File name:

VNC scanner GUI v 1.2.rar

Full analysis: https://app.any.run/tasks/904fd6dd-97ea-429e-b8a6-f3c4f8c1f119
Verdict: Malicious activity
Analysis date: August 12, 2022, 16:58:26
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

4133735F04C0EED1C5490FA68EFD0F4E

SHA1:

6E7BD842249144C940E6C96B70B2573D6C655179

SHA256:

6A2163DBC27A5504292C967EE6A8C24213808B7CBBB2DDACDD01C4FB3DCFF37B

SSDEEP:

196608:JpPEAetG5ioXfYAEDZH29WOGAWOR4uh8vcEKOJoVyIgpyH0QAW6UTHV:PPEvoSVH29wQRfQzfJoVyPpyU7jU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops executable file immediately after starts

      • WinRAR.exe (PID: 3160)

    • Application was dropped or rewritten from another process

      • vnc.exe (PID: 2968)
      • vnc_scanner_gui.exe (PID: 556)

  • SUSPICIOUS

    • Checks supported languages

      • WinRAR.exe (PID: 3160)
      • cmd.exe (PID: 2804)
      • vnc.exe (PID: 2968)
      • vnc_scanner_gui.exe (PID: 556)

    • Reads the computer name

      • WinRAR.exe (PID: 3160)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3160)

    • Drops a file with a compile date too recent

      • WinRAR.exe (PID: 3160)

  • INFO

    • Manual execution by user

      • cmd.exe (PID: 2804)
      • vnc_scanner_gui.exe (PID: 556)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

ArchivedFileName: VNC scanner GUI v 1.2\IPs.txt
PackingMethod: Normal
ModifyDate: 2016:09:25 13:05:08
OperatingSystem: Win32
UncompressedSize: 139
CompressedSize: 120
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
4
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe cmd.exe no specs vnc.exe vnc_scanner_gui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
556"C:\Users\admin\AppData\Local\Temp\VNC scanner GUI v 1.2\VNC scanner GUI v 1.2\vnc_scanner_gui.exe" C:\Users\admin\AppData\Local\Temp\VNC scanner GUI v 1.2\VNC scanner GUI v 1.2\vnc_scanner_gui.exeExplorer.EXE
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\vnc scanner gui v 1.2\vnc scanner gui v 1.2\vnc_scanner_gui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
2804C:\Windows\system32\cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\VNC scanner GUI v 1.2\VNC scanner GUI v 1.2\start.bat" "C:\Windows\system32\cmd.exeExplorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
3221225786
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2968vnc.exe -i 63.209.101.0-63.209.152.255 -p 3389 -cT -T 500C:\Users\admin\AppData\Local\Temp\VNC scanner GUI v 1.2\VNC scanner GUI v 1.2\vnc.exe
cmd.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221225786
Modules
Images
c:\users\admin\appdata\local\temp\vnc scanner gui v 1.2\vnc scanner gui v 1.2\vnc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3160"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\VNC scanner GUI v 1.2.rar"C:\Program Files\WinRAR\WinRAR.exe
Explorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
1 279
Read events
1 234
Write events
45
Delete events
0

Modification events

(PID) Process:(3160) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3160) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3160) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3160) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(3160) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3160) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\VNC scanner GUI v 1.2.rar
(PID) Process:(3160) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3160) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3160) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3160) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
2
Suspicious files
0
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
3160WinRAR.exeC:\Users\admin\AppData\Local\Temp\VNC scanner GUI v 1.2\VNC scanner GUI v 1.2\start.bat
MD5:
SHA256:
2968vnc.exeC:\Users\admin\AppData\Local\Temp\VNC scanner GUI v 1.2\VNC scanner GUI v 1.2\VNC_bypauth.txttext
MD5:
SHA256:
3160WinRAR.exeC:\Users\admin\AppData\Local\Temp\VNC scanner GUI v 1.2\VNC scanner GUI v 1.2\IPs.txttext
MD5:9AECA50A64356F00AED949F159F577F4
SHA256:AF045E591BB1ADA04EAE57A3922B600E0D79A8B48FFEC626CD4489BC5963299B
3160WinRAR.exeC:\Users\admin\AppData\Local\Temp\VNC scanner GUI v 1.2\VNC scanner GUI v 1.2\vnc.exeexecutable
MD5:A4CDDFAA5A1FC2ABF8A920BEE84CE8E3
SHA256:28D0E945F0648BED7B7B2A2139F2B9BF1901FEEC39FF4F6C0315FA58E054F44E
3160WinRAR.exeC:\Users\admin\AppData\Local\Temp\VNC scanner GUI v 1.2\VNC scanner GUI v 1.2\vnc_scanner_gui.exeexecutable
MD5:31AE2435F01C21B63ADEF7B3A641A960
SHA256:835DD84EED9ACFF7056DED87D9672D725B915924323B5981737BD2ED5162EFB4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
588
DNS requests
0
Threats
1

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2968
vnc.exe
63.209.101.1:3389
Level 3 Communications, Inc.
US
unknown
2968
vnc.exe
63.209.101.2:3389
Level 3 Communications, Inc.
US
unknown
2968
vnc.exe
63.209.101.3:3389
Level 3 Communications, Inc.
US
unknown
2968
vnc.exe
63.209.101.4:3389
Level 3 Communications, Inc.
US
unknown
2968
vnc.exe
63.209.101.5:3389
Level 3 Communications, Inc.
US
unknown
2968
vnc.exe
63.209.101.6:3389
Level 3 Communications, Inc.
US
unknown
2968
vnc.exe
63.209.101.7:3389
Level 3 Communications, Inc.
US
unknown
2968
vnc.exe
63.209.101.0:3389
Level 3 Communications, Inc.
US
unknown
2968
vnc.exe
63.209.101.8:3389
Level 3 Communications, Inc.
US
unknown
2968
vnc.exe
63.209.101.9:3389
Level 3 Communications, Inc.
US
unknown

DNS requests

No data

Threats

PID
Process
Class
Message
2968
vnc.exe
Misc activity
ET SCAN Behavioral Unusually fast Terminal Server Traffic Potential Scan or Infection (Outbound)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
VNC scanner GUI v 1.2.rar