File name:

WinRAR_6.24_Final___CascadedMenu.exe

Full analysis: https://app.any.run/tasks/2d1d1266-56d5-4da6-ba06-c89ad43859e7
Verdict: Malicious activity
Analysis date: November 18, 2023, 06:48:32
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

F52EEE712E14765B59257078DAE863E7

SHA1:

F0024F6A4AAE0FD00E703FAB239E4596763F468E

SHA256:

525BE1CA1EDCAA4C33B23A8262D1DC846E8F00FB968229622BA378ACC2DD9F52

SSDEEP:

98304:JDQP9xyG1zsDY3+2jc7YDddoMNWtkCaK0VbI0D6oGKx1WFcWDxMnMILAKB0B0oY4:8yyZ2hbxU1nh3aTgI

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR_6.24_Final___CascadedMenu.exe (PID: 3472)
      • x86.exe (PID: 3576)

  • SUSPICIOUS

    • Creates/Modifies COM task schedule object

      • uninstall.exe (PID: 3596)

    • Application launched itself

      • WinRAR_6.24_Final___CascadedMenu.exe (PID: 3428)

    • Drops 7-zip archiver for unpacking

      • x86.exe (PID: 3576)

    • Reads the Internet Settings

      • Kur.exe (PID: 3500)
      • WinRAR_6.24_Final___CascadedMenu.exe (PID: 3472)
      • x86.exe (PID: 3576)
      • WinRAR_6.24_Final___CascadedMenu.exe (PID: 3428)

    • Creates a software uninstall entry

      • uninstall.exe (PID: 3596)

    • Searches for installed software

      • uninstall.exe (PID: 3596)

  • INFO

    • Reads the computer name

      • WinRAR_6.24_Final___CascadedMenu.exe (PID: 3428)
      • Kur.exe (PID: 3500)
      • uninstall.exe (PID: 3596)
      • x86.exe (PID: 3576)
      • WinRAR_6.24_Final___CascadedMenu.exe (PID: 3472)

    • Checks supported languages

      • WinRAR_6.24_Final___CascadedMenu.exe (PID: 3428)
      • x86.exe (PID: 3576)
      • WinRAR_6.24_Final___CascadedMenu.exe (PID: 3472)
      • uninstall.exe (PID: 3596)
      • Kur.exe (PID: 3500)

    • Reads mouse settings

      • Kur.exe (PID: 3500)

    • Creates files in the program directory

      • x86.exe (PID: 3576)

    • Checks Windows language

      • Kur.exe (PID: 3500)

    • Creates files or folders in the user directory

      • Kur.exe (PID: 3500)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2012:12:31 01:38:51+01:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 101888
InitializedDataSize: 182272
UninitializedDataSize: -
EntryPoint: 0x1942f
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 6.24.0.0
ProductVersionNumber: 6.24.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Russian
CharacterSet: Unicode
CompanyName: SolidShare
FileDescription: SolidShare.Net Unattended Installer
LegalCopyright: © 2023 By KiNGHaZe
LegalTrademarks: -
InternalName: -
ProductName: WinRAR Final + CascadedMenu
OriginalFileName: -
FileVersion: 6.24
ProductVersion: 6.24
Comments: SolidShare.Net Unattended Installer
PrivateBuild: -
SpecialBuild: -
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
5
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar_6.24_final___cascadedmenu.exe no specs winrar_6.24_final___cascadedmenu.exe kur.exe no specs x86.exe no specs uninstall.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3428"C:\Users\admin\AppData\Local\Temp\WinRAR_6.24_Final___CascadedMenu.exe" C:\Users\admin\AppData\Local\Temp\WinRAR_6.24_Final___CascadedMenu.exeexplorer.exe
User:
admin
Company:
SolidShare
Integrity Level:
MEDIUM
Description:
SolidShare.Net Unattended Installer
Exit code:
0
Version:
6.24
Modules
Images
c:\users\admin\appdata\local\temp\winrar_6.24_final___cascadedmenu.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3472"C:\Users\admin\AppData\Local\Temp\WinRAR_6.24_Final___CascadedMenu.exe" -sfxelevation C:\Users\admin\AppData\Local\Temp\WinRAR_6.24_Final___CascadedMenu.exe
WinRAR_6.24_Final___CascadedMenu.exe
User:
admin
Company:
SolidShare
Integrity Level:
HIGH
Description:
SolidShare.Net Unattended Installer
Exit code:
0
Version:
6.24
Modules
Images
c:\users\admin\appdata\local\temp\winrar_6.24_final___cascadedmenu.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3500"C:\Kinghaze\Kur.exe" C:\Kinghaze\Kur.exeWinRAR_6.24_Final___CascadedMenu.exe
User:
admin
Company:
SolidShare TEAM
Integrity Level:
HIGH
Description:
SolidShare.Net Unattended Installer
Exit code:
0
Version:
6.24
Modules
Images
c:\kinghaze\kur.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
3576"C:\Kinghaze\X86.exe" /SC:\Kinghaze\x86.exeKur.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
HIGH
Description:
WinRAR archiver
Exit code:
0
Version:
6.24.0
Modules
Images
c:\kinghaze\x86.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3596"C:\Program Files\WinRAR\uninstall.exe" /setupC:\Program Files\WinRAR\uninstall.exex86.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
HIGH
Description:
Uninstall WinRAR
Exit code:
0
Version:
6.24.0
Modules
Images
c:\program files\winrar\uninstall.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
Total events
3 166
Read events
3 054
Write events
103
Delete events
9

Modification events

(PID) Process:(3428) WinRAR_6.24_Final___CascadedMenu.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3428) WinRAR_6.24_Final___CascadedMenu.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3428) WinRAR_6.24_Final___CascadedMenu.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3428) WinRAR_6.24_Final___CascadedMenu.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3472) WinRAR_6.24_Final___CascadedMenu.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3472) WinRAR_6.24_Final___CascadedMenu.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(3472) WinRAR_6.24_Final___CascadedMenu.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(3472) WinRAR_6.24_Final___CascadedMenu.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(3500) Kur.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3500) Kur.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
10
Suspicious files
16
Text files
196
Unknown types
0

Dropped files

PID
Process
Filename
Type
3472WinRAR_6.24_Final___CascadedMenu.exeC:\Kinghaze\Themes\ext\DiskOn.icoimage
MD5:C99678A7CD3AC314B5DCAC74F9062B0B
SHA256:C9370B0E27B99ACA6F042F8D11E5785E0835FF38C00D752351CA25EDE21088FE
3472WinRAR_6.24_Final___CascadedMenu.exeC:\Kinghaze\Themes\ext\REV.icoimage
MD5:C37604BCE1FDB63BF225E85B1AE8776E
SHA256:FD36F5802AA011419C9BCFF23AEBBF836775CE081D05F0FB14010382D95F579A
3472WinRAR_6.24_Final___CascadedMenu.exeC:\Kinghaze\Themes\ext\AboutLogo.bmpimage
MD5:2F58246104A129C8449816CEBC1D6903
SHA256:65312D5D09D45C330ED80A84094632D99C94C19FBFF8A625320623D57E9051DF
3472WinRAR_6.24_Final___CascadedMenu.exeC:\Kinghaze\Themes\ext\RarSmall.bmpimage
MD5:989687274BE7EE966353D19A57CDEAFB
SHA256:8D91D5323F226DC3733EF627DE05A5177EEB7F1EE8137F715228A0A81D40A59C
3472WinRAR_6.24_Final___CascadedMenu.exeC:\Kinghaze\Themes\ext\FolderUp.bmpimage
MD5:BDBFF89D514F5E83273AB2C949BB0318
SHA256:4DD27666A78A84855A774105C3F1C283C1A2167F9C9931ACB7E61F9785EC60B1
3472WinRAR_6.24_Final___CascadedMenu.exeC:\Kinghaze\Themes\ext\DiskOff.icoimage
MD5:D0CFB21666FA59E243F8141D3BAB93DE
SHA256:DAED0E1D98C6D0817F73705D3845AED30E8282FB9B31EAB45301816C4746E7CE
3472WinRAR_6.24_Final___CascadedMenu.exeC:\Kinghaze\Themes\ext\Setup.icoimage
MD5:C37604BCE1FDB63BF225E85B1AE8776E
SHA256:FD36F5802AA011419C9BCFF23AEBBF836775CE081D05F0FB14010382D95F579A
3472WinRAR_6.24_Final___CascadedMenu.exeC:\Kinghaze\Themes\ext\SortUp.bmpbinary
MD5:63962C13E0FD49AD5D52D7E2715D159B
SHA256:E7EF06FDBB8F46AFCD9DB93F512BFCAD6B6EE391B767A4ADF66A7CDCCC40B883
3472WinRAR_6.24_Final___CascadedMenu.exeC:\Kinghaze\Themes\ext\SFXLogo.bmpimage
MD5:9C1C374EDB5C96B9DDE8C30CFD96D9FC
SHA256:4085B0E2A9F1A15D3BD40DF7A5300BE70C21E0196DC3F6E2DDBEF2127AB47E5D
3472WinRAR_6.24_Final___CascadedMenu.exeC:\Kinghaze\Themes\ext\SFX.icoimage
MD5:C37604BCE1FDB63BF225E85B1AE8776E
SHA256:FD36F5802AA011419C9BCFF23AEBBF836775CE081D05F0FB14010382D95F579A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
WinRAR_6.24_Final___CascadedMenu.exe