Malware analysis Natro_Macro_v0.9.6.zip Malicious activity

Add for printing

File name:	Natro_Macro_v0.9.6.zip
Full analysis:	https://app.any.run/tasks/8dae59bb-d4d0-456d-89f4-6f0b3f613d56
Verdict:	Malicious activity
Analysis date:	February 03, 2024, 03:09:52
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	application/zip
File info:	Zip archive data, at least v2.0 to extract
MD5:	EC32ADBE4B134BFCEE504849AFE0C339
SHA1:	4345C4CC0F8F2C08DE1A5DF0898209ABC9DBC4B6
SHA256:	39E7951689C112474A0EB14C62C2A36844AE8B607DFF508ABAE11A7E7B8F70C5
SSDEEP:	98304:tf5Uf+YrR27T7z6CurH2sixGCsZgWyXuiPHlJXJ98OlHntzZ9eQJFub6o9MVZfFa:HLFuWtS

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 60 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: none
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - WinRAR.exe (PID: 268)
SUSPICIOUS
- Application launched itself
  - NATRO_MACRO.exe (PID: 2736)
  - NATRO_MACRO.exe (PID: 1588)
  - NATRO_MACRO.exe (PID: 2028)
  - NATRO_MACRO.exe (PID: 2628)
  - NATRO_MACRO.exe (PID: 2032)
  - NATRO_MACRO.exe (PID: 2868)
  - NATRO_MACRO.exe (PID: 3264)
  - NATRO_MACRO.exe (PID: 2528)
  - NATRO_MACRO.exe (PID: 3156)
  - NATRO_MACRO.exe (PID: 2496)
  - NATRO_MACRO.exe (PID: 3048)
  - NATRO_MACRO.exe (PID: 3432)
  - NATRO_MACRO.exe (PID: 3600)
  - NATRO_MACRO.exe (PID: 3576)
  - NATRO_MACRO.exe (PID: 3748)
  - NATRO_MACRO.exe (PID: 908)
  - NATRO_MACRO.exe (PID: 3756)
  - NATRO_MACRO.exe (PID: 3788)
  - NATRO_MACRO.exe (PID: 3836)
  - NATRO_MACRO.exe (PID: 3968)
  - NATRO_MACRO.exe (PID: 4056)
  - NATRO_MACRO.exe (PID: 3612)
  - NATRO_MACRO.exe (PID: 1812)
  - NATRO_MACRO.exe (PID: 3860)
- Reads the Internet Settings
  - NATRO_MACRO.exe (PID: 3432)
- Reads settings of System Certificates
  - NATRO_MACRO.exe (PID: 3432)
INFO
- Executable content was dropped or overwritten
  - WinRAR.exe (PID: 268)
- Checks supported languages
  - NATRO_MACRO.exe (PID: 1604)
  - NATRO_MACRO.exe (PID: 1588)
  - NATRO_MACRO.exe (PID: 548)
  - NATRO_MACRO.exe (PID: 2736)
  - NATRO_MACRO.exe (PID: 3484)
  - NATRO_MACRO.exe (PID: 2028)
  - NATRO_MACRO.exe (PID: 1344)
  - NATRO_MACRO.exe (PID: 2628)
  - NATRO_MACRO.exe (PID: 392)
  - NATRO_MACRO.exe (PID: 2032)
  - NATRO_MACRO.exe (PID: 3768)
  - NATRO_MACRO.exe (PID: 2868)
  - NATRO_MACRO.exe (PID: 1428)
  - NATRO_MACRO.exe (PID: 3264)
  - NATRO_MACRO.exe (PID: 2528)
  - NATRO_MACRO.exe (PID: 2776)
  - NATRO_MACRO.exe (PID: 3156)
  - NATRO_MACRO.exe (PID: 3040)
  - NATRO_MACRO.exe (PID: 2496)
  - NATRO_MACRO.exe (PID: 3052)
  - NATRO_MACRO.exe (PID: 3000)
  - NATRO_MACRO.exe (PID: 3048)
  - NATRO_MACRO.exe (PID: 3332)
  - NATRO_MACRO.exe (PID: 3580)
  - NATRO_MACRO.exe (PID: 3432)
  - NATRO_MACRO.exe (PID: 3588)
  - NATRO_MACRO.exe (PID: 3600)
  - NATRO_MACRO.exe (PID: 3596)
  - NATRO_MACRO.exe (PID: 3576)
  - NATRO_MACRO.exe (PID: 3548)
  - NATRO_MACRO.exe (PID: 3748)
  - NATRO_MACRO.exe (PID: 2612)
  - NATRO_MACRO.exe (PID: 3524)
  - NATRO_MACRO.exe (PID: 908)
  - NATRO_MACRO.exe (PID: 3612)
  - NATRO_MACRO.exe (PID: 3688)
  - NATRO_MACRO.exe (PID: 3756)
  - NATRO_MACRO.exe (PID: 3728)
  - NATRO_MACRO.exe (PID: 3836)
  - NATRO_MACRO.exe (PID: 3788)
  - NATRO_MACRO.exe (PID: 3928)
  - NATRO_MACRO.exe (PID: 3840)
  - NATRO_MACRO.exe (PID: 2948)
  - NATRO_MACRO.exe (PID: 4056)
  - NATRO_MACRO.exe (PID: 3860)
  - NATRO_MACRO.exe (PID: 3632)
  - NATRO_MACRO.exe (PID: 3968)
  - NATRO_MACRO.exe (PID: 3924)
  - NATRO_MACRO.exe (PID: 1812)
  - NATRO_MACRO.exe (PID: 4040)
  - NATRO_MACRO.exe (PID: 2912)
- Create files in a temporary directory
  - NATRO_MACRO.exe (PID: 1588)
  - NATRO_MACRO.exe (PID: 3432)
  - NATRO_MACRO.exe (PID: 2912)
- Reads the computer name
  - NATRO_MACRO.exe (PID: 3432)
- Reads the machine GUID from the registry
  - NATRO_MACRO.exe (PID: 3432)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.zip	\|	ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion:	20
ZipBitFlag:	-
ZipCompression:	None
ZipModifyDate:	2023:09:29 20:08:30
ZipCRC:	0x00000000
ZipCompressedSize:	-
ZipUncompressedSize:	-
ZipFileName:	Natro Macro v0.9.6/

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

Monitored processes

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

268

"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Natro_Macro_v0.9.6.zip"

C:\Program Files\WinRAR\WinRAR.exe

explorer.exe

User:

admin

Company:

Alexander Roshal

Integrity Level:

MEDIUM

Description:

WinRAR archiver

Exit code:

Version:

5.91.0

Modules

Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll

392

"C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\NATRO_MACRO.exe" /script /iLib nul /ErrorStdOut *

C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\NATRO_MACRO.exe

—

NATRO_MACRO.exe

User:

admin

Company:

AutoHotkey Foundation LLC

Integrity Level:

MEDIUM

Description:

AutoHotkey Unicode 32-bit

Exit code:

Version:

1.1.37.01

Modules

Images
c:\users\admin\appdata\local\temp\rar$exa268.29243\natro macro v0.9.6\natro_macro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll

548

"C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\NATRO_MACRO.exe" /script /f *

C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\NATRO_MACRO.exe

—

NATRO_MACRO.exe

User:

admin

Company:

AutoHotkey Foundation LLC

Integrity Level:

MEDIUM

Description:

AutoHotkey Unicode 32-bit

Exit code:

Version:

1.1.37.01

Modules

Images
c:\users\admin\appdata\local\temp\rar$exa268.29243\natro macro v0.9.6\natro_macro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll

908

"C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\NATRO_MACRO.exe" /script /ErrorStdOut *

C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\NATRO_MACRO.exe

—

NATRO_MACRO.exe

User:

admin

Company:

AutoHotkey Foundation LLC

Integrity Level:

MEDIUM

Description:

AutoHotkey Unicode 32-bit

Exit code:

Version:

1.1.37.01

Modules

Images
c:\users\admin\appdata\local\temp\rar$exa268.29243\natro macro v0.9.6\natro_macro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll

1344

"C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\NATRO_MACRO.exe" /script /iLib nul /ErrorStdOut *

C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\NATRO_MACRO.exe

—

NATRO_MACRO.exe

User:

admin

Company:

AutoHotkey Foundation LLC

Integrity Level:

MEDIUM

Description:

AutoHotkey Unicode 32-bit

Exit code:

Version:

1.1.37.01

Modules

Images
c:\users\admin\appdata\local\temp\rar$exa268.29243\natro macro v0.9.6\natro_macro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll

1428

"C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\NATRO_MACRO.exe" /script /iLib nul /ErrorStdOut *

C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\NATRO_MACRO.exe

—

NATRO_MACRO.exe

User:

admin

Company:

AutoHotkey Foundation LLC

Integrity Level:

MEDIUM

Description:

AutoHotkey Unicode 32-bit

Exit code:

Version:

1.1.37.01

Modules

Images
c:\users\admin\appdata\local\temp\rar$exa268.29243\natro macro v0.9.6\natro_macro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll

1588

"C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\NATRO_MACRO.exe"

C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\NATRO_MACRO.exe

—

WinRAR.exe

User:

admin

Company:

AutoHotkey Foundation LLC

Integrity Level:

MEDIUM

Description:

AutoHotkey Unicode 32-bit

Exit code:

Version:

1.1.37.01

Modules

Images
c:\users\admin\appdata\local\temp\rar$exa268.29243\natro macro v0.9.6\natro_macro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll

1604

"C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\NATRO_MACRO.exe" /script "submacros\Heartbeat.ahk"

C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\NATRO_MACRO.exe

—

NATRO_MACRO.exe

User:

admin

Company:

AutoHotkey Foundation LLC

Integrity Level:

MEDIUM

Description:

AutoHotkey Unicode 32-bit

Exit code:

Version:

1.1.37.01

Modules

Images
c:\users\admin\appdata\local\temp\rar$exa268.29243\natro macro v0.9.6\natro_macro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll

1812

"C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\NATRO_MACRO.exe" /script /ErrorStdOut *

C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\NATRO_MACRO.exe

—

NATRO_MACRO.exe

User:

admin

Company:

AutoHotkey Foundation LLC

Integrity Level:

MEDIUM

Description:

AutoHotkey Unicode 32-bit

Exit code:

Version:

1.1.37.01

Modules

Images
c:\users\admin\appdata\local\temp\rar$exa268.29243\natro macro v0.9.6\natro_macro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll

2028

"C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\NATRO_MACRO.exe" /script /ErrorStdOut *

C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\NATRO_MACRO.exe

—

NATRO_MACRO.exe

User:

admin

Company:

AutoHotkey Foundation LLC

Integrity Level:

MEDIUM

Description:

AutoHotkey Unicode 32-bit

Exit code:

Version:

1.1.37.01

Modules

Images
c:\users\admin\appdata\local\temp\rar$exa268.29243\natro macro v0.9.6\natro_macro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll

Add for printing

Total events

4 666

Read events

4 621

Write events

Delete events

Modification events


(PID) Process:	(268) WinRAR.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:	write	Name:	LanguageList
Value: en-US
(PID) Process:	(268) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	3
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:	(268) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	2
Value: C:\Users\admin\Desktop\phacker.zip
(PID) Process:	(268) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	1
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:	(268) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	0
Value: C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:	(268) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	name
Value: 120
(PID) Process:	(268) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	size
Value: 80
(PID) Process:	(268) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	type
Value: 120
(PID) Process:	(268) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	mtime
Value: 100
(PID) Process:	(268) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:	write	Name:	ProxyBypass
Value: 1

Add for printing

Executable files

Suspicious files

Text files

421

Unknown types

Dropped files

PID	Process	Filename		Type
268	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\nm_image_assets\bamboo.png		image
		MD5:D6CFA28B03548D03D858B6F342214C0B	SHA256:2C30D62FC8F1C762E3302574A788BD60DCA0DB4B7B2555A9400FF3024F49DBF0
268	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\nm_image_assets\a bit of both.png		image
		MD5:6839A3D9FB3A3B664A778DD6639DCC5E	SHA256:76F39CB1023EC4F6D52A898EEB277C288F892A03BFB6B67284F5548FFA57CC95
268	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\lib\HyperSleep.ahk		text
		MD5:7F119F281F4D0915ECAE0DD4B92DF746	SHA256:2D6776C4AF23D10C14A8CDE2D02260C2B05B6C366221C5724DB65116A37611E6
268	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\nm_image_assets\3Planters.PNG		image
		MD5:EF32FE4CC267AC9247834A8020A2174D	SHA256:0BE56F50839FD430A175C0F9CE91ED336DEF38021E6F21B6A1EFDAF4871FD501
268	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\natro_macro.ahk		text
		MD5:A57CBFA6F4CCA96C72289E4F41A4CC45	SHA256:EC275C7D66B1B661769CD81FD18CB3BB3EC2589A751740522F122D68269CA06B
268	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\nm_image_assets\any pollen.png		image
		MD5:708DF32D7EB8AC41A80C09E7113797A5	SHA256:7D84D787A6BA6EB380446FB161579391A4E41017DE59937B7E0D3B3A2F57E425
268	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\nm_image_assets\abilities.png		image
		MD5:0027C79985BFAE14612C922F63FFCCE0	SHA256:BA536A4E376269C9055F571363C0370C3EAA5D3B2FA0BDAD18FD761A1E93CC65
268	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\nm_image_assets\beemenu\beedigit4.png		image
		MD5:949243C56BF871FD1A30BB446E03F423	SHA256:46D145C99867D7DB7E6525D8D34A99BF300C3A8DD23BF3E68F80A3243E66BAC9
268	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\nm_image_assets\aromatic pie.png		image
		MD5:387F5BEFF1D2130447A882A07FBCA063	SHA256:BB9562EFF9F7C9C2F17F8D140C85F00550BCE6AE9532A14009B1B4262ED7C4EE
268	WinRAR.exe	C:\Users\admin\AppData\Local\Temp\Rar$EXa268.29243\Natro Macro v0.9.6\nm_image_assets\beemenu\beedigit1.png		image
		MD5:5D6B2B098B0C67C6445A653815E2697A	SHA256:9FE28EFAAD59AD7779EC77EE6EF93F71837BE56F36A5D48F1B2FA399D963CF90

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

No HTTP requests

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:137	—	—	—	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
3432	NATRO_MACRO.exe	140.82.121.5:443	api.github.com	GITHUB	US	unknown
3432	NATRO_MACRO.exe	185.199.108.133:443	raw.githubusercontent.com	FASTLY	US	unknown

DNS requests

Domain	IP	Reputation
api.github.com	140.82.121.5	whitelisted
raw.githubusercontent.com	185.199.108.133 185.199.109.133 185.199.110.133 185.199.111.133	shared

Threats

No threats detected

Add for printing

No debug info

General Info

Natro_Macro_v0.9.6.zip

EC32ADBE4B134BFCEE504849AFE0C339

4345C4CC0F8F2C08DE1A5DF0898209ABC9DBC4B6

39E7951689C112474A0EB14C62C2A36844AE8B607DFF508ABAE11A7E7B8F70C5

98304:tf5Uf+YrR27T7z6CurH2sixGCsZgWyXuiPHlJXJ98OlHntzZ9eQJFub6o9MVZfFa:HLFuWtS

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

SUSPICIOUS

Application launched itself

Reads the Internet Settings

Reads settings of System Certificates

INFO

Executable content was dropped or overwritten

Checks supported languages

Create files in a temporary directory

Reads the computer name

Reads the machine GUID from the registry

Malware configuration

Static information

TRiD

EXIF

ZIP

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings