File name:

Solara.Dir.zip

Full analysis: https://app.any.run/tasks/57215467-bc9e-407a-a80f-cdd64db938bb
Verdict: Malicious activity
Analysis date: May 22, 2024, 12:51:27
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

D3D9F2B0F0889635E8AA46062FD6C532

SHA1:

CD3786D49A6957DE7D776899944EF7FCDA2C9E22

SHA256:

4C5C93D3D090EF0DA3A9E70886B815C3231097B4B0CF65CFEF22F6F6546740C1

SSDEEP:

196608:Cmq2HjbcGMJ/gbIgUP7QXm2KF3i/tDa6JkDI:1DQpgkT0m2IitkDI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 3980)

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 3980)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3980)

    • Dropped object may contain TOR URL's

      • WinRAR.exe (PID: 3980)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3980)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (36.3)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2024:05:19 10:18:48
ZipCRC: 0x63fd34c3
ZipCompressedSize: 11162
ZipUncompressedSize: 24616
ZipFileName: Solara.Dir/api-ms-win-crt-convert-l1-1-0.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
32
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe

Process information

PID
CMD
Path
Indicators
Parent process
3980"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\Solara.Dir.zipC:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
3 669
Read events
3 649
Write events
20
Delete events
0

Modification events

(PID) Process:(3980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3980) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Solara.Dir.zip
(PID) Process:(3980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3980) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
39
Suspicious files
549
Text files
531
Unknown types
14

Dropped files

PID
Process
Filename
Type
3980WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3980.11713\Solara.Dir\libcurl.dllexecutable
MD5:E31F5136D91BAD0FCBCE053AAC798A30
SHA256:EE94E2201870536522047E6D7FE7B903A63CD2E13E20C8FFFC86D0E95361E671
3980WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3980.11713\Solara.Dir\api-ms-win-crt-filesystem-l1-1-0.dllexecutable
MD5:1193F810519FBC07BEB3FFBAD3247FC4
SHA256:AB2158FE6B354FB429F57F374CA25105B44E97EDCBDC1B752650D895DADD6FD1
3980WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3980.11713\Solara.Dir\api-ms-win-crt-math-l1-1-0.dllexecutable
MD5:C4CAC2D609BB5E0DA9017EBB535634CE
SHA256:7C3336C3A50BF3B4C5492C0D085519C040878243E9F7D3EA9F6A2E35C8F1F374
3980WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3980.11713\Solara.Dir\cpr.dllexecutable
MD5:203400107A2717D8F4F00A7DF6969739
SHA256:6F6DE861D4ADD275621FF52ED1695F691EFD7ED742D4B077CE43EB96F2C5CFBA
3980WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3980.11713\Solara.Dir\api-ms-win-crt-runtime-l1-1-0.dllexecutable
MD5:894E538FBD29D9AF2DAC82ABBB798AA8
SHA256:B12679D33126D2DCB0CD3625FCCF5C3AFC40D95C1BE36DC55F7471DE94929D23
3980WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3980.11713\Solara.Dir\api-ms-win-crt-string-l1-1-0.dllexecutable
MD5:AACADE02D7AAF6B5EFF26A0E3A11C42D
SHA256:E71D517E6B7039437E3FC449D8AD12EEECA0D5C8ED1C500555344FD90DDC3207
3980WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3980.11713\Solara.Dir\api-ms-win-crt-stdio-l1-1-0.dllexecutable
MD5:5DF2410C0AFD30C9A11DE50DE4798089
SHA256:E6A1EF1F7C1957C50A3D9C1D70C0F7B0D8BADC7F279CD056EB179DC256BFEFDA
3980WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3980.11713\Solara.Dir\bin\version.txttext
MD5:6CC7EE6409E8E8BFD2A73B20884140A4
SHA256:B720401FC5F0A1962C830B14132F12C2B376F2CCA823B2EFBAF226167720251E
3980WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3980.11713\Solara.Dir\Monaco\fgd.htmlhtml
MD5:A1416C1FE209F7687FF79AB44301B3D3
SHA256:A6897302DBA619DD3C156D57FC4B706662BFF4DF582975C33478B7878B060D2C
3980WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3980.11713\Solara.Dir\Microsoft.Web.WebView2.Core.dllexecutable
MD5:851FEE9A41856B588847CF8272645F58
SHA256:5E7FAEE6B8230CA3B97CE9542B914DB3ABBBD1CB14FD95A39497AAAD4C1094CA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Solara.Dir.zip