File name:

cmospwd-5.0.zip

Full analysis: https://app.any.run/tasks/0f6e1fae-26e5-4c1d-9445-0dac1ad48b14
Verdict: No threats detected
Analysis date: April 11, 2020, 13:09:18
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract
MD5:

C01A306646E375F1B8D8C7BE75C41D5F

SHA1:

45EEF3F27D709AAC8054E3C24D23D2A2B48018D5

SHA256:

365AA166DA68F2A982B06E6D69FF32A04034FC08D9500A943942E7E0DD953127

SSDEEP:

3072:nIfGZSZBH6lNi2jt+DtCGv4J2DImPumVr/:fAZqNiOJdmBr

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • cmospwd_win.exe (PID: 3804)
      • ioperm.exe (PID: 4004)
      • ioperm.exe (PID: 3476)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2812)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.xpi | Mozilla Firefox browser extension (66.6)
.zip | ZIP compressed archive (33.3)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2007:10:24 08:07:17
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: cmospwd-5.0/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
43
Monitored processes
6
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start drop and start drop and start start winrar.exe cmospwd_win.exe no specs ioperm.exe no specs ioperm.exe no specs notepad.exe no specs notepad.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2812"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\cmospwd-5.0.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2872"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\Rar$DIa2812.43943\cmospwd.txtC:\Windows\system32\NOTEPAD.EXEWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\notepad.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3476"C:\Users\admin\AppData\Local\Temp\Rar$EXa2812.42404\cmospwd-5.0\windows\ioperm.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2812.42404\cmospwd-5.0\windows\ioperm.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
4294967295
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2812.42404\cmospwd-5.0\windows\ioperm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3804"C:\Users\admin\AppData\Local\Temp\Rar$EXa2812.41784\cmospwd-5.0\windows\cmospwd_win.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2812.41784\cmospwd-5.0\windows\cmospwd_win.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2812.41784\cmospwd-5.0\windows\cmospwd_win.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
3840"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\Rar$DIa2812.46403\cmospwd.txtC:\Windows\system32\NOTEPAD.EXEWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\notepad.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
4004"C:\Users\admin\AppData\Local\Temp\Rar$EXa2812.42148\cmospwd-5.0\windows\ioperm.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2812.42148\cmospwd-5.0\windows\ioperm.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
4294967295
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2812.42148\cmospwd-5.0\windows\ioperm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
485
Read events
468
Write events
17
Delete events
0

Modification events

(PID) Process:(2812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2812) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\cmospwd-5.0.zip
(PID) Process:(2812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
Executable files
15
Suspicious files
0
Text files
26
Unknown types
3

Dropped files

PID
Process
Filename
Type
2812WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2812.41784\cmospwd-5.0\src\cmospwdo
MD5:F68026E2A3F7A23A930B6280E217048A
SHA256:6FC75C0F3357BBF04120EA55A77EB384921B615A797CEEC2CB3AA8AF38E3931C
2812WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2812.41784\cmospwd-5.0\COPYINGtext
MD5:751419260AA954499F7ABAABAA882BBE
SHA256:AB15FD526BD8DD18A9E77EBC139656BF4D33E97FC7238CD11BF60E2B9B8666C6
2812WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2812.42148\cmospwd-5.0\dos\cmospwd.exeexecutable
MD5:55BCC8A4C93ED452D35B1C9A14BEAB80
SHA256:2CEAD1CEFDCE9BFD70C199288991C172B44A483ADF23D7B8BA1A813AA0A7EB93
2812WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2812.41784\cmospwd-5.0\windows\cmospwd_win.exeexecutable
MD5:A2295C92AAF55F5CC03CED3566542F30
SHA256:11E2F27EA8885188128E285C08DA5D9AB1B707E2051B8434ED3E8B1FBCBAC087
2812WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2812.41784\cmospwd-5.0\dos\cmospwd.exeexecutable
MD5:55BCC8A4C93ED452D35B1C9A14BEAB80
SHA256:2CEAD1CEFDCE9BFD70C199288991C172B44A483ADF23D7B8BA1A813AA0A7EB93
2812WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2812.41784\cmospwd-5.0\windows\ioperm.sysexecutable
MD5:7092F08AE018D1EF082C2C31ED80E4EB
SHA256:0F1D13283E4E0A5640BBA99AAB01A637FE04A6721AFB50659FB15A40D029034E
2812WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2812.41784\cmospwd-5.0\windows\ioperm.exeexecutable
MD5:97A719BDD0F9BDEED48D827107DD3E96
SHA256:315B5AF8B2051A820BCF096DB2B486E98A48F9BF8FA93BE503600D3193CF29A2
2812WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2812.41784\cmospwd-5.0\src\cmospwd.ctext
MD5:33277792A536E707D9641A8F7039816F
SHA256:CA4231162D5A0D29B8E28126318EEE9BE9A1557A933FBD5981397FD64D3A9493
2812WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2812.42148\cmospwd-5.0\dos\cwsdpmi.exeexecutable
MD5:A508F105F1126DA8C0AC86EF856F25B2
SHA256:977ED1DA112B182536D0F0F9ECE9A79E02B2E02CB94A0725758927EC03CA41AD
2812WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2812.42148\cmospwd-5.0\windows\cmospwd_win.exeexecutable
MD5:A2295C92AAF55F5CC03CED3566542F30
SHA256:11E2F27EA8885188128E285C08DA5D9AB1B707E2051B8434ED3E8B1FBCBAC087
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
cmospwd-5.0.zip