C3717695460200E
2440WinRAR.exeC:\Users\admin\Desktop\connect.dbsqlite
MD5:965F09C1A6969790B329C49A2DFE11FB
SHA256:46E0380594A0BA671E7D4C30414F4CACCAFE40B1DDB840A1E31A4F7F7B8C896B
2440WinRAR.exeC:\Users\admin\Desktop\Piece\large\ba.pngimage
MD5:F252EC45AEE1650A2448FB50027B4AE6
SHA256:A8A3D096601F0B75269E4DAE3AC1322A59B94AF3317C75E268019F3AB898AB2B
2440WinRAR.exeC:\Users\admin\Desktop\Engines\009号引擎 全新架构\ggX64set2017.initext
MD5:376F784A25C85001D108F65DB6A97FC8
SHA256:6784BA56639599252DC32A717B7EF006C98AC1962792BF21C9C816D9666BC24B
2440WinRAR.exeC:\Users\admin\Desktop\Piece\large\bn.pngimage
MD5:D36F3103EDF29D074D1546BB576122AE
SHA256:393ECC9220840BC3ED68079C069BDCEBB45F649270294F628DD721B672A3C38C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
1
DNS requests
1
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
272
兵河五四.exe
GET
200
156.238.189.3:80
http://www.chessdb.cn/chessdb.php?action=queryall&board=rnbakabnr/9/1c5c1/p1p1p1p1p/9/9/P1P1P1P1P/1C5C1/9/RNBAKABNR%20w&ban=&learn=1&egtbmetric=dtm
US
text
2.37 Kb
unknown
272
兵河五四.exe
GET
200
156.238.189.3:80
http://www.chessdb.cn/chessdb.php?action=query&board=rnbakabnr/9/1c5c1/p1p1p1p1p/9/9/P1P1P1P1P/1C5C1/9/RNBAKABNR%20w&ban=&learn=1&egtbmetric=dtm
US
text
10 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
272
兵河五四.exe
156.238.189.3:80
www.chessdb.cn
MULTACOM CORPORATION
US
unknown

DNS requests

Domain
IP
Reputation
www.chessdb.cn
  • 156.238.189.3
  • 156.238.189.2
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
兵河五四3.6完美云库版加载佳佳2020新佳佳.7z