File name:

OpenBullet___Spotify_Config.rar

Full analysis: https://app.any.run/tasks/ad484001-e991-4c2b-be77-36134099cc4e
Verdict: Malicious activity
Analysis date: February 12, 2020, 05:37:51
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

A0A9072BB113C32E8C5E6A0562C6B460

SHA1:

AF283073320016A6ACC72B6BA27269C16E95EDF0

SHA256:

4C6E8BCB62778FC6839EFF79B6B049100D81D352D0FF32C5006A4A486B693DD4

SSDEEP:

196608:6/aDuUJbQRGhxYihoVOyzAgmwkpgI6+BaaCSF2+h/ki93sU923HYChrn8YgvFp8g:ia6UeGh6ihoFzh4x6nqh843sUs34CF8L

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • OpenBullet.exe (PID: 3760)

    • Loads dropped or rewritten executable

      • OpenBullet.exe (PID: 3760)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3284)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start start winrar.exe openbullet.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3284"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\OpenBullet___Spotify_Config.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
3760"C:\Users\admin\AppData\Local\Temp\Rar$EXa3284.40739\OpenBullet + Spotify Config\OpenBullet + Spotify Config\OpenBullet.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3284.40739\OpenBullet + Spotify Config\OpenBullet + Spotify Config\OpenBullet.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
OpenBullet
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa3284.40739\openbullet + spotify config\openbullet + spotify config\openbullet.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
463
Read events
449
Write events
14
Delete events
0

Modification events

(PID) Process:(3284) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3284) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3284) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3284) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\OpenBullet___Spotify_Config.rar
(PID) Process:(3284) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3284) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3284) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3284) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3284) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3284) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
Executable files
34
Suspicious files
0
Text files
10
Unknown types
4

Dropped files

PID
Process
Filename
Type
3284WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3284.40739\OpenBullet + Spotify Config\OpenBullet + Spotify Config\bin\Leaf.xNet.dllexecutable
MD5:
SHA256:
3284WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3284.40739\OpenBullet + Spotify Config\OpenBullet + Spotify Config\bin\Extreme.Net.dllexecutable
MD5:
SHA256:
3284WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3284.40739\OpenBullet + Spotify Config\OpenBullet + Spotify Config\bin\IronPython.Wpf.dllexecutable
MD5:F1E1A1058A95C27CC453F8559E4AB3ED
SHA256:4061499B5E66C9309352A660A457AC95C8FA98229A8BBCCC648DEB85F5FF7CC7
3284WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3284.40739\OpenBullet + Spotify Config\OpenBullet + Spotify Config\bin\IronPython.dllexecutable
MD5:9A39A51E6DCB22B80DB481FBFBCD7826
SHA256:61B809B97DC878F42E85EE2C5D8471853527754E4F53B17C0507334C57E19E04
3284WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3284.40739\OpenBullet + Spotify Config\OpenBullet + Spotify Config\bin\IronPython.Modules.dllexecutable
MD5:621192DB357916F2261989A49FA2C6BD
SHA256:87525121D7826DCFC76963AB8BD7996B9644BF4F148D1296757EB702A43DA51F
3284WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3284.40739\OpenBullet + Spotify Config\OpenBullet + Spotify Config\bin\ICSharpCode.AvalonEdit.dllexecutable
MD5:B4D5D46E50006E87B30E7D514E95173C
SHA256:058F38F33F3F99F904AB9588447A234346C859718404B4E8A523673ED19CDBE7
3284WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3284.40739\OpenBullet + Spotify Config\OpenBullet + Spotify Config\bin\IronPython.SQLite.dllexecutable
MD5:B7EFBF654402C78226B8D69AD0011BBB
SHA256:5A6E2EDA86E863E155F67CEBEF095355B7EA7B1DCD97D87E4058F0A5AC60D798
3284WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3284.40739\OpenBullet + Spotify Config\OpenBullet + Spotify Config\bin\Jint.dllexecutable
MD5:734C5CE8F9B104D8AD3C7B494E96F9B9
SHA256:ED618668AE9E7C02C7C2B7332DD09079168CCA96432A051044683C996337001C
3284WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3284.40739\OpenBullet + Spotify Config\OpenBullet + Spotify Config\bin\Microsoft.Scripting.dllexecutable
MD5:0B75B3835BF11D3163EB0798F7C1A89D
SHA256:D8B3CAB5C0F0E9C308C962FA894BC300C75F93537DAEF0E790069CA8CB1C7170
3284WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3284.40739\OpenBullet + Spotify Config\OpenBullet + Spotify Config\bin\LiteDB.dllexecutable
MD5:25B242D00C6C32E1F437EB2064EA2E29
SHA256:E72ACDDF47586BC0999D598E3BD125A254BB6F4AE151C076993304F6E31FBBED
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
OpenBullet___Spotify_Config.rar