File name:

Browny02.rar

Full analysis: https://app.any.run/tasks/4f32c02b-fbb3-42f4-9f38-d4555ff8143b
Verdict: Malicious activity
Analysis date: April 03, 2020, 07:00:12
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

C0F9822A8C59F486F5419E8C7C36F188

SHA1:

F95A1EE8B9CAE84E5FCBBE8BD1072B690DA6B403

SHA256:

33994C49C4F07C1C436BF156A45A00E238F69DA3826136B3DD4BD5A81187BF17

SSDEEP:

98304:Ewz3i8VoQ3OBObQ2v5osKFBtg5i2TbxThCRbH15+Ic5YtD+XN:Ewz3ihQ2OlvjOBtg5iORs5H15UX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • BrYNSvc.exe (PID: 3296)
      • BrYNSvc.exe (PID: 3152)
      • BrYNSvc.exe (PID: 2672)

    • Actions looks like stealing of personal data

      • DllHost.exe (PID: 1444)

  • SUSPICIOUS

    • Executed via COM

      • DllHost.exe (PID: 1444)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3732)

  • INFO

    • Manual execution by user

      • BrYNSvc.exe (PID: 3152)
      • BrYNSvc.exe (PID: 3296)
      • BrYNSvc.exe (PID: 2672)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

CompressedSize: 741
UncompressedSize: 4096
OperatingSystem: Win32
ModifyDate: 2020:02:14 12:44:27
PackingMethod: Good Compression
ArchivedFileName: Browny02\$I30
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
45
Monitored processes
5
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe Copy/Move/Rename/Delete/Link Object brynsvc.exe no specs brynsvc.exe no specs brynsvc.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1444C:\Windows\system32\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}C:\Windows\system32\DllHost.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
COM Surrogate
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\dllhost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2672"C:\Program Files\Browny02\BrYNSvc.exe" C:\Program Files\Browny02\BrYNSvc.exeexplorer.exe
User:
admin
Company:
Brother Industries, Ltd.
Integrity Level:
MEDIUM
Description:
BrYNCSvc
Exit code:
2
Version:
1.5.1.0
Modules
Images
c:\program files\browny02\brynsvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winspool.drv
3152"C:\Program Files\Browny02\BrYNSvc.exe" C:\Program Files\Browny02\BrYNSvc.exeexplorer.exe
User:
admin
Company:
Brother Industries, Ltd.
Integrity Level:
MEDIUM
Description:
BrYNCSvc
Exit code:
2
Version:
1.5.1.0
Modules
Images
c:\program files\browny02\brynsvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winspool.drv
3296"C:\Program Files\Browny02\BrYNSvc.exe" C:\Program Files\Browny02\BrYNSvc.exeexplorer.exe
User:
admin
Company:
Brother Industries, Ltd.
Integrity Level:
MEDIUM
Description:
BrYNCSvc
Exit code:
2
Version:
1.5.1.0
Modules
Images
c:\program files\browny02\brynsvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winspool.drv
3732"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Browny02.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
730
Read events
722
Write events
8
Delete events
0

Modification events

(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3732) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Browny02.rar
(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
86
Suspicious files
2
Text files
12
Unknown types
34

Dropped files

PID
Process
Filename
Type
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\AdditionalMessage_M12AP.initext
MD5:3D8AAA62932453CE20C338F6F97FCD53
SHA256:2AB2136B7F812D61B84EC47C4AD1AFC276B375E11D1D298EB00076CB594405AD
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\BrMonitor.dllexecutable
MD5:E938BB1D7523E4CEC914CDE0C8159E4E
SHA256:86CCE507E2A90604085B99BAC94C62A653BD2843A04D7982DCA7399931B73911
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\brlm03a.dllexecutable
MD5:114E9DE7781BEE1FF4738658C12C013A
SHA256:06A37DBF5141589A397ECEFA96DF3E0AAD63DCCBD1BC3FF3BFCDE3284F84FD24
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\BRLMW03A.INItext
MD5:DAE4DF3BEB5660A23ABA5398E522218E
SHA256:843E32E02A5806E6F2AB7F1600EE324FDE4018697A57C784C08B383C32857545
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\BRHOOK.DLLexecutable
MD5:27A559C83AF3FCC4AB2A25D0BC01EC06
SHA256:7853DB3D9F10364C8F5EED44833E63C73D04F7C30763117069EAB17EA715DB96
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\brif03a.dllexecutable
MD5:59DBBA43CBBC9F039196DE4DCEB23A4A
SHA256:8FDEB9351936072A23D0CB6A66FE23016C4FE29FE8CB05E5463BC73CCE9036A2
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\Brother\BrFirmUpdateCheck.dllexecutable
MD5:53FA6D58BE4782B4D058583ED17521D5
SHA256:17AB0FCC4B1053F4B548AB6CBDB608551662B5A0DC740DF205BF709ECFF6C074
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\$I30binary
MD5:FF2E917A30C7D1A203EDA97EE629922B
SHA256:76588E7327B84A7F1D94F5F0B67A9062F003058B5A5B6DA0D44560320F72597A
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\BRLMW03A.DLLexecutable
MD5:F71EC3FEC2EBEB67D067E9DA1469A9E0
SHA256:997F186482E3DD7EA731CC5C165C7F22E6D66807CD039F38F541F24CF0CF02A6
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\Brother\BrNetTool.filtext
MD5:256145B8CF9263DD929A25D9F0622DA4
SHA256:F41EDF150D3176A25B579B52FC40E63027902573E03E693D402DAC0107B54503
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Browny02.rar