analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Secured.7z

Full analysis: https://app.any.run/tasks/8352a03d-68f6-49e8-8059-ba6527a6de58
Verdict: Malicious activity
Analysis date: November 08, 2018, 19:45:49
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

8CB75F37EABFD504DE80148D53CF1C0C

SHA1:

5DC4D02C2FA90A253743A3A3C2C9572BD0F3D3D9

SHA256:

3C9C71E0C8A537EFEE9813C07850838CFA54BC443A2EA9494BFF4E5A3171E857

SSDEEP:

49152:j6Sgh6D6ybCdjDP3Mzl62rxB+7DvNntZLRdjXNLVdRxp4GE306E/h2Z2WuE:2So6D6SChL3Al6KQvNtZLRdXNpPxpzEt

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • Crack-Me.exe (PID: 1308)

    • Application was dropped or rewritten from another process

      • Crack-Me.exe (PID: 1308)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3384)
      • Crack-Me.exe (PID: 1308)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
32
Monitored processes
2
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start start winrar.exe crack-me.exe

Process information

PID
CMD
Path
Indicators
Parent process
3384"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Secured.7z"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.60.0
1308"C:\Users\admin\AppData\Local\Temp\Rar$EXa3384.38720\Secured\Crack-Me.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3384.38720\Secured\Crack-Me.exe
WinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Crack-Me2
Version:
1.0.0.0
Total events
430
Read events
418
Write events
0
Delete events
0

Modification events

No data
Executable files
3
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
3384WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3384.38720\Secured\AgileDotNet.VMRuntime.dllexecutable
MD5:DC6734ACDA9A6B0F2BA0214A0AD4BF28
SHA256:7B731537498C2994040F4BEBE5BE66C7824819E491C796242B36E76491621026
1308Crack-Me.exeC:\Users\admin\AppData\Local\Temp\ea1e999e-f6ce-4bd9-951e-80b4b6155478\AgileDotNetRT.dllexecutable
MD5:2492EDD201D7F094059EBEB210BA65D1
SHA256:3217306C5D5C6C69EA658B6EB94559A24D6FFE48D75649C916A99B71413A55CE
3384WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3384.38720\Secured\Crack-Me.exeexecutable
MD5:7B9F21D9E5DA4B552B3555938C601036
SHA256:EB42478D4357A0C6F9784DB34EE4DFA9348562B7EF5EBCD42AA5BD16DD2D249B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
Process
Message
Crack-Me.exe
%s------------------------------------------------ --- Themida Professional --- --- (c)2012 Oreans Technologies --- ------------------------------------------------
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Secured.7z