File name:

AdobeCC2019-2020-GenP-2.5.zip

Full analysis: https://app.any.run/tasks/be1d5405-3ca9-4d80-b381-e2851a369015
Verdict: Malicious activity
Analysis date: June 03, 2020, 14:46:30
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

4E7FADFE2C6F7CAEE585A0C0C601FAAF

SHA1:

D5029AD4358CB56667C3BAB28FD6DED18696CF77

SHA256:

4B842BF23EA7DB116E109FAECC212CC8E8747738B39EEB93B3618A1A013641A1

SSDEEP:

98304:cWr0xIz68EREbNWETUmqxF5D6Zv8Dh/buVTc:cOoIzFUEJWKPSbD6Zv8DpKo

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • ASP_v2_0_P.exe (PID: 2724)
      • ASP_v2_0_P.exe (PID: 3784)

    • Loads dropped or rewritten executable

      • ASP_v2_0_P.exe (PID: 3784)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 928)
      • ASP_v2_0_P.exe (PID: 3784)

  • INFO

    • Manual execution by user

      • ASP_v2_0_P.exe (PID: 2724)
      • ASP_v2_0_P.exe (PID: 3784)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2020:03:21 15:40:27
ZipCRC: 0xea18593e
ZipCompressedSize: 553115
ZipUncompressedSize: 1169408
ZipFileName: RunMe.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
45
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe asp_v2_0_p.exe no specs asp_v2_0_p.exe

Process information

PID
CMD
Path
Indicators
Parent process
928"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\AdobeCC2019-2020-GenP-2.5.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2724"C:\Users\admin\Desktop\Resources\ASP_v2_0_P.exe" C:\Users\admin\Desktop\Resources\ASP_v2_0_P.exeexplorer.exe
User:
admin
Company:
PainteR
Integrity Level:
MEDIUM
Description:
Universal Adobe Patcher
Exit code:
3221226540
Version:
2.0.0.0
Modules
Images
c:\users\admin\desktop\resources\asp_v2_0_p.exe
c:\systemroot\system32\ntdll.dll
3784"C:\Users\admin\Desktop\Resources\ASP_v2_0_P.exe" C:\Users\admin\Desktop\Resources\ASP_v2_0_P.exe
explorer.exe
User:
admin
Company:
PainteR
Integrity Level:
HIGH
Description:
Universal Adobe Patcher
Exit code:
0
Version:
2.0.0.0
Modules
Images
c:\users\admin\desktop\resources\asp_v2_0_p.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
Total events
370
Read events
348
Write events
22
Delete events
0

Modification events

(PID) Process:(928) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(928) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(928) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(928) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E
Operation:writeName:@C:\Windows\system32\NetworkExplorer.dll,-1
Value:
Network
(PID) Process:(928) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\AdobeCC2019-2020-GenP-2.5.zip
(PID) Process:(928) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(928) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(928) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(928) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(928) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath
Operation:writeName:0
Value:
C:\Users\admin\Desktop
Executable files
7
Suspicious files
0
Text files
25
Unknown types
0

Dropped files

PID
Process
Filename
Type
928WinRAR.exeC:\Users\admin\Desktop\Resources\ICONS\20.jpgimage
MD5:E28765CB813A10BC7DBE0CDDD194D4E3
SHA256:F52A9098B77622B596A2768919669EE39912FBFF1C80478AE8931A1296C1FC05
928WinRAR.exeC:\Users\admin\Desktop\RunMe.exeexecutable
MD5:A2B2DC2FC5E5B348A06454A572B622D8
SHA256:948731BB9CCB6043F80255BBA847A93E0E1B4C34A8A87E3361AC26A800765856
928WinRAR.exeC:\Users\admin\Desktop\Resources\ICONS\16.jpgimage
MD5:66FF480FDCC702B257D2CC9286CABC27
SHA256:1598FF051144A1C180131F3297D36ECD68649DB69AAA0BD1DC600FC55E153BE5
928WinRAR.exeC:\Users\admin\Desktop\Resources\ICONS\12.jpgimage
MD5:68D355824858FA8C3877CDD14FEBE742
SHA256:10F450CB2B9788E68C64091EA829790254D3C0C83CBE82DADAEDA13D98B65C8B
928WinRAR.exeC:\Users\admin\Desktop\Resources\ICONS\13.jpgimage
MD5:AE14AF30E9FA671F328B8695443D25E0
SHA256:FBFBC979B817163667D6B854927D53B13E4426DB17518A8D3AD14B858B8319F7
928WinRAR.exeC:\Users\admin\Desktop\Resources\ICONS\14.jpgimage
MD5:5E8AB8C7B3FD01B70A9F1D83F611A3F5
SHA256:1187CE3203E9E4918F3D636C79435D288EAEC436A1D17BD400A4CA6F9CD02298
928WinRAR.exeC:\Users\admin\Desktop\Resources\ICONS\19.jpgimage
MD5:5208E43110541305C412BB0C813726B7
SHA256:DBDDB9A0B606C12B1E26D4F5D7E2DAD3FF5E18D309745C0AC332A94E35385CF7
928WinRAR.exeC:\Users\admin\Desktop\Resources\ICONS\18.jpgimage
MD5:1EED193223EF2E841C70761B52B2F124
SHA256:EF3FD9662375305E36648935AA256DE732F5C7FE659FB24858A30DD3760D8D5B
928WinRAR.exeC:\Users\admin\Desktop\Resources\ICONS\2.jpgimage
MD5:03FB073F6BA0F0A0BFBE3DB40C41C0A8
SHA256:06521DC984694ACE285209D20F1531281551DDD3EB908C8AE35B5BBF63D693CE
928WinRAR.exeC:\Users\admin\Desktop\Resources\ICONS\21.jpgimage
MD5:B9EBE66F591D456843BEE62FA78F3EDF
SHA256:D0F10D0C9054B2CE39327E3CA3DC1A6737EC7509F44F8727919B1E900B8738A9
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
AdobeCC2019-2020-GenP-2.5.zip