File name:

Browny02.rar

Full analysis: https://app.any.run/tasks/4f32c02b-fbb3-42f4-9f38-d4555ff8143b
Verdict: Malicious activity
Analysis date: April 03, 2020, 07:00:12
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

C0F9822A8C59F486F5419E8C7C36F188

SHA1:

F95A1EE8B9CAE84E5FCBBE8BD1072B690DA6B403

SHA256:

33994C49C4F07C1C436BF156A45A00E238F69DA3826136B3DD4BD5A81187BF17

SSDEEP:

98304:Ewz3i8VoQ3OBObQ2v5osKFBtg5i2TbxThCRbH15+Ic5YtD+XN:Ewz3ihQ2OlvjOBtg5iORs5H15UX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • DllHost.exe (PID: 1444)

    • Application was dropped or rewritten from another process

      • BrYNSvc.exe (PID: 3152)
      • BrYNSvc.exe (PID: 2672)
      • BrYNSvc.exe (PID: 3296)

  • SUSPICIOUS

    • Executed via COM

      • DllHost.exe (PID: 1444)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3732)

  • INFO

    • Manual execution by user

      • BrYNSvc.exe (PID: 3296)
      • BrYNSvc.exe (PID: 2672)
      • BrYNSvc.exe (PID: 3152)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

CompressedSize: 741
UncompressedSize: 4096
OperatingSystem: Win32
ModifyDate: 2020:02:14 12:44:27
PackingMethod: Good Compression
ArchivedFileName: Browny02\$I30
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
45
Monitored processes
5
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe Copy/Move/Rename/Delete/Link Object brynsvc.exe no specs brynsvc.exe no specs brynsvc.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1444C:\Windows\system32\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}C:\Windows\system32\DllHost.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
COM Surrogate
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\dllhost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2672"C:\Program Files\Browny02\BrYNSvc.exe" C:\Program Files\Browny02\BrYNSvc.exeexplorer.exe
User:
admin
Company:
Brother Industries, Ltd.
Integrity Level:
MEDIUM
Description:
BrYNCSvc
Exit code:
2
Version:
1.5.1.0
Modules
Images
c:\program files\browny02\brynsvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winspool.drv
3152"C:\Program Files\Browny02\BrYNSvc.exe" C:\Program Files\Browny02\BrYNSvc.exeexplorer.exe
User:
admin
Company:
Brother Industries, Ltd.
Integrity Level:
MEDIUM
Description:
BrYNCSvc
Exit code:
2
Version:
1.5.1.0
Modules
Images
c:\program files\browny02\brynsvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winspool.drv
3296"C:\Program Files\Browny02\BrYNSvc.exe" C:\Program Files\Browny02\BrYNSvc.exeexplorer.exe
User:
admin
Company:
Brother Industries, Ltd.
Integrity Level:
MEDIUM
Description:
BrYNCSvc
Exit code:
2
Version:
1.5.1.0
Modules
Images
c:\program files\browny02\brynsvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winspool.drv
3732"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Browny02.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
730
Read events
722
Write events
8
Delete events
0

Modification events

(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3732) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Browny02.rar
(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
86
Suspicious files
2
Text files
12
Unknown types
34

Dropped files

PID
Process
Filename
Type
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\AdditionalMessage_M12AP.initext
MD5:3D8AAA62932453CE20C338F6F97FCD53
SHA256:2AB2136B7F812D61B84EC47C4AD1AFC276B375E11D1D298EB00076CB594405AD
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\Brother\BrMfNt.dllexecutable
MD5:A0BDEE4D0860D9EB71FAC8B0E358BBAD
SHA256:8D4BD21BA5722A641EE2AEE67D6EBCB1976D06A6D9A43D379CD65732302CD8C3
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\Brother\BrNetToolBul.dllexecutable
MD5:712B9FA225C09A2D70DFF7187F9966F1
SHA256:5EDB929F88733A3053BD7495364675866FC7AC3F69C190788486625C789CAA98
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\Brother\BrNetTool.vertext
MD5:578126E5682D786CD13906F98B1C5C34
SHA256:3C2DD5611957E041BE0803756FA7809A0FA408DCE5DA1A1430A7C2BC9EB8A3E2
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\Brother\BrNetToolCht.dllexecutable
MD5:21E07BC92FEDF9E2B31AC3C904637E6E
SHA256:1076376A467D3756770835FFCF21DA7EBA5D443BA1A82BA35AE8C45581E49296
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\brlm03a.dllexecutable
MD5:114E9DE7781BEE1FF4738658C12C013A
SHA256:06A37DBF5141589A397ECEFA96DF3E0AAD63DCCBD1BC3FF3BFCDE3284F84FD24
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\BRLMW03A.INItext
MD5:DAE4DF3BEB5660A23ABA5398E522218E
SHA256:843E32E02A5806E6F2AB7F1600EE324FDE4018697A57C784C08B383C32857545
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\$I30binary
MD5:FF2E917A30C7D1A203EDA97EE629922B
SHA256:76588E7327B84A7F1D94F5F0B67A9062F003058B5A5B6DA0D44560320F72597A
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\BroSNMP.dllexecutable
MD5:77C344EE478BB4329D16A6DCDF1CE087
SHA256:2970B92D8F3712F6B4E3588C281EF24879EE3D5D42CD493757C4326EAA2A0484
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\AdditionalMessage_M12AM.initext
MD5:BF2154DFAE24BE74A318B5A94A590ABD
SHA256:29C24494B42ECFBE1F84C01D5CFF88AFEE9C499B3EDFD799D9192F69BF538234
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Browny02.rar