File name:

osu-rx 1.1.2_mpgh.net_mpgh.net.zip

Full analysis: https://app.any.run/tasks/f68858e1-5f46-458b-a78e-4c14bbb6fbde
Verdict: Malicious activity
Analysis date: July 11, 2020, 04:20:36
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

31623CE9CC0DC88CB967238A6A9F59AD

SHA1:

4E6F40AC42DEB7D7131670A65AAB84AD9AECA378

SHA256:

3A724EFEC3110470C30F20C29AD33A305DBB02B3871F7A2E9341DA99A6D3EECE

SSDEEP:

3072:0jZi/lfQtQyE5od6VaGb5foWVliVNqFw2CZ7:0NqfQtQ72di2vVku2i7

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • osu!rx.exe (PID: 2504)
      • osu!rx.exe (PID: 2548)

    • Application was dropped or rewritten from another process

      • osu!rx.exe (PID: 2504)
      • osu!rx.exe (PID: 2548)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2244)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2020:04:24 02:42:24
ZipCRC: 0x4c232bd9
ZipCompressedSize: 5281
ZipUncompressedSize: 11264
ZipFileName: SimpleIniConfig.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
3
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start drop and start start winrar.exe osu!rx.exe no specs osu!rx.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2244"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\osu-rx 1.1.2_mpgh.net_mpgh.net.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2504"C:\Users\admin\AppData\Local\Temp\Rar$EXa2244.11104\osu!rx.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2244.11104\osu!rx.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
osu!rx
Exit code:
0
Version:
1.1.2.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2244.11104\osu!rx.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2548"C:\Users\admin\AppData\Local\Temp\Rar$EXa2244.12074\osu!rx.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2244.12074\osu!rx.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
osu!rx
Exit code:
0
Version:
1.1.2.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2244.12074\osu!rx.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
441
Read events
428
Write events
13
Delete events
0

Modification events

(PID) Process:(2244) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2244) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2244) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2244) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E
Operation:writeName:@C:\Windows\system32\NetworkExplorer.dll,-1
Value:
Network
(PID) Process:(2244) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\osu-rx 1.1.2_mpgh.net_mpgh.net.zip
(PID) Process:(2244) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2244) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2244) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2244) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2244) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
Executable files
10
Suspicious files
0
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
2244WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2244.11104\config.initext
MD5:
SHA256:
2244WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2244.11104\SimpleIniConfig.dllexecutable
MD5:
SHA256:
2244WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2244.11104\osu!rx.exe.configxml
MD5:A1F6C4534C91DA136D37DE751C82CD7B
SHA256:CAC64CA7804B4CD05FAC78821332C7C4F8DE33FB1A8FCF47FA690C902E9CD252
2244WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2244.12074\SimpleIniConfig.dllexecutable
MD5:
SHA256:
2244WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2244.11104\osu!rx.exeexecutable
MD5:
SHA256:
2244WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2244.12074\osu!rx.exeexecutable
MD5:
SHA256:
2244WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2244.12074\config.initext
MD5:
SHA256:
2244WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2244.11104\System.Numerics.Vectors.dllexecutable
MD5:AAA2CBF14E06E9D3586D8A4ED455DB33
SHA256:1D3EF8698281E7CF7371D1554AFEF5872B39F96C26DA772210A33DA041BA1183
2244WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2244.11104\OsuParsers.dllexecutable
MD5:2DD63C07BA1B84E602E8C49F35D8DD7E
SHA256:37AC9851DAD7368A2EEB521BB7CE0A7EB94F9F07DF51DC516DD89BDB992F79EF
2244WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2244.11104\WindowsInput.dllexecutable
MD5:D711DAF0138D35BDB878E397E0ABB7C0
SHA256:81110D44256397F0F3C572A20CA94BB4C669E5DE89F9348ABAD263FBD81C54B9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
osu-rx 1.1.2_mpgh.net_mpgh.net.zip