analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

awconfig.rar

Full analysis: https://app.any.run/tasks/3ecc76e3-cad5-4123-b1c1-ea6be961a698
Verdict: Malicious activity
Analysis date: September 11, 2019, 07:58:45
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

8A27DB56D688B9CCC8FB8C3F6C8A995F

SHA1:

6C4E03BB83B9B125EE50642762F89E052CBC837B

SHA256:

6446E1660460053B2665B4769A369FC64C98A89160634F2850850698DAEFD553

SSDEEP:

384:khc1amaHOAMFUWYbvdERbT766OqqaCM9yskI1fB713BpOhO49ohJFix3sISUi+Sx:2uaRuAa9YTyRvrHA6Jdsc4yhDIi+6yw

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    No suspicious indicators.
  • INFO

    • Manual execution by user

      • opera.exe (PID: 3432)
    • Creates files in the user directory

      • opera.exe (PID: 3432)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs opera.exe

Process information

PID
CMD
Path
Indicators
Parent process
2872"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\awconfig.rar"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
3432"C:\Program Files\Opera\opera.exe" C:\Program Files\Opera\opera.exe
explorer.exe
User:
admin
Company:
Opera Software
Integrity Level:
MEDIUM
Description:
Opera Internet Browser
Version:
1748
Total events
624
Read events
547
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
35
Text files
35
Unknown types
2

Dropped files

PID
Process
Filename
Type
2872WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2872.25714\awconfig
MD5:
SHA256:
3432opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\oprE69C.tmp
MD5:
SHA256:
3432opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\oprE6DB.tmp
MD5:
SHA256:
3432opera.exeC:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00001.tmp
MD5:
SHA256:
3432opera.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PS1Z9S50L6HDTQ0PQMYD.temp
MD5:
SHA256:
3432opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\sessions\oprEE6.tmp
MD5:
SHA256:
3432opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\sessions\opr1AAF.tmp
MD5:
SHA256:
3432opera.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms~RF16f1c7.TMPbinary
MD5:309173A3D7AC96E52CA7BB6E941C2CF1
SHA256:D0DE40593BCE48BB74D7DF605809BEAA2C8DC578294215278DCEB978D10B4C6F
3432opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xmlxml
MD5:27D20E8450A066DD245BE323C864FC7B
SHA256:63B1551C88E1D75D2245BAE467D10FE89748B7B6C7F1D865574629FAD09C1458
3432opera.exeC:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.datbinary
MD5:FCCCCC75861EF0FE746E8A18EFF620B4
SHA256:B9F4A7DD6DAED0F425A09B66E619421F35673A9FA191A330566CBC811F2F5068
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
26
DNS requests
14
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3432
opera.exe
GET
302
216.58.208.35:80
http://www.google.com.ua/search?client=opera&q=anofile&sourceid=opera&ie=utf-8&oe=utf-8&channel=suggest
US
html
336 b
whitelisted
3432
opera.exe
GET
302
216.58.208.35:80
http://www.google.com.ua/search?q=anofile&sourceid=opera&ie=utf-8&oe=utf-8&channel=suggest
US
html
320 b
whitelisted
3432
opera.exe
GET
200
93.184.220.29:80
http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl
US
der
528 b
whitelisted
3432
opera.exe
GET
200
172.217.22.3:80
http://ocsp.pki.goog/gts1o1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEBl7GqnL5JVcAgAAAABB5oE%3D
US
der
471 b
whitelisted
3432
opera.exe
GET
200
172.217.18.174:80
http://clients1.google.com/complete/search?q=anofile&client=opera-suggest-omnibox&hl=de
US
text
101 b
whitelisted
3432
opera.exe
GET
200
172.217.18.174:80
http://clients1.google.com/complete/search?q=ano&client=opera-suggest-omnibox&hl=de
US
text
114 b
whitelisted
3432
opera.exe
GET
200
172.217.18.174:80
http://clients1.google.com/complete/search?q=anof&client=opera-suggest-omnibox&hl=de
US
text
111 b
whitelisted
3432
opera.exe
GET
200
172.217.22.3:80
http://crl.pki.goog/gsr2/gsr2.crl
US
der
815 b
whitelisted
3432
opera.exe
GET
200
172.217.22.3:80
http://ocsp.pki.goog/gts1o1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEEanTyVp9ezcCAAAAAARu4s%3D
US
der
471 b
whitelisted
3432
opera.exe
GET
200
192.35.177.64:80
http://crl.identrust.com/DSTROOTCAX3CRL.crl
US
der
896 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3432
opera.exe
185.26.182.94:443
certs.opera.com
Opera Software AS
whitelisted
3432
opera.exe
172.217.23.163:443
id.google.com
Google Inc.
US
whitelisted
3432
opera.exe
185.26.182.112:80
sitecheck2.opera.com
Opera Software AS
malicious
3432
opera.exe
216.58.208.35:80
www.google.com.ua
Google Inc.
US
whitelisted
3432
opera.exe
192.35.177.64:80
crl.identrust.com
IdenTrust
US
malicious
3432
opera.exe
93.184.220.29:80
crl4.digicert.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
3432
opera.exe
216.58.208.35:443
www.google.com.ua
Google Inc.
US
whitelisted
3432
opera.exe
194.32.146.61:443
anonfile.com
unknown
3432
opera.exe
172.217.22.3:80
crl.pki.goog
Google Inc.
US
whitelisted
3432
opera.exe
172.217.22.35:443
id.google.com.ua
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
certs.opera.com
  • 185.26.182.94
  • 185.26.182.93
whitelisted
crl4.digicert.com
  • 93.184.220.29
whitelisted
clients1.google.com
  • 172.217.18.174
whitelisted
www.google.com.ua
  • 216.58.208.35
whitelisted
sitecheck2.opera.com
  • 185.26.182.112
  • 185.26.182.93
  • 185.26.182.94
  • 185.26.182.111
whitelisted
crl.pki.goog
  • 172.217.22.3
whitelisted
ocsp.pki.goog
  • 172.217.22.3
whitelisted
id.google.com.ua
  • 172.217.22.35
whitelisted
id.google.com
  • 172.217.23.163
whitelisted
anonfile.com
  • 194.32.146.61
  • 194.32.146.60
whitelisted

Threats

No threats detected
No debug info