File name:

SFCFix.zip

Full analysis: https://app.any.run/tasks/a4d38c86-88a1-43dd-b1d3-813892677b6a
Verdict: Malicious activity
Analysis date: February 08, 2024, 15:03:19
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

869834865B1774A7C5ED70475266C4BC

SHA1:

13580668A5772B8B2C7564AA6BE14AFA7557580C

SHA256:

3BE9CB8E0B75F7D27342E6A0AE4B0916459C14143AD5221A0DEC8F8841C41450

SSDEEP:

24576:zcYb/5hU57gCNInkYVOAKlfpIfG+Dhv+B07XLn:zcYb/7U57gCNInkYVOAKlfp0G+Dhv+BU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads settings of System Certificates

      • rundll32.exe (PID: 3024)

  • INFO

    • Reads security settings of Internet Explorer

      • rundll32.exe (PID: 3024)

    • Manual execution by a user

      • rundll32.exe (PID: 3024)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2024:02:08 10:36:42
ZipCRC: 0x8b9ff71b
ZipCompressedSize: 62
ZipUncompressedSize: 62
ZipFileName: SFCFix.txt
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs rundll32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1380"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\SFCFix.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3024"C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtOpenCAT C:\Users\admin\Downloads\Packages\Package_2373_for_KB5029247~31bf3856ad364e35~amd64~~10.0.1.6.catC:\Windows\System32\rundll32.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
Total events
3 992
Read events
3 952
Write events
37
Delete events
3

Modification events

(PID) Process:(1380) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1380) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(1380) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(1380) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(1380) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(1380) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1380) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1380) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1380) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3024) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
0
Suspicious files
55
Text files
56
Unknown types
0

Dropped files

PID
Process
Filename
Type
1380WinRAR.exeC:\Users\admin\Downloads\Packages\Package_6540_for_KB5031361~31bf3856ad364e35~amd64~~10.0.1.9.mumxml
MD5:4B9F95B4E3BB56F8A0C4492D66E696FE
SHA256:FD8A2CAC906FFD2D921BADAE931C153474C05D007450378F49A741F198F484FB
1380WinRAR.exeC:\Users\admin\Downloads\Packages\Package_6522_for_KB5031361~31bf3856ad364e35~amd64~~10.0.1.9.catcat
MD5:64D00F86BBC3D409CB50A8049F5D053D
SHA256:DCA04304F175DEF1B3E47D4F7CD271FAB5541F181FFE20C38D3E185446DC5852
1380WinRAR.exeC:\Users\admin\Downloads\Packages\Package_6516_for_KB5031361~31bf3856ad364e35~amd64~~10.0.1.9.catbinary
MD5:809606E4A24347A6AF6E686A96D3B01A
SHA256:393E3D22A0A2B04193B56799D9E1A68F95FA229EBB772B702A65195139C7AE0A
1380WinRAR.exeC:\Users\admin\Downloads\Packages\Package_6506_for_KB5031361~31bf3856ad364e35~amd64~~10.0.1.9.catbinary
MD5:2CC97EC938BC102DE2A102655987396E
SHA256:BCC68516F993CE623698CF48793D8E89A27C5F4CE7C46A93082F10142E7BB4E8
1380WinRAR.exeC:\Users\admin\Downloads\Packages\Package_6563_for_KB5031361~31bf3856ad364e35~amd64~~10.0.1.9.mumxml
MD5:A93832DD4A6EE57F448AA53CD7B0D778
SHA256:3F58284A1EA2D15220C7D5633C3A6C1D7FAED8A82485C33B8E93273A8B574BA5
1380WinRAR.exeC:\Users\admin\Downloads\Packages\Package_6538_for_KB5031361~31bf3856ad364e35~amd64~~10.0.1.9.mumxml
MD5:3C9028742916EF2245732F6CF67BF3BC
SHA256:539CB4EB773DE9C70F61EC6E8E7591D260B35FE3C1843B10CFB5FE6BD82915BC
1380WinRAR.exeC:\Users\admin\Downloads\Packages\Package_6510_for_KB5031361~31bf3856ad364e35~amd64~~10.0.1.9.catbinary
MD5:8E72F70F500A9F5910E0D42F52628732
SHA256:7881B9DADDC80C5EC88AE91F1183EB7A980CB50DAF2C94EF497EA870589B9C04
1380WinRAR.exeC:\Users\admin\Downloads\Packages\Package_6516_for_KB5031361~31bf3856ad364e35~amd64~~10.0.1.9.mumxml
MD5:9D74860195F2F5526300F55561085BBA
SHA256:AB3E51ACE6E29CAE348390DF5140B5EE95939D523AFA41C6D153812FFC0FBF9E
1380WinRAR.exeC:\Users\admin\Downloads\Packages\Package_6510_for_KB5031361~31bf3856ad364e35~amd64~~10.0.1.9.mumxml
MD5:AEE7AD65E53F88C3F55E89E1518F43D1
SHA256:A09987C4DECF16A7C45B24E3195407F7AA3D5D2AE0A8F6F7DD1729ACDF7A8FC1
1380WinRAR.exeC:\Users\admin\Downloads\Packages\Package_6511_for_KB5031361~31bf3856ad364e35~amd64~~10.0.1.9.mumxml
MD5:7211D1B8CE1BF82A7553A9D426364104
SHA256:16F4C3A5B95CFB396A1EC3EE94150E9DA97E964AF58A6DF7DC7342149C0BC334
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SFCFix.zip