analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

roobetpredictor.zip

Full analysis: https://app.any.run/tasks/b5b29c46-bdf4-4d21-bd01-75c983e6a1c2
Verdict: Malicious activity
Analysis date: May 20, 2022, 21:58:34
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract
MD5:

97066DB6CF80BF550C6EFED931C6BAF0

SHA1:

78C070664C22B6B6071E157D733925BEE39B4385

SHA256:

677F8AA75B29EAC74289C7FB969C7661A755F8D8834C0F7B834A6A85CBD90863

SSDEEP:

49152:fxsbL/orn3BDkyp8HD+MyOAU0ZRHLdqWcWscoxRQ9aee1u:Jsboxgyp8j+doW3HERQ9aee1u

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops executable file immediately after starts

      • WinRAR.exe (PID: 2468)

    • Application was dropped or rewritten from another process

      • roobet predector v.0.0.5.2.exe (PID: 3060)

  • SUSPICIOUS

    • Reads the computer name

      • WinRAR.exe (PID: 2468)

    • Checks supported languages

      • WinRAR.exe (PID: 2468)

    • Drops a file with a compile date too recent

      • WinRAR.exe (PID: 2468)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2468)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: roobet predictor v.0.0.5.2/
ZipUncompressedSize: -
ZipCompressedSize: -
ZipCRC: 0x00000000
ZipModifyDate: 2022:05:21 03:48:05
ZipCompression: None
ZipBitFlag: -
ZipRequiredVersion: 10
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start start winrar.exe roobet predector v.0.0.5.2.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2468"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\roobetpredictor.zip"C:\Program Files\WinRAR\WinRAR.exe
Explorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
3060"C:\Users\admin\AppData\Local\Temp\Rar$EXb2468.9120\roobet predictor v.0.0.5.2\roobet predector v.0.0.5.2.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXb2468.9120\roobet predictor v.0.0.5.2\roobet predector v.0.0.5.2.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221225781
Total events
1 027
Read events
1 008
Write events
19
Delete events
0

Modification events

(PID) Process:(2468) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2468) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2468) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2468) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(2468) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(2468) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\roobetpredictor.zip
(PID) Process:(2468) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2468) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2468) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2468) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
7
Suspicious files
0
Text files
0
Unknown types
3

Dropped files

PID
Process
Filename
Type
2468WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb2468.9120\roobet predictor v.0.0.5.2\root\_stetup.dllexecutable
MD5:7FFD6307117361732D115DEB94C34A75
SHA256:AD8837C02B4E8F23E180A0E8E6FDC4CBB6F0A02C88D6984E882FEF7434A20EF6
2468WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb2468.9120\roobet predictor v.0.0.5.2\bin\msjter40.dllexecutable
MD5:66CFEF9459FE5771D640BDADE2840192
SHA256:C1EB4AC505F124F124754057329E0907409C3F7D9032EC16408425FCD0519F98
2468WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb2468.9120\roobet predictor v.0.0.5.2\bin\mswstr10.dllexecutable
MD5:AC81B22606B50A61B02F2082EA2CE187
SHA256:A132F3640C912A81DA054EDF987D7615C467D72F225EAB1B1C973E03C00D9444
2468WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb2468.9120\roobet predictor v.0.0.5.2\roobet predector v.0.0.5.2.exeexecutable
MD5:9898DA3889ADC76A16B3BAF6BB1DD23B
SHA256:9F7F5967F7F6E352E3D6A0D7E45D2EA28863AC97C4A229D519441669CBC0A15B
2468WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb2468.9120\roobet predictor v.0.0.5.2\root\acpipagr.sysexecutable
MD5:B4764B27002BBDA6833227981D302747
SHA256:B01F5F6767BC527F1EA510480A4E0E0983E0BCD57520A075328A627C03568E23
2468WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb2468.9120\roobet predictor v.0.0.5.2\root\net7800-x64-n650f.inf_loctxt
MD5:26F69282B9B918D281C69AEBF482F399
SHA256:97BD8AAC52AFBC57B9DC4F3AB82B8CFDB20A2B299FCEA7A0F841B98A542D2026
2468WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb2468.9120\roobet predictor v.0.0.5.2\root\net8187se64.inf_loctxt
MD5:721F8E171C57489CAB99C37579E29E2A
SHA256:E4A168891CAE27B15442E9D021D1BBA3662596D93A42DA1121C56580411972A8
2468WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb2468.9120\roobet predictor v.0.0.5.2\root\acpipagr.inftxt
MD5:138CCEA55A5861324A6215C01FD2B5E6
SHA256:9A37D6509CCDD23DDCE80E679129FDC3DD481BDB8A95AAA1EB813AB04F9BD1DF
2468WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb2468.9120\roobet predictor v.0.0.5.2\bin\mswdat10.dllexecutable
MD5:FFEAED0E3BD67DA3559231F762B6E201
SHA256:C1FFD3391BFD3F5E0CC03B948BA2AB20C57E1B1435166C77232B34FAF7647783
2468WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb2468.9120\roobet predictor v.0.0.5.2\bin\msjint40.dllexecutable
MD5:417BB0E54DB7B7208520A8E71255CECC
SHA256:FC80ED29997A29282DBC30A2A58D640B9EADDC5EE60FC25E0446289DB9B77E62
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
roobetpredictor.zip