File name:

Sea of Solitude CODEX.rar

Full analysis: https://app.any.run/tasks/09cd1f8c-6883-41b1-8938-831453f1d895
Verdict: Malicious activity
Analysis date: February 04, 2024, 00:01:03
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

064BFCC7DE729A8CCC0C642912934312

SHA1:

81EB13E66EB1C299392A65812794C2DA2CABAF3F

SHA256:

2566E8BBE63ACEB1FF4BD810E912734C3ABD51DFB680299953A981EC2EEC2D96

SSDEEP:

98304:y2ya3ahMw2W7zG1lKwmJ37wWW5Lrbm/tgYc3gClQjNXQFz25e3F1k0m+bGPmMrT/:dZs04cb44GBc3mObNSv02B

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 752)
      • setup.exe (PID: 3052)
      • setup.tmp (PID: 2824)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • setup.exe (PID: 3052)
      • setup.tmp (PID: 2824)

    • Reads the Windows owner or organization settings

      • setup.tmp (PID: 2824)

    • Process drops legitimate windows executable

      • setup.tmp (PID: 2824)

  • INFO

    • Manual execution by a user

      • setup.exe (PID: 2868)
      • setup.exe (PID: 3052)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 752)

    • Checks supported languages

      • setup.exe (PID: 3052)
      • setup.tmp (PID: 2824)

    • Create files in a temporary directory

      • setup.exe (PID: 3052)
      • setup.tmp (PID: 2824)

    • Reads the machine GUID from the registry

      • setup.tmp (PID: 2824)

    • Reads the computer name

      • setup.tmp (PID: 2824)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
48
Monitored processes
4
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe setup.exe no specs setup.exe setup.tmp

Process information

PID
CMD
Path
Indicators
Parent process
752"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\Sea of Solitude CODEX.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2824"C:\Users\admin\AppData\Local\Temp\is-0QL7B.tmp\setup.tmp" /SL5="$160150,3687301,168448,C:\Users\admin\Desktop\Sea of Solitude CODEX\setup.exe" C:\Users\admin\AppData\Local\Temp\is-0QL7B.tmp\setup.tmp
setup.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
3221225477
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-0ql7b.tmp\setup.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2868"C:\Users\admin\Desktop\Sea of Solitude CODEX\setup.exe" C:\Users\admin\Desktop\Sea of Solitude CODEX\setup.exeexplorer.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
Sea of Solitude Setup
Exit code:
3221226540
Version:
Modules
Images
c:\users\admin\desktop\sea of solitude codex\setup.exe
c:\windows\system32\ntdll.dll
3052"C:\Users\admin\Desktop\Sea of Solitude CODEX\setup.exe" C:\Users\admin\Desktop\Sea of Solitude CODEX\setup.exe
explorer.exe
User:
admin
Company:
Integrity Level:
HIGH
Description:
Sea of Solitude Setup
Exit code:
3221225477
Version:
Modules
Images
c:\users\admin\desktop\sea of solitude codex\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
Total events
4 723
Read events
4 684
Write events
38
Delete events
1

Modification events

(PID) Process:(752) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(752) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(752) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(752) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(752) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(752) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(752) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(752) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(752) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(752) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
Executable files
12
Suspicious files
0
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
752WinRAR.exeC:\Users\admin\Desktop\Sea of Solitude CODEX\CODEX\denuvo64.dllexecutable
MD5:072AF5FEA8B97D4BF45D3EE6517CA12E
SHA256:5204B14B5BBF37A32F5009C90B49D32BB6C8CC934CA7A93FA5BA22C1B845E48E
752WinRAR.exeC:\Users\admin\Desktop\Sea of Solitude CODEX\setup.exeexecutable
MD5:60E565B881D84BF4B4A3C62D77AC1AD6
SHA256:9F151B44151757FB38A342778473DFF54CBE42288F9A41665EB74584A8C66A0F
2824setup.tmpC:\Users\admin\AppData\Local\Temp\is-7T6CC.tmp\_isetup\_shfoldr.dllexecutable
MD5:92DC6EF532FBB4A5C3201469A5B5EB63
SHA256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
752WinRAR.exeC:\Users\admin\Desktop\Sea of Solitude CODEX\CODEX\SeaOfSolitude.exeexecutable
MD5:F4B2BC0E06531D28338AA0ED47FAEF28
SHA256:D5EEC7B5034058DC7D36DA31D5E1CB0A62322D93D37A82ECA21EAC8828140649
3052setup.exeC:\Users\admin\AppData\Local\Temp\is-0QL7B.tmp\setup.tmpexecutable
MD5:78CA3BA9A7390BCE0E7D5E2B0BB762D6
SHA256:1BC8EC2F907E8A21F483C205EF1C4751927B102E26EA132CC052801F7AAE30BC
752WinRAR.exeC:\Users\admin\Desktop\Sea of Solitude CODEX\CODEX\codex.cfgtext
MD5:325C9106C5532F61F750A99BCFCCA23D
SHA256:31C67F18B1049180782090FF117918812A00F2D85FB1F66AAD4339FA6C05142C
2824setup.tmpC:\Users\admin\AppData\Local\Temp\is-7T6CC.tmp\VclStylesInno.dllexecutable
MD5:64101D65027ABE80025028AF0CFDB6B3
SHA256:C2DEBFB2A38BC839365F000878FA4561DDEBF4955616FEEB812D5ADF3094B721
2824setup.tmpC:\Users\admin\AppData\Local\Temp\is-7T6CC.tmp\ISDone.dllexecutable
MD5:DCE6D68DA86F44BA0CB70FA7718E2E84
SHA256:B9BDC4A0309AA47613A7B5A680C55839AA7BA28E28F96E6B9316D4D5FE1DBE9D
2824setup.tmpC:\Users\admin\AppData\Local\Temp\is-7T6CC.tmp\BASS.dllexecutable
MD5:C0B11A7E60F69241DDCB278722AB962F
SHA256:A8D979460E970E84EACCE36B8A68AE5F6B9CC0FE16E05A6209B4EAD52B81B021
2824setup.tmpC:\Users\admin\AppData\Local\Temp\is-7T6CC.tmp\wintb.dllexecutable
MD5:39A339E9C9ECC529202508C9C89A9956
SHA256:88160915CD065E25BC0B9B89099663CCBCCA606A5707A28A5DF12E9C118D4F16
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Sea of Solitude CODEX.rar