File name:

Alice Greenfingers v1.06 [PopCap].zip

Full analysis: https://app.any.run/tasks/f488e0df-f8a8-4d98-9e77-bedbfee24367
Verdict: Malicious activity
Analysis date: December 30, 2021, 15:55:24
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

8A8B0ABB887C9CF4B254526C507A288F

SHA1:

CA7EDD649F61FB6E6A112B9FB1BDC2711C44DE21

SHA256:

293064A9F98D8ABB33ADF6CC6925D3846D03DC9517E895108012E75990587746

SSDEEP:

98304:XbS/o0i4ieQpY3g//SwC3Ag+H0GeofrTZpzokNliU:VdpM0qwSAgO/eofzkU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 3876)

    • Application was dropped or rewritten from another process

      • AliceGreenfingers.exe (PID: 664)
      • AliceGreenfingers.exe (PID: 3800)

  • SUSPICIOUS

    • Checks supported languages

      • WinRAR.exe (PID: 3596)
      • AliceGreenfingers.exe (PID: 664)
      • AliceGreenfingers.exe (PID: 3800)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3596)

    • Reads the computer name

      • WinRAR.exe (PID: 3596)
      • AliceGreenfingers.exe (PID: 664)
      • AliceGreenfingers.exe (PID: 3800)

    • Drops a file with too old compile date

      • WinRAR.exe (PID: 3596)

    • Reads mouse settings

      • AliceGreenfingers.exe (PID: 3800)
      • AliceGreenfingers.exe (PID: 664)

  • INFO

    • Manual execution by user

      • AliceGreenfingers.exe (PID: 664)
      • AliceGreenfingers.exe (PID: 3800)

    • Dropped object may contain Bitcoin addresses

      • WinRAR.exe (PID: 3596)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: Alice Greenfingers v1.06 [PopCap]/
ZipUncompressedSize: -
ZipCompressedSize: -
ZipCRC: 0x00000000
ZipModifyDate: 2021:12:30 23:54:22
ZipCompression: None
ZipBitFlag: -
ZipRequiredVersion: 20
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
4
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe searchprotocolhost.exe no specs alicegreenfingers.exe no specs alicegreenfingers.exe

Process information

PID
CMD
Path
Indicators
Parent process
664"C:\Users\admin\Desktop\Alice Greenfingers v1.06 [PopCap]\AliceGreenfingers.exe" C:\Users\admin\Desktop\Alice Greenfingers v1.06 [PopCap]\AliceGreenfingers.exeExplorer.EXE
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Version:
3, 3, 8, 1
Modules
Images
c:\users\admin\desktop\alice greenfingers v1.06 [popcap]\alicegreenfingers.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\user32.dll
3596"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Alice Greenfingers v1.06 [PopCap].zip"C:\Program Files\WinRAR\WinRAR.exe
Explorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3800"C:\Users\admin\Desktop\Alice Greenfingers v1.06 [PopCap]\AliceGreenfingers.exe" C:\Users\admin\Desktop\Alice Greenfingers v1.06 [PopCap]\AliceGreenfingers.exe
Explorer.EXE
User:
admin
Integrity Level:
HIGH
Exit code:
0
Version:
3, 3, 8, 1
Modules
Images
c:\users\admin\desktop\alice greenfingers v1.06 [popcap]\alicegreenfingers.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\gdi32.dll
3876"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\system32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Exit code:
0
Version:
7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211)
Modules
Images
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
Total events
1 811
Read events
1 795
Write events
16
Delete events
0

Modification events

(PID) Process:(3596) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3596) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3596) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3596) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(3596) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3596) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Alice Greenfingers v1.06 [PopCap].zip
(PID) Process:(3596) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3596) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3596) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3596) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
3
Suspicious files
21
Text files
7
Unknown types
71

Dropped files

PID
Process
Filename
Type
3596WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3596.38885\Alice Greenfingers v1.06 [PopCap]\AliceGreenfingers.exeexecutable
MD5:
SHA256:
3596WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3596.38885\Alice Greenfingers v1.06 [PopCap]\AliceGreenfingers.dllexecutable
MD5:
SHA256:
3596WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3596.38885\Alice Greenfingers v1.06 [PopCap]\Audio\AG-CashCount.oggogg
MD5:0789896EF02D23733A8F3A788F4F1A69
SHA256:7A7C5D6F356789DAE448FF134A63D0F0E1CA81535732C988918E05A2744084D0
3596WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3596.38885\Alice Greenfingers v1.06 [PopCap]\Audio\AG-CashLoopEnd.oggogg
MD5:94602B26C3E12B4D35B9A4379DC5714E
SHA256:19086471BD1641478E6C41EC8334B4405D6CFC153E0A0BE2E436E6E2117C6D72
3596WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3596.38885\Alice Greenfingers v1.06 [PopCap]\Audio\AG-Bird01.oggogg
MD5:86270E2B92BD1AE06BC416903D496195
SHA256:0EF782C5D654CD81258AD513F96344EE710FA51A5B0BCD8035D127FEBAD49926
3596WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3596.38885\Alice Greenfingers v1.06 [PopCap]\Audio\AG-Bird03.oggogg
MD5:4E27EC34ABFCFABC5B528EAA16F7F01D
SHA256:D22C68C732E21551EDE51DB181065846D784F739E46FB5321DD71017BECC4FF5
3596WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3596.38885\Alice Greenfingers v1.06 [PopCap]\Audio\AG-Dig02.oggogg
MD5:C8A17AEFB96068776D9C3E6926DCA3D9
SHA256:D37EEA34774835E9E5ED68ABD847768411564136ECA26A5A93DB1B83A612DD40
3596WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3596.38885\Alice Greenfingers v1.06 [PopCap]\Audio\AG-Click.oggogg
MD5:94AB38DC06ADC8D2BCAE45D616DA984D
SHA256:D9C34CFDE2245B106983643D266F3B5F2C8B0E5F5D9DC97013BDFD63DED5D344
3596WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3596.38885\Alice Greenfingers v1.06 [PopCap]\Audio\AG-CashLoop.oggogg
MD5:62ECEE18BF502E728ACF1EAF871F6A23
SHA256:143413A6B3B5758997494FE50974246653ED72F9ED16813CCFF39CD04B553ABA
3596WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3596.38885\Alice Greenfingers v1.06 [PopCap]\Audio\AG-Chicken01.oggogg
MD5:B728F5B2C3C7F3DD1F52D25B2ED4EDBB
SHA256:96BC3DECD380696F8254114FEAFFF91D22DE2E072AD33F19D93FA4749456C31E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Alice Greenfingers v1.06 [PopCap].zip