File name:

WinRAR_6.24_Final___CascadedMenu.exe

Full analysis: https://app.any.run/tasks/2d1d1266-56d5-4da6-ba06-c89ad43859e7
Verdict: Malicious activity
Analysis date: November 18, 2023, 06:48:32
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

F52EEE712E14765B59257078DAE863E7

SHA1:

F0024F6A4AAE0FD00E703FAB239E4596763F468E

SHA256:

525BE1CA1EDCAA4C33B23A8262D1DC846E8F00FB968229622BA378ACC2DD9F52

SSDEEP:

98304:JDQP9xyG1zsDY3+2jc7YDddoMNWtkCaK0VbI0D6oGKx1WFcWDxMnMILAKB0B0oY4:8yyZ2hbxU1nh3aTgI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR_6.24_Final___CascadedMenu.exe (PID: 3472)
      • x86.exe (PID: 3576)

  • SUSPICIOUS

    • Reads the Internet Settings

      • WinRAR_6.24_Final___CascadedMenu.exe (PID: 3428)
      • WinRAR_6.24_Final___CascadedMenu.exe (PID: 3472)
      • x86.exe (PID: 3576)
      • Kur.exe (PID: 3500)

    • Application launched itself

      • WinRAR_6.24_Final___CascadedMenu.exe (PID: 3428)

    • Creates/Modifies COM task schedule object

      • uninstall.exe (PID: 3596)

    • Searches for installed software

      • uninstall.exe (PID: 3596)

    • Creates a software uninstall entry

      • uninstall.exe (PID: 3596)

    • Drops 7-zip archiver for unpacking

      • x86.exe (PID: 3576)

  • INFO

    • Checks supported languages

      • WinRAR_6.24_Final___CascadedMenu.exe (PID: 3428)
      • WinRAR_6.24_Final___CascadedMenu.exe (PID: 3472)
      • Kur.exe (PID: 3500)
      • x86.exe (PID: 3576)
      • uninstall.exe (PID: 3596)

    • Reads the computer name

      • WinRAR_6.24_Final___CascadedMenu.exe (PID: 3428)
      • WinRAR_6.24_Final___CascadedMenu.exe (PID: 3472)
      • Kur.exe (PID: 3500)
      • x86.exe (PID: 3576)
      • uninstall.exe (PID: 3596)

    • Reads mouse settings

      • Kur.exe (PID: 3500)

    • Checks Windows language

      • Kur.exe (PID: 3500)

    • Creates files in the program directory

      • x86.exe (PID: 3576)

    • Creates files or folders in the user directory

      • Kur.exe (PID: 3500)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:12:31 01:38:51+01:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 101888
InitializedDataSize: 182272
UninitializedDataSize: -
EntryPoint: 0x1942f
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 6.24.0.0
ProductVersionNumber: 6.24.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Russian
CharacterSet: Unicode
CompanyName: SolidShare
FileDescription: SolidShare.Net Unattended Installer
LegalCopyright: © 2023 By KiNGHaZe
LegalTrademarks: -
InternalName: -
ProductName: WinRAR Final + CascadedMenu
OriginalFileName: -
FileVersion: 6.24
ProductVersion: 6.24
Comments: SolidShare.Net Unattended Installer
PrivateBuild: -
SpecialBuild: -
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
5
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar_6.24_final___cascadedmenu.exe no specs winrar_6.24_final___cascadedmenu.exe kur.exe no specs x86.exe no specs uninstall.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3428"C:\Users\admin\AppData\Local\Temp\WinRAR_6.24_Final___CascadedMenu.exe" C:\Users\admin\AppData\Local\Temp\WinRAR_6.24_Final___CascadedMenu.exeexplorer.exe
User:
admin
Company:
SolidShare
Integrity Level:
MEDIUM
Description:
SolidShare.Net Unattended Installer
Exit code:
0
Version:
6.24
Modules
Images
c:\users\admin\appdata\local\temp\winrar_6.24_final___cascadedmenu.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3472"C:\Users\admin\AppData\Local\Temp\WinRAR_6.24_Final___CascadedMenu.exe" -sfxelevation C:\Users\admin\AppData\Local\Temp\WinRAR_6.24_Final___CascadedMenu.exe
WinRAR_6.24_Final___CascadedMenu.exe
User:
admin
Company:
SolidShare
Integrity Level:
HIGH
Description:
SolidShare.Net Unattended Installer
Exit code:
0
Version:
6.24
Modules
Images
c:\users\admin\appdata\local\temp\winrar_6.24_final___cascadedmenu.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3500"C:\Kinghaze\Kur.exe" C:\Kinghaze\Kur.exeWinRAR_6.24_Final___CascadedMenu.exe
User:
admin
Company:
SolidShare TEAM
Integrity Level:
HIGH
Description:
SolidShare.Net Unattended Installer
Exit code:
0
Version:
6.24
Modules
Images
c:\kinghaze\kur.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
3576"C:\Kinghaze\X86.exe" /SC:\Kinghaze\x86.exeKur.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
HIGH
Description:
WinRAR archiver
Exit code:
0
Version:
6.24.0
Modules
Images
c:\kinghaze\x86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3596"C:\Program Files\WinRAR\uninstall.exe" /setupC:\Program Files\WinRAR\uninstall.exex86.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
HIGH
Description:
Uninstall WinRAR
Exit code:
0
Version:
6.24.0
Modules
Images
c:\program files\winrar\uninstall.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
Total events
3 166
Read events
3 054
Write events
103
Delete events
9

Modification events

(PID) Process:(3428) WinRAR_6.24_Final___CascadedMenu.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3428) WinRAR_6.24_Final___CascadedMenu.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3428) WinRAR_6.24_Final___CascadedMenu.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3428) WinRAR_6.24_Final___CascadedMenu.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3472) WinRAR_6.24_Final___CascadedMenu.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3472) WinRAR_6.24_Final___CascadedMenu.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3472) WinRAR_6.24_Final___CascadedMenu.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3472) WinRAR_6.24_Final___CascadedMenu.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3500) Kur.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3500) Kur.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
10
Suspicious files
16
Text files
196
Unknown types
0

Dropped files

PID
Process
Filename
Type
3472WinRAR_6.24_Final___CascadedMenu.exeC:\Kinghaze\Themes\ext\FolderUp.bmpimage
MD5:BDBFF89D514F5E83273AB2C949BB0318
SHA256:4DD27666A78A84855A774105C3F1C283C1A2167F9C9931ACB7E61F9785EC60B1
3472WinRAR_6.24_Final___CascadedMenu.exeC:\Kinghaze\Themes\ext\SortDown.bmpbinary
MD5:33BF162D3DE7CFB4C47F3A4DA5ECEEAC
SHA256:4581700A71F9B90928B42D0F24E412A80A1CC43157346D35F6EE885C1413E082
3472WinRAR_6.24_Final___CascadedMenu.exeC:\Kinghaze\Themes\ext\SortUp.bmpbinary
MD5:63962C13E0FD49AD5D52D7E2715D159B
SHA256:E7EF06FDBB8F46AFCD9DB93F512BFCAD6B6EE391B767A4ADF66A7CDCCC40B883
3472WinRAR_6.24_Final___CascadedMenu.exeC:\Kinghaze\Themes\ext\AboutLogo.bmpimage
MD5:2F58246104A129C8449816CEBC1D6903
SHA256:65312D5D09D45C330ED80A84094632D99C94C19FBFF8A625320623D57E9051DF
3472WinRAR_6.24_Final___CascadedMenu.exeC:\Kinghaze\Themes\ext\PasswordOn.icoimage
MD5:7B34ADC866B789D76D92B01ADFED3908
SHA256:E35BEA741E3D6B5DFD3E624939970C349F8BF75856306C53325515E07C779E05
3472WinRAR_6.24_Final___CascadedMenu.exeC:\Kinghaze\Themes\ext\REV.icoimage
MD5:C37604BCE1FDB63BF225E85B1AE8776E
SHA256:FD36F5802AA011419C9BCFF23AEBBF836775CE081D05F0FB14010382D95F579A
3472WinRAR_6.24_Final___CascadedMenu.exeC:\Kinghaze\Themes\ext\DragCopy.curbinary
MD5:56F8155793179B6036A082A07024826F
SHA256:5095F4151626FD62A2BE17EE34DADA1EF909914B150B8BE7F0BADD267FA2679E
3472WinRAR_6.24_Final___CascadedMenu.exeC:\Kinghaze\Themes\ext\File.icoimage
MD5:7F5222D064AF4107BEE2B80D912DD933
SHA256:34991D1B1251C4A77DFB9C3CF40C2B443BE60B81DE3AE43B36239A64474647BA
3472WinRAR_6.24_Final___CascadedMenu.exeC:\Kinghaze\Themes\ext\RAR.icoimage
MD5:FDB478BF8B931BC30F744CCC1DE6AAE0
SHA256:75F973BCBE0351947B4012C1E0EDD286D8C71F55761AAE00CE1BC64BC8CFAFAE
3472WinRAR_6.24_Final___CascadedMenu.exeC:\Kinghaze\Themes\ext\Setup.icoimage
MD5:C37604BCE1FDB63BF225E85B1AE8776E
SHA256:FD36F5802AA011419C9BCFF23AEBBF836775CE081D05F0FB14010382D95F579A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
WinRAR_6.24_Final___CascadedMenu.exe