File name:

SFCFix.zip

Full analysis: https://app.any.run/tasks/a4d38c86-88a1-43dd-b1d3-813892677b6a
Verdict: Malicious activity
Analysis date: February 08, 2024, 15:03:19
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

869834865B1774A7C5ED70475266C4BC

SHA1:

13580668A5772B8B2C7564AA6BE14AFA7557580C

SHA256:

3BE9CB8E0B75F7D27342E6A0AE4B0916459C14143AD5221A0DEC8F8841C41450

SSDEEP:

24576:zcYb/5hU57gCNInkYVOAKlfpIfG+Dhv+B07XLn:zcYb/7U57gCNInkYVOAKlfp0G+Dhv+BU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads settings of System Certificates

      • rundll32.exe (PID: 3024)

  • INFO

    • Manual execution by a user

      • rundll32.exe (PID: 3024)

    • Reads security settings of Internet Explorer

      • rundll32.exe (PID: 3024)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2024:02:08 10:36:42
ZipCRC: 0x8b9ff71b
ZipCompressedSize: 62
ZipUncompressedSize: 62
ZipFileName: SFCFix.txt
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs rundll32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1380"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\SFCFix.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3024"C:\Windows\system32\rundll32.exe" cryptext.dll,CryptExtOpenCAT C:\Users\admin\Downloads\Packages\Package_2373_for_KB5029247~31bf3856ad364e35~amd64~~10.0.1.6.catC:\Windows\System32\rundll32.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
Total events
3 992
Read events
3 952
Write events
37
Delete events
3

Modification events

(PID) Process:(1380) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1380) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(1380) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(1380) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(1380) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(1380) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1380) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1380) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1380) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3024) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
0
Suspicious files
55
Text files
56
Unknown types
0

Dropped files

PID
Process
Filename
Type
1380WinRAR.exeC:\Users\admin\Downloads\Packages\Package_6559_for_KB5031361~31bf3856ad364e35~amd64~~10.0.1.9.mumxml
MD5:17F49BF4B390D17CEAA82534CF72E68B
SHA256:27ADED3DA4E45E96996DF276A2204D351650A1D3F9EF552F4C06BEFE0B880D40
1380WinRAR.exeC:\Users\admin\Downloads\SFCFix.txttext
MD5:F6CD316CE9BDC2295E9DEF95C69EEC97
SHA256:7A49E4685B1BC6E0E1AFD2305BBD97016C9EB1D31DA84C7CAE51EA56F4FB56E3
1380WinRAR.exeC:\Users\admin\Downloads\Packages\Package_6523_for_KB5031361~31bf3856ad364e35~amd64~~10.0.1.9.mumxml
MD5:5BA12BA7AB80A40EB4D192AB22CAA4F7
SHA256:AFF9DA2CECDD01FC1D5BCB01F450F266522C30F12B593EB9273247F797F2CF07
1380WinRAR.exeC:\Users\admin\Downloads\Packages\Package_6527_for_KB5031361~31bf3856ad364e35~amd64~~10.0.1.9.mumxml
MD5:D7217E7C577E5542F0A97FA1B820291E
SHA256:81CA884245EBA79ABD68D4A579CDCF9B059C2B755B14E52E893846C8A6208413
1380WinRAR.exeC:\Users\admin\Downloads\Packages\Package_6563_for_KB5031361~31bf3856ad364e35~amd64~~10.0.1.9.mumxml
MD5:A93832DD4A6EE57F448AA53CD7B0D778
SHA256:3F58284A1EA2D15220C7D5633C3A6C1D7FAED8A82485C33B8E93273A8B574BA5
1380WinRAR.exeC:\Users\admin\Downloads\Packages\Package_6555_for_KB5031361~31bf3856ad364e35~amd64~~10.0.1.9.catbinary
MD5:C7DEEE5C0629B2723884F21735DFE9EE
SHA256:5DB970A33940A0539C44E90EDBDED25168D3062F0DE0F3A8B6EFA285B7B51A0A
1380WinRAR.exeC:\Users\admin\Downloads\Packages\Package_6522_for_KB5031361~31bf3856ad364e35~amd64~~10.0.1.9.catcat
MD5:64D00F86BBC3D409CB50A8049F5D053D
SHA256:DCA04304F175DEF1B3E47D4F7CD271FAB5541F181FFE20C38D3E185446DC5852
1380WinRAR.exeC:\Users\admin\Downloads\Packages\Package_6511_for_KB5031361~31bf3856ad364e35~amd64~~10.0.1.9.mumxml
MD5:7211D1B8CE1BF82A7553A9D426364104
SHA256:16F4C3A5B95CFB396A1EC3EE94150E9DA97E964AF58A6DF7DC7342149C0BC334
1380WinRAR.exeC:\Users\admin\Downloads\Packages\Package_6510_for_KB5031361~31bf3856ad364e35~amd64~~10.0.1.9.catbinary
MD5:8E72F70F500A9F5910E0D42F52628732
SHA256:7881B9DADDC80C5EC88AE91F1183EB7A980CB50DAF2C94EF497EA870589B9C04
1380WinRAR.exeC:\Users\admin\Downloads\Packages\Package_6518_for_KB5031361~31bf3856ad364e35~amd64~~10.0.1.9.mumxml
MD5:77CED9FCC803D2657A16F15207B6D31B
SHA256:9FF0CA1E86F19B696FF5C3BC68BCBA2CA4AB5D401456F5F96992641B87B19D66
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
SFCFix.zip