File name:

Browny02.rar

Full analysis: https://app.any.run/tasks/4f32c02b-fbb3-42f4-9f38-d4555ff8143b
Verdict: Malicious activity
Analysis date: April 03, 2020, 07:00:12
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

C0F9822A8C59F486F5419E8C7C36F188

SHA1:

F95A1EE8B9CAE84E5FCBBE8BD1072B690DA6B403

SHA256:

33994C49C4F07C1C436BF156A45A00E238F69DA3826136B3DD4BD5A81187BF17

SSDEEP:

98304:Ewz3i8VoQ3OBObQ2v5osKFBtg5i2TbxThCRbH15+Ic5YtD+XN:Ewz3ihQ2OlvjOBtg5iORs5H15UX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • BrYNSvc.exe (PID: 3296)
      • BrYNSvc.exe (PID: 3152)
      • BrYNSvc.exe (PID: 2672)

    • Actions looks like stealing of personal data

      • DllHost.exe (PID: 1444)

  • SUSPICIOUS

    • Executed via COM

      • DllHost.exe (PID: 1444)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3732)

  • INFO

    • Manual execution by user

      • BrYNSvc.exe (PID: 3296)
      • BrYNSvc.exe (PID: 3152)
      • BrYNSvc.exe (PID: 2672)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

CompressedSize: 741
UncompressedSize: 4096
OperatingSystem: Win32
ModifyDate: 2020:02:14 12:44:27
PackingMethod: Good Compression
ArchivedFileName: Browny02\$I30
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
45
Monitored processes
5
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe Copy/Move/Rename/Delete/Link Object brynsvc.exe no specs brynsvc.exe no specs brynsvc.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1444C:\Windows\system32\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}C:\Windows\system32\DllHost.exe
svchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
COM Surrogate
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\dllhost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2672"C:\Program Files\Browny02\BrYNSvc.exe" C:\Program Files\Browny02\BrYNSvc.exeexplorer.exe
User:
admin
Company:
Brother Industries, Ltd.
Integrity Level:
MEDIUM
Description:
BrYNCSvc
Exit code:
2
Version:
1.5.1.0
Modules
Images
c:\program files\browny02\brynsvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winspool.drv
3152"C:\Program Files\Browny02\BrYNSvc.exe" C:\Program Files\Browny02\BrYNSvc.exeexplorer.exe
User:
admin
Company:
Brother Industries, Ltd.
Integrity Level:
MEDIUM
Description:
BrYNCSvc
Exit code:
2
Version:
1.5.1.0
Modules
Images
c:\program files\browny02\brynsvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winspool.drv
3296"C:\Program Files\Browny02\BrYNSvc.exe" C:\Program Files\Browny02\BrYNSvc.exeexplorer.exe
User:
admin
Company:
Brother Industries, Ltd.
Integrity Level:
MEDIUM
Description:
BrYNCSvc
Exit code:
2
Version:
1.5.1.0
Modules
Images
c:\program files\browny02\brynsvc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winspool.drv
3732"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Browny02.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
730
Read events
722
Write events
8
Delete events
0

Modification events

(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3732) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Browny02.rar
(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3732) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
86
Suspicious files
2
Text files
12
Unknown types
34

Dropped files

PID
Process
Filename
Type
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\BRLMW03A.INItext
MD5:DAE4DF3BEB5660A23ABA5398E522218E
SHA256:843E32E02A5806E6F2AB7F1600EE324FDE4018697A57C784C08B383C32857545
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\BRLMW03A.DLLexecutable
MD5:F71EC3FEC2EBEB67D067E9DA1469A9E0
SHA256:997F186482E3DD7EA731CC5C165C7F22E6D66807CD039F38F541F24CF0CF02A6
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\AdditionalMessage_M12AM.initext
MD5:BF2154DFAE24BE74A318B5A94A590ABD
SHA256:29C24494B42ECFBE1F84C01D5CFF88AFEE9C499B3EDFD799D9192F69BF538234
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\$I30binary
MD5:FF2E917A30C7D1A203EDA97EE629922B
SHA256:76588E7327B84A7F1D94F5F0B67A9062F003058B5A5B6DA0D44560320F72597A
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\brif03a.dllexecutable
MD5:59DBBA43CBBC9F039196DE4DCEB23A4A
SHA256:8FDEB9351936072A23D0CB6A66FE23016C4FE29FE8CB05E5463BC73CCE9036A2
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\Brother\BrNetToolBul.dllexecutable
MD5:712B9FA225C09A2D70DFF7187F9966F1
SHA256:5EDB929F88733A3053BD7495364675866FC7AC3F69C190788486625C789CAA98
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\Brother\BrNetToolAru.dllexecutable
MD5:28EA9EE053EFBC37FE6D1161072D8905
SHA256:6F1D6D24BA1B9BF32E04464BF50779770239B6D0CA777B5EAEF22042FFD88E96
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\Brother\BrMfNt.dllexecutable
MD5:A0BDEE4D0860D9EB71FAC8B0E358BBAD
SHA256:8D4BD21BA5722A641EE2AEE67D6EBCB1976D06A6D9A43D379CD65732302CD8C3
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\BroSNMP.dllexecutable
MD5:77C344EE478BB4329D16A6DCDF1CE087
SHA256:2970B92D8F3712F6B4E3588C281EF24879EE3D5D42CD493757C4326EAA2A0484
3732WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3732.8067\Browny02\Brother\BrNetTool.filtext
MD5:256145B8CF9263DD929A25D9F0622DA4
SHA256:F41EDF150D3176A25B579B52FC40E63027902573E03E693D402DAC0107B54503
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Browny02.rar