File name:

Best PC Software 2023.zip

Full analysis: https://app.any.run/tasks/29fdd1a8-8022-4539-a2cd-bd0a293313cb
Verdict: Malicious activity
Threats:

A loader is malicious software that infiltrates devices to deliver malicious payloads. This malware is capable of infecting victims’ computers, analyzing their system information, and installing other types of threats, such as trojans or stealers. Criminals usually deliver loaders through phishing emails and links by relying on social engineering to trick users into downloading and running their executables. Loaders employ advanced evasion and persistence tactics to avoid detection.

Malware Trends Tracker     >>>
Analysis date: April 01, 2023, 14:14:25
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
raccoon
recordbreaker
trojan
loader
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

80751C2729541619281B6EBC3F4759D1

SHA1:

B9DCC1FEFB0E3498E2B9AFBB06498F51957A8823

SHA256:

6C1BC4C2526FF9F627B778EF80637EA9D40F79A9AA8575371037089D9F11CD0D

SSDEEP:

196608:8s1+Ewp2to9nzctJTqH1ADxVS/7EZwNgOtW/FRXvjt67CxPo0eF8aa/I8:8KwpjzcXIqxVIYuNJApx6XTap

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • RACCOON was detected

      • Sеtup.exe (PID: 3480)

    • Connects to the CnC server

      • Sеtup.exe (PID: 3480)

    • Application was dropped or rewritten from another process

      • HN2v0SSo.exe (PID: 2888)

    • Actions looks like stealing of personal data

      • Sеtup.exe (PID: 3480)

  • SUSPICIOUS

    • Reads the Internet Settings

      • Sеtup.exe (PID: 3480)

    • Connects to the server without a host name

      • Sеtup.exe (PID: 3480)

    • Executable content was dropped or overwritten

      • Sеtup.exe (PID: 3480)

    • Process requests binary or script from the Internet

      • Sеtup.exe (PID: 3480)

    • Searches for installed software

      • Sеtup.exe (PID: 3480)

    • Reads browser cookies

      • Sеtup.exe (PID: 3480)

  • INFO

    • Checks supported languages

      • Sеtup.exe (PID: 3480)
      • HN2v0SSo.exe (PID: 2888)

    • Reads the machine GUID from the registry

      • Sеtup.exe (PID: 3480)

    • Reads the computer name

      • Sеtup.exe (PID: 3480)

    • Checks proxy server information

      • Sеtup.exe (PID: 3480)

    • The process checks LSA protection

      • Sеtup.exe (PID: 3480)

    • Creates files or folders in the user directory

      • Sеtup.exe (PID: 3480)

    • Reads Environment values

      • Sеtup.exe (PID: 3480)

    • Reads product name

      • Sеtup.exe (PID: 3480)

    • Create files in a temporary directory

      • Sеtup.exe (PID: 3480)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: Best PC Software 2023/
ZipUncompressedSize: -
ZipCompressedSize: -
ZipCRC: 0x00000000
ZipModifyDate: 2023:04:01 08:44:18
ZipCompression: None
ZipBitFlag: -
ZipRequiredVersion: 20
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start drop and start winrar.exe no specs #RACCOON sеtup.exe hn2v0sso.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2588"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Best PC Software 2023.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\comdlg32.dll
2888"C:\Users\admin\AppData\Roaming\HN2v0SSo.exe" C:\Users\admin\AppData\Roaming\HN2v0SSo.exeSеtup.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\roaming\hn2v0sso.exe
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
3480"C:\Users\admin\AppData\Local\Temp\Rar$EXb2588.46119\Best PC Software 2023\Sеtup.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXb2588.46119\Best PC Software 2023\Sеtup.exe
WinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exb2588.46119\best pc software 2023\sеtup.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
Total events
5 440
Read events
5 384
Write events
56
Delete events
0

Modification events

(PID) Process:(2588) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2588) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(2588) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(2588) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(2588) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2588) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2588) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2588) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2588) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2588) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
18
Suspicious files
2
Text files
4
Unknown types
12

Dropped files

PID
Process
Filename
Type
2588WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb2588.46119\Best PC Software 2023\Sеtup.exe
MD5:
SHA256:
3480Sеtup.exeC:\Users\admin\AppData\Local\Temp\uo0eUpoW.exeexecutable
MD5:
SHA256:
3480Sеtup.exeC:\Users\admin\AppData\Roaming\HN2v0SSo.exeexecutable
MD5:
SHA256:
3480Sеtup.exeC:\Users\admin\AppData\LocalLow\VW7VkMW4MYvFsqlite
MD5:D02907BE1C995E1E51571EEDB82FA281
SHA256:2189977F6EA58BDAD5883720B099E12B869F223FB9B18AC40E7D37C5954A55DD
3480Sеtup.exeC:\Users\admin\AppData\LocalLow\raLi6rN6ebmksqlite
MD5:23D08A78BC908C0B29E9800D3D5614E7
SHA256:F6BD7DF5DFAE9FD88811A807DBA14085E00C1B5A6D7CC3D06CC68F6015363D59
3480Sеtup.exeC:\Users\admin\AppData\LocalLow\U4oxs7iVDonRtext
MD5:16137445CEBCECA2926FE761FCDDF5B5
SHA256:186D99A8E7BC4C3DF1D05706836F19C42A53BECE231CF7F1256BE1F09079C7D5
3480Sеtup.exeC:\Users\admin\AppData\LocalLow\99XS1j1J66Susqlite
MD5:B8E63E7225C9F4E0A81371F29D6456D8
SHA256:35A6919CE60EA8E0A44934F8B267BDE2C5A063C2E32F22D34724F168C43150C8
3480Sеtup.exeC:\Users\admin\AppData\LocalLow\3vo0XMzEk122sqlite
MD5:CC104C4E4E904C3AD7AD5C45FBFA7087
SHA256:321BE844CECC903EF1E7F875B729C96BB3ED0D4986314384CD5944A29A670C9B
3480Sеtup.exeC:\Users\admin\AppData\LocalLow\79w5U2M295Kfsqlite
MD5:D02907BE1C995E1E51571EEDB82FA281
SHA256:2189977F6EA58BDAD5883720B099E12B869F223FB9B18AC40E7D37C5954A55DD
3480Sеtup.exeC:\Users\admin\AppData\LocalLow\LEGs0YtD7M3Otext
MD5:E7CE898AADD69F4E4280010B7808116E
SHA256:C9214BB54F10242AA254F0758372A440C8D8F49934021F8F08B6DF9FB377EB02
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
13
TCP/UDP connections
3
DNS requests
0
Threats
25

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3480
Sеtup.exe
GET
200
37.220.87.61:80
http://37.220.87.61/Clip1.exe
UZ
executable
6.78 Mb
malicious
3480
Sеtup.exe
GET
200
77.73.134.35:80
http://77.73.134.35/bebra.exe
KZ
executable
13.8 Mb
malicious
3480
Sеtup.exe
POST
200
37.220.87.66:80
http://37.220.87.66/
UZ
text
7.22 Kb
malicious
3480
Sеtup.exe
GET
200
37.220.87.66:80
http://37.220.87.66/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll
UZ
executable
78.2 Kb
malicious
3480
Sеtup.exe
GET
200
37.220.87.66:80
http://37.220.87.66/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll
UZ
executable
438 Kb
malicious
3480
Sеtup.exe
GET
200
37.220.87.66:80
http://37.220.87.66/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll
UZ
executable
612 Kb
malicious
3480
Sеtup.exe
GET
200
37.220.87.66:80
http://37.220.87.66/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll
UZ
executable
1.95 Mb
malicious
3480
Sеtup.exe
GET
200
37.220.87.66:80
http://37.220.87.66/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll
UZ
executable
248 Kb
malicious
3480
Sеtup.exe
GET
200
37.220.87.66:80
http://37.220.87.66/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll
UZ
executable
668 Kb
malicious
3480
Sеtup.exe
POST
200
37.220.87.66:80
http://37.220.87.66/bae082128e0e1333be4bf5447da6da4c
UZ
text
8 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3480
Sеtup.exe
37.220.87.66:80
LLC Internet Tehnologii
UZ
malicious
37.220.87.61:80
LLC Internet Tehnologii
UZ
malicious
3480
Sеtup.exe
77.73.134.35:80
Partner LLC
KZ
malicious

DNS requests

No data

Threats

PID
Process
Class
Message
3480
Sеtup.exe
A Network Trojan was detected
ET MALWARE Win32/RecordBreaker CnC Checkin M1
3480
Sеtup.exe
A Network Trojan was detected
ET MALWARE Win32/RecordBreaker CnC Checkin - Server Response
3480
Sеtup.exe
Potentially Bad Traffic
ET INFO Dotted Quad Host DLL Request
3480
Sеtup.exe
A suspicious filename was detected
ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity
3480
Sеtup.exe
Potential Corporate Privacy Violation
ET POLICY PE EXE or DLL Windows file download HTTP
3480
Sеtup.exe
Potentially Bad Traffic
ET INFO Dotted Quad Host DLL Request
3480
Sеtup.exe
Potentially Bad Traffic
ET INFO Dotted Quad Host DLL Request
3480
Sеtup.exe
A suspicious filename was detected
ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
3480
Sеtup.exe
Potentially Bad Traffic
ET INFO Dotted Quad Host DLL Request
3480
Sеtup.exe
A suspicious filename was detected
ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Best PC Software 2023.zip