analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

WinddowsUpdater.exe.7z

Full analysis: https://app.any.run/tasks/f5f6cf01-4d67-4e74-ac8b-630cf14f636c
Verdict: Malicious activity
Analysis date: May 20, 2022, 16:01:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

6D99CA5829FCDB9AFAA8C2B2C5D1B981

SHA1:

F3FD3636881FA5A438FDEFB8EDB1740673249D64

SHA256:

2D5023A41DB31445E77A44A43E7164A1C278E075817ABA3B4BBE19D8D8D18009

SSDEEP:

12288:QxpaYBTM5CoyD4pk7kJFUA68wFETXprVLk/BXMITQcT+b7Xays8:m2xy0pkoJFVtwgVeBXvQcKb7Xays

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Drops executable file immediately after starts

      • WinRAR.exe (PID: 2912)
    • Application was dropped or rewritten from another process

      • WinddowsUpdater.exe (PID: 2592)
      • WinddowsUpdater.exe (PID: 2696)
  • SUSPICIOUS

    • Reads the computer name

      • WinRAR.exe (PID: 2912)
      • WinddowsUpdater.exe (PID: 2592)
      • WinddowsUpdater.exe (PID: 2696)
    • Checks supported languages

      • WinRAR.exe (PID: 2912)
      • WinddowsUpdater.exe (PID: 2592)
      • WinddowsUpdater.exe (PID: 2696)
    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2912)
    • Drops a file with a compile date too recent

      • WinRAR.exe (PID: 2912)
    • Reads mouse settings

      • WinddowsUpdater.exe (PID: 2592)
      • WinddowsUpdater.exe (PID: 2696)
  • INFO

    • Manual execution by user

      • WinddowsUpdater.exe (PID: 2592)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
3
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start start winrar.exe winddowsupdater.exe no specs winddowsupdater.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2912"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\WinddowsUpdater.exe.7z"C:\Program Files\WinRAR\WinRAR.exe
Explorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
2592"C:\Users\admin\Desktop\WinddowsUpdater.exe" C:\Users\admin\Desktop\WinddowsUpdater.exeExplorer.EXE
User:
admin
Company:
AutoIt Team
Integrity Level:
MEDIUM
Description:
AutoIt v3 Script
Exit code:
1
Version:
3, 3, 14, 2
2696"C:\Users\admin\AppData\Local\Temp\Rar$EXb2912.22509\WinddowsUpdater.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXb2912.22509\WinddowsUpdater.exeWinRAR.exe
User:
admin
Company:
AutoIt Team
Integrity Level:
MEDIUM
Description:
AutoIt v3 Script
Exit code:
1
Version:
3, 3, 14, 2
Total events
4 125
Read events
4 010
Write events
0
Delete events
0

Modification events

No data
Executable files
2
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
2912WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb2912.22509\WinddowsUpdater.exeexecutable
MD5:B06E67F9767E5023892D9698703AD098
SHA256:8498900E57A490404E7EC4D8159BEE29AED5852AE88BD484141780EAADB727BB
2912WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2912.12957\WinddowsUpdater.exeexecutable
MD5:B06E67F9767E5023892D9698703AD098
SHA256:8498900E57A490404E7EC4D8159BEE29AED5852AE88BD484141780EAADB727BB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info