Malware analysis Natro_Macro_v0.9.6.zip Malicious activity

Add for printing

File name:	Natro_Macro_v0.9.6.zip
Full analysis:	https://app.any.run/tasks/c5ea2a07-6871-4d8e-ab12-1a6cf0e9c5b1
Verdict:	Malicious activity
Analysis date:	February 03, 2024, 03:12:58
OS:	Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME:	application/zip
File info:	Zip archive data, at least v2.0 to extract
MD5:	EC32ADBE4B134BFCEE504849AFE0C339
SHA1:	4345C4CC0F8F2C08DE1A5DF0898209ABC9DBC4B6
SHA256:	39E7951689C112474A0EB14C62C2A36844AE8B607DFF508ABAE11A7E7B8F70C5
SSDEEP:	98304:tf5Uf+YrR27T7z6CurH2sixGCsZgWyXuiPHlJXJ98OlHntzZ9eQJFub6o9MVZfFa:HLFuWtS

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.0.9600.19596 KB4534251
Adobe Acrobat Reader DC (20.013.20064)
Adobe Acrobat Reader DC (20.013.20064)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 ActiveX (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 NPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Flash Player 32 PPAPI (32.0.0.453)
Adobe Refresh Manager (1.8.0)
Adobe Refresh Manager (1.8.0)
CCleaner (6.14)
CCleaner (6.14)
FileZilla 3.65.0 (3.65.0)
FileZilla 3.65.0 (3.65.0)
Google Chrome (109.0.5414.120)
Google Chrome (109.0.5414.120)
Google Update Helper (1.3.36.31)
Google Update Helper (1.3.36.31)
Java 8 Update 271 (8.0.2710.9)
Java 8 Update 271 (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Java Auto Updater (2.8.271.9)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft .NET Framework 4.8 (4.8.03761)
Microsoft Edge (109.0.1518.115)
Microsoft Edge (109.0.1518.115)
Microsoft Edge Update (1.3.175.29)
Microsoft Edge Update (1.3.175.29)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Excel MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Groove MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Japanese) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office IME (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (French) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (German) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office InfoPath MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - French/Français (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - German/Deutsch (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Italian/Italiano (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Japanese/日本語 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Korean/한국어 (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Portuguese/Português (Brasil) (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Russian/русский (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Spanish/Español (14.0.4763.1000)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office Language Pack 2010 - Turkish/Türkçe (14.0.4763.1013)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (French) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (German) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office O MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (14.0.6029.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (French) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (German) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office OneNote MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Outlook MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (14.0.6029.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (French) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (German) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office PowerPoint MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Professional 2010 (14.0.6029.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Arabic) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Basque) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Catalan) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (Dutch) 2010 (14.0.4763.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (English) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (French) 2010 (14.0.6029.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (Galician) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (German) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (14.0.6029.1000)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proof (Ukrainian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (14.0.6029.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (French) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (German) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Italian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Korean) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Russian) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Proofing (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Publisher MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (French) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (German) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office SharePoint Designer MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Single Image 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (14.0.6029.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (French) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (German) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office Word MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (French) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (German) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Italian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Japanese) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Korean) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Portuguese (Brazil)) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Russian) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Spanish) 2010 (14.0.4763.1000)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Office X MUI (Turkish) 2010 (14.0.4763.1013)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (10.0.40219)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Firefox (x86 en-US) (115.0.2)
Mozilla Maintenance Service (115.0.2)
Mozilla Maintenance Service (115.0.2)
Notepad++ (32-bit x86) (7.9.1)
Notepad++ (32-bit x86) (7.9.1)
PowerShell 7-x86 (7.2.11.0)
PowerShell 7-x86 (7.2.11.0)
Skype version 8.110 (8.110)
Skype version 8.110 (8.110)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
Update for Microsoft .NET Framework 4.8 (KB4503575) (1)
VLC media player (3.0.11)
VLC media player (3.0.11)
WinRAR 5.91 (32-bit) (5.91.0)
WinRAR 5.91 (32-bit) (5.91.0)

Add for printing

MALICIOUS
- Drops the executable file immediately after the start
  - WinRAR.exe (PID: 752)
SUSPICIOUS
- Application launched itself
  - NATRO_MACRO.exe (PID: 1072)
  - NATRO_MACRO.exe (PID: 2380)
  - NATRO_MACRO.exe (PID: 3808)
  - NATRO_MACRO.exe (PID: 2528)
  - NATRO_MACRO.exe (PID: 3264)
  - NATRO_MACRO.exe (PID: 3156)
  - NATRO_MACRO.exe (PID: 2496)
  - NATRO_MACRO.exe (PID: 3048)
  - NATRO_MACRO.exe (PID: 908)
  - NATRO_MACRO.exe (PID: 3412)
  - NATRO_MACRO.exe (PID: 3588)
  - NATRO_MACRO.exe (PID: 3584)
  - NATRO_MACRO.exe (PID: 560)
  - NATRO_MACRO.exe (PID: 3548)
  - NATRO_MACRO.exe (PID: 3704)
  - NATRO_MACRO.exe (PID: 3688)
  - NATRO_MACRO.exe (PID: 3820)
  - NATRO_MACRO.exe (PID: 4036)
  - NATRO_MACRO.exe (PID: 2524)
  - NATRO_MACRO.exe (PID: 3296)
  - NATRO_MACRO.exe (PID: 3408)
  - NATRO_MACRO.exe (PID: 2948)
  - NATRO_MACRO.exe (PID: 3924)
  - NATRO_MACRO.exe (PID: 4040)
  - NATRO_MACRO.exe (PID: 2840)
  - NATRO_MACRO.exe (PID: 3660)
  - NATRO_MACRO.exe (PID: 1876)
  - NATRO_MACRO.exe (PID: 3716)
  - NATRO_MACRO.exe (PID: 864)
  - NATRO_MACRO.exe (PID: 2304)
  - NATRO_MACRO.exe (PID: 3956)
  - NATRO_MACRO.exe (PID: 3992)
  - NATRO_MACRO.exe (PID: 2860)
  - NATRO_MACRO.exe (PID: 3964)
  - NATRO_MACRO.exe (PID: 2484)
  - NATRO_MACRO.exe (PID: 116)
  - NATRO_MACRO.exe (PID: 2408)
  - NATRO_MACRO.exe (PID: 1844)
  - NATRO_MACRO.exe (PID: 3720)
  - NATRO_MACRO.exe (PID: 3736)
  - NATRO_MACRO.exe (PID: 3732)
  - NATRO_MACRO.exe (PID: 2844)
  - NATRO_MACRO.exe (PID: 3504)
  - NATRO_MACRO.exe (PID: 2240)
  - NATRO_MACRO.exe (PID: 2752)
  - NATRO_MACRO.exe (PID: 1040)
  - NATRO_MACRO.exe (PID: 3428)
  - NATRO_MACRO.exe (PID: 3464)
- Reads the Internet Settings
  - NATRO_MACRO.exe (PID: 3548)
  - NATRO_MACRO.exe (PID: 3716)
- Reads settings of System Certificates
  - NATRO_MACRO.exe (PID: 3548)
  - NATRO_MACRO.exe (PID: 3716)
  - NATRO_MACRO.exe (PID: 2484)
INFO
- Executable content was dropped or overwritten
  - WinRAR.exe (PID: 752)
- Checks supported languages
  - NATRO_MACRO.exe (PID: 2628)
  - NATRO_MACRO.exe (PID: 3808)
  - NATRO_MACRO.exe (PID: 1072)
  - NATRO_MACRO.exe (PID: 2088)
  - NATRO_MACRO.exe (PID: 324)
  - NATRO_MACRO.exe (PID: 2380)
  - NATRO_MACRO.exe (PID: 2776)
  - NATRO_MACRO.exe (PID: 3248)
  - NATRO_MACRO.exe (PID: 3264)
  - NATRO_MACRO.exe (PID: 1428)
  - NATRO_MACRO.exe (PID: 2528)
  - NATRO_MACRO.exe (PID: 3052)
  - NATRO_MACRO.exe (PID: 3040)
  - NATRO_MACRO.exe (PID: 3048)
  - NATRO_MACRO.exe (PID: 908)
  - NATRO_MACRO.exe (PID: 3000)
  - NATRO_MACRO.exe (PID: 3524)
  - NATRO_MACRO.exe (PID: 3412)
  - NATRO_MACRO.exe (PID: 3584)
  - NATRO_MACRO.exe (PID: 3596)
  - NATRO_MACRO.exe (PID: 3588)
  - NATRO_MACRO.exe (PID: 3568)
  - NATRO_MACRO.exe (PID: 3156)
  - NATRO_MACRO.exe (PID: 2496)
  - NATRO_MACRO.exe (PID: 3396)
  - NATRO_MACRO.exe (PID: 3548)
  - NATRO_MACRO.exe (PID: 3320)
  - NATRO_MACRO.exe (PID: 560)
  - NATRO_MACRO.exe (PID: 3896)
  - NATRO_MACRO.exe (PID: 3888)
  - NATRO_MACRO.exe (PID: 3820)
  - NATRO_MACRO.exe (PID: 3824)
  - NATRO_MACRO.exe (PID: 3704)
  - NATRO_MACRO.exe (PID: 3688)
  - NATRO_MACRO.exe (PID: 4032)
  - NATRO_MACRO.exe (PID: 2948)
  - NATRO_MACRO.exe (PID: 3632)
  - NATRO_MACRO.exe (PID: 3868)
  - NATRO_MACRO.exe (PID: 2916)
  - NATRO_MACRO.exe (PID: 4040)
  - NATRO_MACRO.exe (PID: 4036)
  - NATRO_MACRO.exe (PID: 2536)
  - NATRO_MACRO.exe (PID: 2524)
  - NATRO_MACRO.exe (PID: 3364)
  - NATRO_MACRO.exe (PID: 292)
  - NATRO_MACRO.exe (PID: 3296)
  - NATRO_MACRO.exe (PID: 2136)
  - NATRO_MACRO.exe (PID: 3924)
  - NATRO_MACRO.exe (PID: 3716)
  - NATRO_MACRO.exe (PID: 2852)
  - NATRO_MACRO.exe (PID: 3784)
  - NATRO_MACRO.exe (PID: 3660)
  - NATRO_MACRO.exe (PID: 2840)
  - NATRO_MACRO.exe (PID: 3944)
  - NATRO_MACRO.exe (PID: 3408)
  - NATRO_MACRO.exe (PID: 2132)
  - NATRO_MACRO.exe (PID: 2928)
  - NATRO_MACRO.exe (PID: 3216)
  - NATRO_MACRO.exe (PID: 2304)
  - NATRO_MACRO.exe (PID: 3212)
  - NATRO_MACRO.exe (PID: 1876)
  - NATRO_MACRO.exe (PID: 3932)
  - NATRO_MACRO.exe (PID: 2328)
  - NATRO_MACRO.exe (PID: 864)
  - NATRO_MACRO.exe (PID: 3964)
  - NATRO_MACRO.exe (PID: 1696)
  - NATRO_MACRO.exe (PID: 2860)
  - NATRO_MACRO.exe (PID: 3956)
  - NATRO_MACRO.exe (PID: 2124)
  - NATRO_MACRO.exe (PID: 3992)
  - NATRO_MACRO.exe (PID: 2856)
  - NATRO_MACRO.exe (PID: 2692)
  - NATRO_MACRO.exe (PID: 2192)
  - NATRO_MACRO.exe (PID: 2484)
  - NATRO_MACRO.exe (PID: 2376)
  - NATRO_MACRO.exe (PID: 116)
  - NATRO_MACRO.exe (PID: 2408)
  - NATRO_MACRO.exe (PID: 4044)
  - NATRO_MACRO.exe (PID: 2896)
  - NATRO_MACRO.exe (PID: 2672)
  - NATRO_MACRO.exe (PID: 3076)
  - NATRO_MACRO.exe (PID: 1844)
  - NATRO_MACRO.exe (PID: 3736)
  - NATRO_MACRO.exe (PID: 2996)
  - NATRO_MACRO.exe (PID: 3720)
  - NATRO_MACRO.exe (PID: 3632)
  - NATRO_MACRO.exe (PID: 3448)
  - NATRO_MACRO.exe (PID: 3548)
  - NATRO_MACRO.exe (PID: 3732)
  - NATRO_MACRO.exe (PID: 2844)
  - NATRO_MACRO.exe (PID: 3504)
  - NATRO_MACRO.exe (PID: 1216)
  - NATRO_MACRO.exe (PID: 2240)
  - NATRO_MACRO.exe (PID: 2752)
  - NATRO_MACRO.exe (PID: 3660)
  - NATRO_MACRO.exe (PID: 1876)
  - NATRO_MACRO.exe (PID: 2840)
  - NATRO_MACRO.exe (PID: 2304)
  - NATRO_MACRO.exe (PID: 1040)
  - NATRO_MACRO.exe (PID: 3428)
  - NATRO_MACRO.exe (PID: 864)
  - NATRO_MACRO.exe (PID: 3500)
  - NATRO_MACRO.exe (PID: 3464)
- Manual execution by a user
  - NATRO_MACRO.exe (PID: 3808)
- Reads the computer name
  - NATRO_MACRO.exe (PID: 3548)
  - NATRO_MACRO.exe (PID: 3716)
  - NATRO_MACRO.exe (PID: 2484)
- Reads the machine GUID from the registry
  - NATRO_MACRO.exe (PID: 3548)
  - NATRO_MACRO.exe (PID: 3716)
  - NATRO_MACRO.exe (PID: 2484)
- Application launched itself
  - msedge.exe (PID: 1928)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.zip	\|	ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion:	20
ZipBitFlag:	-
ZipCompression:	None
ZipModifyDate:	2023:09:29 20:08:30
ZipCRC:	0x00000000
ZipCompressedSize:	-
ZipUncompressedSize:	-
ZipFileName:	Natro Macro v0.9.6/

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

163

Monitored processes

122

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

116

"C:\Users\admin\Desktop\Natro Macro v0.9.6\NATRO_MACRO.exe" /script /ErrorStdOut *

C:\Users\admin\Desktop\Natro Macro v0.9.6\NATRO_MACRO.exe

—

NATRO_MACRO.exe

User:

admin

Company:

AutoHotkey Foundation LLC

Integrity Level:

MEDIUM

Description:

AutoHotkey Unicode 32-bit

Exit code:

Version:

1.1.37.01

Modules

Images
c:\users\admin\desktop\natro macro v0.9.6\natro_macro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll

124

"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1604 --field-trial-handle=1360,i,17896613312447028311,18441688989475950535,131072 /prefetch:2

C:\Program Files\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

109.0.1518.115

Modules

Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll

292

"C:\Users\admin\Desktop\Natro Macro v0.9.6\NATRO_MACRO.exe" /script /iLib nul /ErrorStdOut *

C:\Users\admin\Desktop\Natro Macro v0.9.6\NATRO_MACRO.exe

—

NATRO_MACRO.exe

User:

admin

Company:

AutoHotkey Foundation LLC

Integrity Level:

MEDIUM

Description:

AutoHotkey Unicode 32-bit

Exit code:

Version:

1.1.37.01

Modules

Images
c:\users\admin\desktop\natro macro v0.9.6\natro_macro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll

324

"C:\Users\admin\Desktop\Natro Macro v0.9.6\NATRO_MACRO.exe" /script /iLib nul /ErrorStdOut *

C:\Users\admin\Desktop\Natro Macro v0.9.6\NATRO_MACRO.exe

—

NATRO_MACRO.exe

User:

admin

Company:

AutoHotkey Foundation LLC

Integrity Level:

MEDIUM

Description:

AutoHotkey Unicode 32-bit

Exit code:

Version:

1.1.37.01

Modules

Images
c:\users\admin\desktop\natro macro v0.9.6\natro_macro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll

560

"C:\Users\admin\Desktop\Natro Macro v0.9.6\NATRO_MACRO.exe" /script /ErrorStdOut *

C:\Users\admin\Desktop\Natro Macro v0.9.6\NATRO_MACRO.exe

—

NATRO_MACRO.exe

User:

admin

Company:

AutoHotkey Foundation LLC

Integrity Level:

MEDIUM

Description:

AutoHotkey Unicode 32-bit

Exit code:

Version:

1.1.37.01

Modules

Images
c:\users\admin\desktop\natro macro v0.9.6\natro_macro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll

752

"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Natro_Macro_v0.9.6.zip"

C:\Program Files\WinRAR\WinRAR.exe

explorer.exe

User:

admin

Company:

Alexander Roshal

Integrity Level:

MEDIUM

Description:

WinRAR archiver

Exit code:

Version:

5.91.0

Modules

Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll

864

"C:\Users\admin\Desktop\Natro Macro v0.9.6\NATRO_MACRO.exe" /script /ErrorStdOut *

C:\Users\admin\Desktop\Natro Macro v0.9.6\NATRO_MACRO.exe

—

NATRO_MACRO.exe

User:

admin

Company:

AutoHotkey Foundation LLC

Integrity Level:

MEDIUM

Description:

AutoHotkey Unicode 32-bit

Exit code:

Version:

1.1.37.01

Modules

Images
c:\users\admin\desktop\natro macro v0.9.6\natro_macro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll

864

"C:\Users\admin\Desktop\Natro Macro v0.9.6\NATRO_MACRO.exe" /script /iLib nul /ErrorStdOut *

C:\Users\admin\Desktop\Natro Macro v0.9.6\NATRO_MACRO.exe

—

NATRO_MACRO.exe

User:

admin

Company:

AutoHotkey Foundation LLC

Integrity Level:

MEDIUM

Description:

AutoHotkey Unicode 32-bit

Exit code:

Version:

1.1.37.01

Modules

Images
c:\users\admin\desktop\natro macro v0.9.6\natro_macro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll

908

"C:\Users\admin\Desktop\Natro Macro v0.9.6\NATRO_MACRO.exe" /script /ErrorStdOut *

C:\Users\admin\Desktop\Natro Macro v0.9.6\NATRO_MACRO.exe

—

NATRO_MACRO.exe

User:

admin

Company:

AutoHotkey Foundation LLC

Integrity Level:

MEDIUM

Description:

AutoHotkey Unicode 32-bit

Exit code:

Version:

1.1.37.01

Modules

Images
c:\users\admin\desktop\natro macro v0.9.6\natro_macro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll

1040

"C:\Users\admin\Desktop\Natro Macro v0.9.6\NATRO_MACRO.exe" /script /ErrorStdOut *

C:\Users\admin\Desktop\Natro Macro v0.9.6\NATRO_MACRO.exe

—

NATRO_MACRO.exe

User:

admin

Company:

AutoHotkey Foundation LLC

Integrity Level:

MEDIUM

Description:

AutoHotkey Unicode 32-bit

Exit code:

Version:

1.1.37.01

Modules

Images
c:\users\admin\desktop\natro macro v0.9.6\natro_macro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\winmm.dll

Add for printing

Total events

12 698

Read events

12 614

Write events

Delete events

Modification events


(PID) Process:	(752) WinRAR.exe	Key:	HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:	write	Name:	LanguageList
Value: en-US
(PID) Process:	(752) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	3
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:	(752) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	2
Value: C:\Users\admin\Desktop\phacker.zip
(PID) Process:	(752) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	1
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:	(752) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:	write	Name:	0
Value: C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:	(752) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	name
Value: 120
(PID) Process:	(752) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	size
Value: 80
(PID) Process:	(752) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	type
Value: 120
(PID) Process:	(752) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:	write	Name:	mtime
Value: 100
(PID) Process:	(752) WinRAR.exe	Key:	HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:	write	Name:	Placement
Value: 2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000

Add for printing

Executable files

Suspicious files

232

Text files

466

Unknown types

Dropped files

PID	Process	Filename		Type
752	WinRAR.exe	C:\Users\admin\Desktop\Natro Macro v0.9.6\natro_macro.ahk		text
		MD5:A57CBFA6F4CCA96C72289E4F41A4CC45	SHA256:EC275C7D66B1B661769CD81FD18CB3BB3EC2589A751740522F122D68269CA06B
752	WinRAR.exe	C:\Users\admin\Desktop\Natro Macro v0.9.6\lib\Gdip_ImageSearch.ahk		binary
		MD5:D526571C7F58C984C3FF70D81E08E183	SHA256:AB019DBE5A85A8F81A5AF63895E7D238A966C0B29FD72E04593DC23CAC04EA88
752	WinRAR.exe	C:\Users\admin\Desktop\Natro Macro v0.9.6\lib\Walk.ahk		text
		MD5:D58793FE1CFE0A8FD88BF88108219EA9	SHA256:A20ED69B7F051F17C3B368AF1AF9916B8AEDB950AF4809763336BF08FF45F52C
752	WinRAR.exe	C:\Users\admin\Desktop\Natro Macro v0.9.6\lib\Gdip_All.ahk		text
		MD5:A800E27D8C3B148E3120DDE65733AD75	SHA256:07E642B22A34F57B8B8414013B794298A0A679B7838A79E50F11960DFCD23182
752	WinRAR.exe	C:\Users\admin\Desktop\Natro Macro v0.9.6\LICENSE.md		text
		MD5:E62637EA8A114355B985FD86C9FFBD6E	SHA256:230184F60BAE2FEAF244F10A8BAC053C8FF33A183BCC365B4D8B876D2B7F4809
752	WinRAR.exe	C:\Users\admin\Desktop\Natro Macro v0.9.6\nm_image_assets\aromatic pie.png		image
		MD5:387F5BEFF1D2130447A882A07FBCA063	SHA256:BB9562EFF9F7C9C2F17F8D140C85F00550BCE6AE9532A14009B1B4262ED7C4EE
752	WinRAR.exe	C:\Users\admin\Desktop\Natro Macro v0.9.6\nm_image_assets\beemenu\beedigit1.png		image
		MD5:5D6B2B098B0C67C6445A653815E2697A	SHA256:9FE28EFAAD59AD7779EC77EE6EF93F71837BE56F36A5D48F1B2FA399D963CF90
752	WinRAR.exe	C:\Users\admin\Desktop\Natro Macro v0.9.6\nm_image_assets\any pollen.png		image
		MD5:708DF32D7EB8AC41A80C09E7113797A5	SHA256:7D84D787A6BA6EB380446FB161579391A4E41017DE59937B7E0D3B3A2F57E425
752	WinRAR.exe	C:\Users\admin\Desktop\Natro Macro v0.9.6\nm_image_assets\beemenu\beedigit0.png		image
		MD5:A49DCB0749063E4F756866225685CBEA	SHA256:5367490ADA5BD564ED44713CF461228EAF8531A97067EEC351DC559B5E2C13FA
752	WinRAR.exe	C:\Users\admin\Desktop\Natro Macro v0.9.6\nm_image_assets\bamboo.png		image
		MD5:D6CFA28B03548D03D858B6F342214C0B	SHA256:2C30D62FC8F1C762E3302574A788BD60DCA0DB4B7B2555A9400FF3024F49DBF0

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

DNS requests

Threats

HTTP requests

No HTTP requests

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:138	—	—	—	whitelisted
4	System	192.168.100.255:137	—	—	—	whitelisted
1080	svchost.exe	224.0.0.252:5355	—	—	—	unknown
3548	NATRO_MACRO.exe	140.82.121.5:443	api.github.com	GITHUB	US	unknown
3548	NATRO_MACRO.exe	185.199.108.133:443	raw.githubusercontent.com	FASTLY	US	unknown
3716	NATRO_MACRO.exe	140.82.121.5:443	api.github.com	GITHUB	US	unknown
3716	NATRO_MACRO.exe	185.199.108.133:443	raw.githubusercontent.com	FASTLY	US	unknown
1928	msedge.exe	239.255.255.250:1900	—	—	—	unknown
2968	msedge.exe	13.107.42.16:443	config.edge.skype.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	whitelisted
2968	msedge.exe	204.79.197.239:443	edge.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	US	unknown

DNS requests

Domain	IP	Reputation
api.github.com	140.82.121.5	whitelisted
raw.githubusercontent.com	185.199.108.133 185.199.109.133 185.199.110.133 185.199.111.133	shared
config.edge.skype.com	13.107.42.16	whitelisted
docs.google.com	142.250.184.238	shared
edge.microsoft.com	204.79.197.239 13.107.21.239	whitelisted
fonts.googleapis.com	142.250.186.138	whitelisted
fonts.gstatic.com	142.250.185.99	whitelisted
ssl.gstatic.com	142.250.185.99	whitelisted
www.bing.com	104.126.37.139 104.126.37.131	whitelisted
www.gstatic.com	172.217.16.131	whitelisted

Threats

PID	Process	Class	Message
2968	msedge.exe	Potential Corporate Privacy Violation	POLICY [ANY.RUN] Downloading from a Documents sharing service is observed

Add for printing

No debug info

General Info

Natro_Macro_v0.9.6.zip

EC32ADBE4B134BFCEE504849AFE0C339

4345C4CC0F8F2C08DE1A5DF0898209ABC9DBC4B6

39E7951689C112474A0EB14C62C2A36844AE8B607DFF508ABAE11A7E7B8F70C5

98304:tf5Uf+YrR27T7z6CurH2sixGCsZgWyXuiPHlJXJ98OlHntzZ9eQJFub6o9MVZfFa:HLFuWtS

Software environment set and analysis options

Launch configuration

Software preset

Behavior activities

MALICIOUS

Drops the executable file immediately after the start

SUSPICIOUS

Application launched itself

Reads the Internet Settings

Reads settings of System Certificates

INFO

Executable content was dropped or overwritten

Checks supported languages

Manual execution by a user

Reads the computer name

Reads the machine GUID from the registry

Application launched itself

Malware configuration

Static information

TRiD

EXIF

ZIP

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings