File name:

Browny02.rar

Full analysis: https://app.any.run/tasks/4f32c02b-fbb3-42f4-9f38-d4555ff8143b
Verdict: Malicious activity
Analysis date: April 03, 2020, 07:00:12
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

C0F9822A8C59F486F5419E8C7C36F188

SHA1:

F95A1EE8B9CAE84E5FCBBE8BD1072B690DA6B403

SHA256:

33994C49C4F07C1C436BF156A45A00E238F69DA3826136B3DD4BD5A81187BF17

SSDEEP:

98304:Ewz3i8VoQ3OBObQ2v5osKFBtg5i2TbxThCRbH15+Ic5YtD+XN:Ewz3ihQ2OlvjOBtg5iORs5H15UX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • BrYNSvc.exe (PID: 3296)
      • BrYNSvc.exe (PID: 3152)
      • BrYNSvc.exe (PID: 2672)

    • Actions looks like stealing of personal data

      • DllHost.exe (PID: 1444)

  • SUSPICIOUS

    • Executed via COM

      • DllHost.exe (PID: 1444)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3732)

  • INFO

    • Manual execution by user

      • BrYNSvc.exe (PID: 2672)
      • BrYNSvc.exe (PID: 3296)
      • BrYNSvc.exe (PID: 3152)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

CompressedSize: 741
UncompressedSize: 4096
OperatingSystem: Win32
ModifyDate: 2020:02:14 12:44:27
PackingMethod: Good Compression
ArchivedFileName: Browny02\$I30
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
45
Monitored processes
5
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe Copy/Move/Rename/Delete/Link Object brynsvc.exe no specs brynsvc.exe no specs brynsvc.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1444C:\Windows\system32\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}C:\Windows\system32\DllHost.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
COM Surrogate
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\dllhost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2672"C:\Program Files\Browny02\BrYNSvc.exe" C:\Program Files\Browny02\BrYNSvc.exeexplorer.exe
User:
admin
Company:
Brother Industries, Ltd.
Integrity Level:
MEDIUM
Description:
BrYNCSvc
Exit code:
2
Version:
1.5.1.0
Modules
Images
c:\program files\browny02\brynsvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winspool.drv
3152"C:\Program Files\Browny02\BrYNSvc.exe" C:\Program Files\Browny02\BrYNSvc.exeexplorer.exe
User:
admin
Company:
Brother Industries, Ltd.
Integrity Level:
MEDIUM
Description:
BrYNCSvc
Exit code:
2
Version:
1.5.1.0
Modules
Images
c:\program files\browny02\brynsvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winspool.drv
3296"C:\Program Files\Browny02\BrYNSvc.exe" C:\Program Files\Browny02\BrYNSvc.exeexplorer.exe
User:
admin
Company:
Brother Industries, Ltd.
Integrity Level:
MEDIUM
Description:
BrYNCSvc
Exit code:
2
Version:
1.5.1.0
Modules
Images
c:\program files\browny02\brynsvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winspool.drv
3732"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Browny02.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
730
Read events
722
Write events
8
Delete events
0

Modification events

(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3732) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Browny02.rar
(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
86
Suspicious files
2
Text files
12
Unknown types
34

Dropped files

PID
Process
Filename
Type
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\$I30binary
MD5:FF2E917A30C7D1A203EDA97EE629922B
SHA256:76588E7327B84A7F1D94F5F0B67A9062F003058B5A5B6DA0D44560320F72597A
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\BRLMW03A.INItext
MD5:DAE4DF3BEB5660A23ABA5398E522218E
SHA256:843E32E02A5806E6F2AB7F1600EE324FDE4018697A57C784C08B383C32857545
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\AdditionalMessage_M12AP.initext
MD5:3D8AAA62932453CE20C338F6F97FCD53
SHA256:2AB2136B7F812D61B84EC47C4AD1AFC276B375E11D1D298EB00076CB594405AD
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\BRHOOK.DLLexecutable
MD5:27A559C83AF3FCC4AB2A25D0BC01EC06
SHA256:7853DB3D9F10364C8F5EED44833E63C73D04F7C30763117069EAB17EA715DB96
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\brif03a.dllexecutable
MD5:59DBBA43CBBC9F039196DE4DCEB23A4A
SHA256:8FDEB9351936072A23D0CB6A66FE23016C4FE29FE8CB05E5463BC73CCE9036A2
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\BRLMW03A.DLLexecutable
MD5:F71EC3FEC2EBEB67D067E9DA1469A9E0
SHA256:997F186482E3DD7EA731CC5C165C7F22E6D66807CD039F38F541F24CF0CF02A6
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\AdditionalMessage_M12AM.initext
MD5:BF2154DFAE24BE74A318B5A94A590ABD
SHA256:29C24494B42ECFBE1F84C01D5CFF88AFEE9C499B3EDFD799D9192F69BF538234
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\brlm03a.dllexecutable
MD5:114E9DE7781BEE1FF4738658C12C013A
SHA256:06A37DBF5141589A397ECEFA96DF3E0AAD63DCCBD1BC3FF3BFCDE3284F84FD24
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\Brother\$I30binary
MD5:2B5A54735C3F6E57AA1B93ACAAFD7C4B
SHA256:EF61FE09F964A8C7D6D2E1619E2C1AFDED8EC873F361655B913554566D520A73
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\Brother\BrNetTool.vertext
MD5:578126E5682D786CD13906F98B1C5C34
SHA256:3C2DD5611957E041BE0803756FA7809A0FA408DCE5DA1A1430A7C2BC9EB8A3E2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Browny02.rar