analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Fedex.com Brute by Plyshka.rar

Full analysis: https://app.any.run/tasks/7a5c175f-a5e5-4a3d-8681-136771517bd3
Verdict: Malicious activity
Analysis date: September 19, 2019, 08:06:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

A97F42A4F8892BCB6FBACA477606D946

SHA1:

766DF6A26F02C50419030607FF29F74452A56A7E

SHA256:

3FDC2AF04095886916ABE5BE1EC605C74A11C428F1F72674344F7E4DCEE2B10E

SSDEEP:

49152:xFipp3SrT26A5JEUkjcXSmO5QTd9bOONaGZ+pqZoHd8SdBrOhQ3:GppkT26A5JGcCmzd9bZtUkmnBrT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 752)
      • Fedex.com Brute by Plyshka.exe (PID: 2580)
    • Application was dropped or rewritten from another process

      • Fedex.com Brute by Plyshka.exe (PID: 2580)
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Manual execution by user

      • Fedex.com Brute by Plyshka.exe (PID: 2580)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
3
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe no specs searchprotocolhost.exe no specs fedex.com brute by plyshka.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2996"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Fedex.com Brute by Plyshka.rar"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
752"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Version:
7.00.7600.16385 (win7_rtm.090713-1255)
2580"C:\Users\admin\Desktop\Fedex.com Brute by Plyshka.exe" C:\Users\admin\Desktop\Fedex.com Brute by Plyshka.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Version:
1.0.0.0
Total events
1 505
Read events
1 285
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
2996WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2996.38395\ssleay32.dll
MD5:
SHA256:
2996WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2996.38395\Fedex.com Brute by Plyshka.exe
MD5:
SHA256:
2996WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2996.38395\libeay32.dll
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info