File name:

e9a6b0bef1a8b2ac00cc64da044a9529-sample.zip

Full analysis: https://app.any.run/tasks/37b8fe2c-84b8-4786-a9f9-18879bc9ea35
Verdict: Malicious activity
Analysis date: December 10, 2023, 19:48:39
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

5510264CFF8EF50E9C7EF5239F22A96B

SHA1:

21A60FA747A8E39F66A6CC8E94DD964858FEDB37

SHA256:

3938D052D9444DB2FA060C629899A9D9360ABC78E53D42C3E148198135BD6296

SSDEEP:

49152:xM7DTQblr1/JBUsntJA1xfIa8dHQ0NDeF/DMQDw2UF9LQOHLiKXcjKG6L29o/bhD:i73KlB/ThntJA13EDsDMQDw2o9UO+Ocy

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • msiexec.exe (PID: 2300)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Reads the machine GUID from the registry

      • msiexec.exe (PID: 2300)

    • Checks supported languages

      • msiexec.exe (PID: 2300)
      • BrotherUSBTool.exe (PID: 3776)
      • BrotherUSBTool.exe (PID: 3440)

    • Manual execution by a user

      • msiexec.exe (PID: 2424)
      • explorer.exe (PID: 3468)
      • BrotherUSBTool.exe (PID: 3228)
      • BrotherUSBTool.exe (PID: 3776)
      • BrotherUSBTool.exe (PID: 3440)

    • Reads the computer name

      • msiexec.exe (PID: 2300)
      • BrotherUSBTool.exe (PID: 3776)
      • BrotherUSBTool.exe (PID: 3440)

    • Create files in a temporary directory

      • msiexec.exe (PID: 2300)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0009
ZipCompression: Deflated
ZipModifyDate: 2023:12:10 19:43:48
ZipCRC: 0xc5b21b19
ZipCompressedSize: 1664764
ZipUncompressedSize: 2199552
ZipFileName: UsbRepairTool.msi
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
53
Monitored processes
7
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs msiexec.exe no specs msiexec.exe no specs explorer.exe no specs brotherusbtool.exe no specs brotherusbtool.exe brotherusbtool.exe

Process information

PID
CMD
Path
Indicators
Parent process
1556"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\e9a6b0bef1a8b2ac00cc64da044a9529-sample.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2300C:\Windows\system32\msiexec.exe /VC:\Windows\System32\msiexec.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2424"C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\Desktop\UsbRepairTool.msi" C:\Windows\System32\msiexec.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3228"C:\Program Files\Browny02\Brother\BrotherUSBTool.exe" C:\Program Files\Browny02\Brother\BrotherUSBTool.exeexplorer.exe
User:
admin
Company:
Brother Industries, Ltd.
Integrity Level:
MEDIUM
Description:
Brother USB Connection Repair Tool
Exit code:
3221226540
Version:
1.4.0.0
Modules
Images
c:\program files\browny02\brother\brotherusbtool.exe
c:\windows\system32\ntdll.dll
3440"C:\Program Files\Browny02\Brother\BrotherUSBTool.exe" C:\Program Files\Browny02\Brother\BrotherUSBTool.exe
explorer.exe
User:
admin
Company:
Brother Industries, Ltd.
Integrity Level:
HIGH
Description:
Brother USB Connection Repair Tool
Exit code:
0
Version:
1.4.0.0
Modules
Images
c:\program files\browny02\brother\brotherusbtool.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
3468"C:\Windows\explorer.exe" C:\Windows\explorer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3776"C:\Program Files\Browny02\Brother\BrotherUSBTool.exe" C:\Program Files\Browny02\Brother\BrotherUSBTool.exe
explorer.exe
User:
admin
Company:
Brother Industries, Ltd.
Integrity Level:
HIGH
Description:
Brother USB Connection Repair Tool
Exit code:
0
Version:
1.4.0.0
Modules
Images
c:\program files\browny02\brother\brotherusbtool.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\user32.dll
Total events
2 931
Read events
2 900
Write events
21
Delete events
10

Modification events

(PID) Process:(1556) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(1556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(1556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(1556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
(PID) Process:(1556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\General
Operation:writeName:LastFolder
Value:
C:\Users\admin\Desktop
Executable files
38
Suspicious files
7
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
1556WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb1556.21860\UsbRepairTool.msiexecutable
MD5:7A707079D3BE82AF759B4612423C9B35
SHA256:D8041ED4D1F2B131571F1734E7D7E04CE602E2219C97E4265B373C0029D9CC4C
2300msiexec.exeC:\Windows\Installer\MSI4FB5.tmpbinary
MD5:D9731024EEE6951C6400C03A4CBADDDA
SHA256:8D67426714055B9BF75C8FA412B457495DE3DC60443145D79A93C3EE0EA6C42C
2300msiexec.exeC:\Program Files\Browny02\Brother\BrUSBBul.dllexecutable
MD5:2AADDA89F8EABBF31E71FACA2820505A
SHA256:EDB849480420FCFCDE77136CEDC841C844B4D3754049816D3BDE76A179667D12
2300msiexec.exeC:\Users\admin\AppData\Local\Temp\~DF1A0A69053B547596.TMPbinary
MD5:872949EEC4B618D99283BD183FE6C4F1
SHA256:D74926BF07F6D782D73B49B446C49146701BB5DE39F6836004A271B214B90598
2300msiexec.exeC:\Windows\Installer\214e9c.msiexecutable
MD5:7A707079D3BE82AF759B4612423C9B35
SHA256:D8041ED4D1F2B131571F1734E7D7E04CE602E2219C97E4265B373C0029D9CC4C
2300msiexec.exeC:\Program Files\Browny02\Brother\BrUSBCht.dllexecutable
MD5:C6B530C65A04E1EF13D5FD4546BD6803
SHA256:14E1B2A6621CE971D833F8E727635F8DF1C7CB347B94B12C61F8A78782C1E53C
2300msiexec.exeC:\Program Files\Browny02\Brother\BrUSBAru.dllexecutable
MD5:F1B505178D49B4282C4060784AF0B588
SHA256:E549B486948CFE42A60ADAAC15EB82F2FF755D06F225B5DFDA25BBE38281B4B8
2300msiexec.exeC:\Windows\Installer\214e9d.ipibinary
MD5:3DC277758BF45F7DD9326C45F03F86F7
SHA256:38CC80846886125339C07255A802C1376C4CCBA1DB3DEE9F78F286342DB4420F
2300msiexec.exeC:\Program Files\Browny02\Brother\BrUSBCze.dllexecutable
MD5:578403EE6254F31204055498A3B774FF
SHA256:7998F6C4520B42AEFA3E8F1F74E77DD9B758BAB6E8E667225305780B5DA00260
2300msiexec.exeC:\Program Files\Browny02\Brother\BrotherUSBTool.exeexecutable
MD5:622A5751A744F132996CF1399ACF1B57
SHA256:6DD710EF338E45A85311B580AA9DD8606AB7E6E4021D4B94746262B0686FA3F9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
e9a6b0bef1a8b2ac00cc64da044a9529-sample.zip