File name:

Clear-ManualsLibrary.b3003.SK041.ed.exe.7z

Full analysis: https://app.any.run/tasks/15124faf-b86a-4848-8011-ca01e5b03bf9
Verdict: Malicious activity
Analysis date: March 01, 2024, 18:00:41
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

E12879E8046B8C0D5CA63ABC1D12BAC5

SHA1:

0EE9A9FB6CBD1BAF06DFA8987F104556642819B2

SHA256:

4FCB6BE37B6DEA20D61A83466E9E97CAFD328BF7AD273568C971FEFBB1AA9D97

SSDEEP:

98304:LV+cE1rP8U+ap6eMzuu5TbV051rAP+2OX9ggDPK9llkJy+ujA8GKghvTZ3AkUhdH:KUhJ4

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 4052)
      • Clear-ManualsLibrary.b3003.SK041.ed.exe (PID: 3216)
      • Clear-ManualsLibrary.b3003.SK041.ed.tmp (PID: 4000)
      • Clear-ManualsLibrary.b3003.SK041.ed.tmp (PID: 2844)
      • Clear-ManualsLibrary.b3003.SK041.ed.exe (PID: 3092)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Clear-ManualsLibrary.b3003.SK041.ed.exe (PID: 3092)
      • Clear-ManualsLibrary.b3003.SK041.ed.exe (PID: 3216)
      • Clear-ManualsLibrary.b3003.SK041.ed.tmp (PID: 4000)
      • Clear-ManualsLibrary.b3003.SK041.ed.tmp (PID: 2844)

    • Reads the Windows owner or organization settings

      • Clear-ManualsLibrary.b3003.SK041.ed.tmp (PID: 4000)
      • Clear-ManualsLibrary.b3003.SK041.ed.tmp (PID: 2844)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 4052)

    • Manual execution by a user

      • Clear-ManualsLibrary.b3003.SK041.ed.exe (PID: 3216)
      • Clear-ManualsLibrary.b3003.SK041.ed.exe (PID: 3092)

    • Create files in a temporary directory

      • Clear-ManualsLibrary.b3003.SK041.ed.exe (PID: 3092)
      • Clear-ManualsLibrary.b3003.SK041.ed.exe (PID: 3216)
      • Clear-ManualsLibrary.b3003.SK041.ed.tmp (PID: 2844)
      • Clear-ManualsLibrary.b3003.SK041.ed.tmp (PID: 4000)

    • Checks supported languages

      • Clear-ManualsLibrary.b3003.SK041.ed.exe (PID: 3216)
      • Clear-ManualsLibrary.b3003.SK041.ed.tmp (PID: 2844)
      • Clear-ManualsLibrary.b3003.SK041.ed.tmp (PID: 4000)
      • Clear-ManualsLibrary.b3003.SK041.ed.exe (PID: 3092)

    • Reads the computer name

      • Clear-ManualsLibrary.b3003.SK041.ed.tmp (PID: 2844)
      • Clear-ManualsLibrary.b3003.SK041.ed.tmp (PID: 4000)

    • Reads the machine GUID from the registry

      • Clear-ManualsLibrary.b3003.SK041.ed.tmp (PID: 2844)
      • Clear-ManualsLibrary.b3003.SK041.ed.tmp (PID: 4000)

    • Reads Environment values

      • Clear-ManualsLibrary.b3003.SK041.ed.tmp (PID: 4000)
      • Clear-ManualsLibrary.b3003.SK041.ed.tmp (PID: 2844)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
44
Monitored processes
5
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe clear-manualslibrary.b3003.sk041.ed.exe clear-manualslibrary.b3003.sk041.ed.tmp clear-manualslibrary.b3003.sk041.ed.exe clear-manualslibrary.b3003.sk041.ed.tmp

Process information

PID
CMD
Path
Indicators
Parent process
2844"C:\Users\admin\AppData\Local\Temp\is-QUC02.tmp\Clear-ManualsLibrary.b3003.SK041.ed.tmp" /SL5="$140158,4024375,806400,C:\Users\admin\Desktop\Clear-ManualsLibrary.b3003.SK041.ed.exe" C:\Users\admin\AppData\Local\Temp\is-QUC02.tmp\Clear-ManualsLibrary.b3003.SK041.ed.tmp
Clear-ManualsLibrary.b3003.SK041.ed.exe
User:
admin
Company:
Clear.App
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
3762504530
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-quc02.tmp\clear-manualslibrary.b3003.sk041.ed.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3092"C:\Users\admin\Desktop\Clear-ManualsLibrary.b3003.SK041.ed.exe" C:\Users\admin\Desktop\Clear-ManualsLibrary.b3003.SK041.ed.exe
explorer.exe
User:
admin
Company:
Clear.App
Integrity Level:
MEDIUM
Description:
Clear Setup
Exit code:
3762504530
Version:
1.1.1.0
Modules
Images
c:\users\admin\desktop\clear-manualslibrary.b3003.sk041.ed.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3216"C:\Users\admin\Desktop\Clear-ManualsLibrary.b3003.SK041.ed.exe" C:\Users\admin\Desktop\Clear-ManualsLibrary.b3003.SK041.ed.exe
explorer.exe
User:
admin
Company:
Clear.App
Integrity Level:
MEDIUM
Description:
Clear Setup
Exit code:
3762504530
Version:
1.1.1.0
Modules
Images
c:\users\admin\desktop\clear-manualslibrary.b3003.sk041.ed.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
4000"C:\Users\admin\AppData\Local\Temp\is-QO6S9.tmp\Clear-ManualsLibrary.b3003.SK041.ed.tmp" /SL5="$150158,4024375,806400,C:\Users\admin\Desktop\Clear-ManualsLibrary.b3003.SK041.ed.exe" C:\Users\admin\AppData\Local\Temp\is-QO6S9.tmp\Clear-ManualsLibrary.b3003.SK041.ed.tmp
Clear-ManualsLibrary.b3003.SK041.ed.exe
User:
admin
Company:
Clear.App
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
3762504530
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-qo6s9.tmp\clear-manualslibrary.b3003.sk041.ed.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mpr.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
4052"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Clear-ManualsLibrary.b3003.SK041.ed.exe.7z"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
4 292
Read events
4 258
Write events
31
Delete events
3

Modification events

(PID) Process:(4052) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(4052) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(4052) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(4052) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(4052) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(4052) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(4052) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Clear-ManualsLibrary.b3003.SK041.ed.exe.7z
(PID) Process:(4052) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(4052) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(4052) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
7
Suspicious files
2
Text files
34
Unknown types
0

Dropped files

PID
Process
Filename
Type
3216Clear-ManualsLibrary.b3003.SK041.ed.exeC:\Users\admin\AppData\Local\Temp\is-QUC02.tmp\Clear-ManualsLibrary.b3003.SK041.ed.tmpexecutable
MD5:D250BC4F53D1D78AAC084AAD5B3EEC04
SHA256:229F1ECFCE581B66AFB249FF19EDFBECAF9FF893A5DAB8E6E022DA958F056A8E
2844Clear-ManualsLibrary.b3003.SK041.ed.tmpC:\Users\admin\AppData\Local\Temp\is-PF25L.tmp\index-manualslibrary-new.htmlhtml
MD5:3E4821082DC4CE34468A43940485F0C8
SHA256:33EB3A7839F7377F77F5EB1F6147BA7906A7DCAAFB44AEC23CAE7DEA7F377C5D
2844Clear-ManualsLibrary.b3003.SK041.ed.tmpC:\Users\admin\AppData\Local\Temp\is-PF25L.tmp\Profiles\profile_map.txttext
MD5:6444764B2CF9F2B2C274787263A78CCB
SHA256:1AF45A6C76B8BAA3CC167690EB748D8C367D1B5E98FE3581B6D8975632FF07F7
2844Clear-ManualsLibrary.b3003.SK041.ed.tmpC:\Users\admin\AppData\Local\Temp\is-PF25L.tmp\Profiles\manualssearch_clearbar.jsonbinary
MD5:E6AD4AB2E714C62C49C4A426A0AB73E3
SHA256:1DDF86BA170A4F05F3D6B7B22B634935B6CA4F21EB0FD74486D295F6C1F8E437
2844Clear-ManualsLibrary.b3003.SK041.ed.tmpC:\Users\admin\AppData\Local\Temp\is-PF25L.tmp\HtmlInstaller.dllexecutable
MD5:646B373188A97FCF379D0EB89C50218B
SHA256:79B279A911BFB9620F4E61C88876E7DE8711936AB0453C211B5A2A03FEFE4999
2844Clear-ManualsLibrary.b3003.SK041.ed.tmpC:\Users\admin\AppData\Local\Temp\is-PF25L.tmp\Networking.dllexecutable
MD5:93EB3FB394F660B7DA2350BBF86F71C0
SHA256:5B92B1E84560B4567D2CE26267AE09CBBC80A72515724AD3C74518E8315EF2D8
4052WinRAR.exeC:\Users\admin\Desktop\Clear-ManualsLibrary.b3003.SK041.ed.exeexecutable
MD5:A196BF8E7BDADAC7A17007AD2F75BA2D
SHA256:E161A46FE428D16D2D006C0C2415B36710278C7E273FE409E51010A2BC6404C9
2844Clear-ManualsLibrary.b3003.SK041.ed.tmpC:\Users\admin\AppData\Local\Temp\is-PF25L.tmp\html\js\knockout.jstext
MD5:052E3CBD4009F65055D36541CE9CC91D
SHA256:7EB9DAB1C04D4ABCE6749AD9D94DDD0690E3C99C6890F979F07EFE4775EE1EAB
2844Clear-ManualsLibrary.b3003.SK041.ed.tmpC:\Users\admin\AppData\Local\Temp\is-PF25L.tmp\html\assets\common\greenprogress.gifimage
MD5:CB84E51D64C4D8F5C25D1563BC83C49A
SHA256:D916A57D1601286604BF570FA5F88E5A257026EDE1A41F5D305AF24B6315CE05
2844Clear-ManualsLibrary.b3003.SK041.ed.tmpC:\Users\admin\AppData\Local\Temp\is-PF25L.tmp\html\css\baseline.csstext
MD5:4C862C415540662AAB18410305790F9A
SHA256:085862D788D0DFE742617007AB076333D5C583AF4D179E73825F7718F2B8846D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
2
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
1040
WerFault.exe
104.208.16.93:443
watson.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown

DNS requests

Domain
IP
Reputation
watson.microsoft.com
  • 104.208.16.93
whitelisted
dns.msftncsi.com
  • 131.107.255.255
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Clear-ManualsLibrary.b3003.SK041.ed.exe.7z