analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

f347aec88092c54d126fc2edd831b57a14a67851669521ad8c4982bf8ae26d5f.zip

Full analysis: https://app.any.run/tasks/a77a21d3-9df5-44ee-a670-308ef388b0f0
Verdict: Malicious activity
Analysis date: June 27, 2022, 06:46:18
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v5.1 to extract
MD5:

0908A3DDC1E06522FDDA8F44761A3253

SHA1:

FFD469CE6087BFA11D1CD0305EAAA944DFA07576

SHA256:

513CC82B67C97641179416FA3CE9E94419779301947DF22AEBDBF6EDE90F757B

SSDEEP:

12288:W9Gl/zQ+JBsVGSxEGR1msEUUpnNSyG7CkCJD3MVi:j/xqVGS+GR1ms0p4CZ3M4

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Drops executable file immediately after starts

      • WinRAR.exe (PID: 2692)
    • Application was dropped or rewritten from another process

      • f347aec88092c54d126fc2edd831b57a14a67851669521ad8c4982bf8ae26d5f.exe (PID: 2924)
      • f347aec88092c54d126fc2edd831b57a14a67851669521ad8c4982bf8ae26d5f.exe (PID: 3052)
  • SUSPICIOUS

    • Reads the computer name

      • WinRAR.exe (PID: 2692)
      • f347aec88092c54d126fc2edd831b57a14a67851669521ad8c4982bf8ae26d5f.exe (PID: 3052)
    • Checks supported languages

      • WinRAR.exe (PID: 2692)
      • f347aec88092c54d126fc2edd831b57a14a67851669521ad8c4982bf8ae26d5f.exe (PID: 3052)
    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2692)
    • Drops a file with a compile date too recent

      • WinRAR.exe (PID: 2692)
    • Application launched itself

      • f347aec88092c54d126fc2edd831b57a14a67851669521ad8c4982bf8ae26d5f.exe (PID: 3052)
  • INFO

    • Manual execution by user

      • f347aec88092c54d126fc2edd831b57a14a67851669521ad8c4982bf8ae26d5f.exe (PID: 3052)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: f347aec88092c54d126fc2edd831b57a14a67851669521ad8c4982bf8ae26d5f.exe
ZipUncompressedSize: 625664
ZipCompressedSize: 509526
ZipCRC: 0xbdf2fc3a
ZipModifyDate: 2022:06:27 06:45:22
ZipCompression: Unknown (99)
ZipBitFlag: 0x0003
ZipRequiredVersion: 51
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
3
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe f347aec88092c54d126fc2edd831b57a14a67851669521ad8c4982bf8ae26d5f.exe no specs f347aec88092c54d126fc2edd831b57a14a67851669521ad8c4982bf8ae26d5f.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2692"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\f347aec88092c54d126fc2edd831b57a14a67851669521ad8c4982bf8ae26d5f.zip"C:\Program Files\WinRAR\WinRAR.exe
Explorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
3052"C:\Users\admin\Desktop\f347aec88092c54d126fc2edd831b57a14a67851669521ad8c4982bf8ae26d5f.exe" C:\Users\admin\Desktop\f347aec88092c54d126fc2edd831b57a14a67851669521ad8c4982bf8ae26d5f.exeExplorer.EXE
User:
admin
Company:
Coder for Life
Integrity Level:
MEDIUM
Description:
HD44780 LCD Emulator
Exit code:
0
Version:
1.0.0.0
2924"C:\Users\admin\Desktop\f347aec88092c54d126fc2edd831b57a14a67851669521ad8c4982bf8ae26d5f.exe"C:\Users\admin\Desktop\f347aec88092c54d126fc2edd831b57a14a67851669521ad8c4982bf8ae26d5f.exef347aec88092c54d126fc2edd831b57a14a67851669521ad8c4982bf8ae26d5f.exe
User:
admin
Company:
Coder for Life
Integrity Level:
MEDIUM
Description:
HD44780 LCD Emulator
Exit code:
0
Version:
1.0.0.0
Total events
1 074
Read events
1 050
Write events
0
Delete events
0

Modification events

No data
Executable files
1
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
2692WinRAR.exeC:\Users\admin\Desktop\f347aec88092c54d126fc2edd831b57a14a67851669521ad8c4982bf8ae26d5f.exeexecutable
MD5:340383B761E559E0879A8D1D713FAB03
SHA256:F347AEC88092C54D126FC2EDD831B57A14A67851669521AD8C4982BF8AE26D5F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info