File name:

com0com-3.0.0.0-i386-and-x64-signed.zip

Full analysis: https://app.any.run/tasks/8659eb20-8210-4075-adad-e9a1619c3c39
Verdict: Malicious activity
Analysis date: July 17, 2024, 17:39:52
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

A07AA80024CCA837DACC75D3573285FF

SHA1:

661C42541CDB7F0D88280501EF21CD3D7404B666

SHA256:

6E5D4359865277430D4AE88C73FB7E648A0ED8E81AEA5002478179CFCB0BB0E1

SSDEEP:

24576:soNPijJxqgIp7IScY7I3rPp7NKz1nxC6by8iHD6:soN6jJxqBp7IScY7c5NKz1nxC6by8WD6

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3432)
      • Setup_com0com_v3.0.0.0_W7_x64_signed.exe (PID: 2348)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 3432)
      • setupg.exe (PID: 2580)

    • Executable content was dropped or overwritten

      • Setup_com0com_v3.0.0.0_W7_x64_signed.exe (PID: 2348)

    • Creates a software uninstall entry

      • Setup_com0com_v3.0.0.0_W7_x64_signed.exe (PID: 2348)

    • Checks Windows Trust Settings

      • setupg.exe (PID: 2580)

    • Adds/modifies Windows certificates

      • setupg.exe (PID: 2580)

    • Reads settings of System Certificates

      • setupg.exe (PID: 2580)

    • Reads the Internet Settings

      • setupg.exe (PID: 2580)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • Setup_com0com_v3.0.0.0_W7_x64_signed.exe (PID: 2348)

    • The process creates files with name similar to system file names

      • Setup_com0com_v3.0.0.0_W7_x64_signed.exe (PID: 2348)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3432)

    • Checks supported languages

      • Setup_com0com_v3.0.0.0_W7_x64_signed.exe (PID: 2348)
      • setupg.exe (PID: 2580)

    • Create files in a temporary directory

      • Setup_com0com_v3.0.0.0_W7_x64_signed.exe (PID: 2348)
      • setupg.exe (PID: 2580)

    • Reads the software policy settings

      • setupg.exe (PID: 2580)

    • Reads the machine GUID from the registry

      • setupg.exe (PID: 2580)

    • Reads the computer name

      • setupg.exe (PID: 2580)
      • Setup_com0com_v3.0.0.0_W7_x64_signed.exe (PID: 2348)

    • Creates files in the program directory

      • Setup_com0com_v3.0.0.0_W7_x64_signed.exe (PID: 2348)

    • Creates files or folders in the user directory

      • Setup_com0com_v3.0.0.0_W7_x64_signed.exe (PID: 2348)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2017:07:13 09:25:32
ZipCRC: 0xec01fca0
ZipCompressedSize: 233864
ZipUncompressedSize: 255400
ZipFileName: Setup_com0com_v3.0.0.0_W7_x86_signed.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
45
Monitored processes
5
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe setup_com0com_v3.0.0.0_w7_x64_signed.exe no specs setup_com0com_v3.0.0.0_w7_x64_signed.exe setupg.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2348"C:\Users\admin\AppData\Local\Temp\Rar$EXa3432.32114\Setup_com0com_v3.0.0.0_W7_x64_signed.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3432.32114\Setup_com0com_v3.0.0.0_W7_x64_signed.exe
WinRAR.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa3432.32114\setup_com0com_v3.0.0.0_w7_x64_signed.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
2580"C:\Program Files\com0com\setupg.exe"C:\Program Files\com0com\setupg.exe
Setup_com0com_v3.0.0.0_W7_x64_signed.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\program files\com0com\setupg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2732"C:\Users\admin\AppData\Local\Temp\Rar$EXa3432.32114\Setup_com0com_v3.0.0.0_W7_x64_signed.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3432.32114\Setup_com0com_v3.0.0.0_W7_x64_signed.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa3432.32114\setup_com0com_v3.0.0.0_w7_x64_signed.exe
c:\windows\system32\ntdll.dll
3392"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3432"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\com0com-3.0.0.0-i386-and-x64-signed.zipC:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
12 162
Read events
12 097
Write events
59
Delete events
6

Modification events

(PID) Process:(3432) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3432) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3432) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3432) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3432) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3432) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3432) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\com0com-3.0.0.0-i386-and-x64-signed.zip
(PID) Process:(3432) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3432) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3432) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
6
Suspicious files
10
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
2348Setup_com0com_v3.0.0.0_W7_x64_signed.exeC:\Users\admin\AppData\Local\Temp\nsw1E8D.tmp\System.dllexecutable
MD5:C17103AE9072A06DA581DEC998343FC1
SHA256:DC58D8AD81CACB0C1ED72E33BFF8F23EA40B5252B5BB55D393A0903E6819AE2F
3432WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3432.32114\Setup_com0com_v3.0.0.0_W7_x64_signed.exeexecutable
MD5:0B6DAAC012A7D9799AA789779ECA52F2
SHA256:26486B28604B49A9008C54FEB11B9ECE0008A8287EE5CAF0BCF2A62F4317128F
2348Setup_com0com_v3.0.0.0_W7_x64_signed.exeC:\Program Files\com0com\cncport.infbinary
MD5:753490D7BEDDE3B90C5C2078230BAE40
SHA256:2485CF4073418D6051C16289DAB47663C0D6D7FD1B02A1B7F7F4241B97F5A2ED
2348Setup_com0com_v3.0.0.0_W7_x64_signed.exeC:\Users\admin\AppData\Local\Temp\nsw1E8D.tmp\nsDialogs.dllexecutable
MD5:C10E04DD4AD4277D5ADC951BB331C777
SHA256:E31AD6C6E82E603378CB6B80E67D0E0DCD9CF384E1199AC5A65CB4935680021A
2348Setup_com0com_v3.0.0.0_W7_x64_signed.exeC:\Program Files\com0com\com0com.infbinary
MD5:A013ECEC7E7015D43738B05004870AF3
SHA256:D4E49D561800D1DAD11DACD803B21D85E04523EB15C85A28CF7C94E5867231EC
2348Setup_com0com_v3.0.0.0_W7_x64_signed.exeC:\Users\admin\AppData\Local\Temp\nsw1E8D.tmp\modern-wizard.bmpimage
MD5:CBE40FD2B1EC96DAEDC65DA172D90022
SHA256:3AD2DC318056D0A2024AF1804EA741146CFC18CC404649A44610CBF8B2056CF2
3432WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3432.32114\Setup_com0com_v3.0.0.0_W7_x86_signed.exeexecutable
MD5:09BD085971FC3C6D6170208543212710
SHA256:DE917425E022839F6374B509E3D34F3F9E9773915A44996194442337EADF4A5A
2348Setup_com0com_v3.0.0.0_W7_x64_signed.exeC:\Program Files\com0com\ReadMe.txttext
MD5:262DF18737EB581D94CEF8DAEBBE6EB4
SHA256:9D095ABE01C1B1D0AD28C9804EFE26FA019C9D969DE8590A26CC1F0C31EFA4C8
2348Setup_com0com_v3.0.0.0_W7_x64_signed.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\com0com\Setup Command Prompt.lnklnk
MD5:9E6208737DD55F784BBB9779104709C4
SHA256:C39C220044477A3BE97898D84F58A9577DEF0E94819CAA2F7A7293E48D88329B
2348Setup_com0com_v3.0.0.0_W7_x64_signed.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\com0com\Uninstall.lnklnk
MD5:0041DD8704814BE83C7AFBD97E8DAFAD
SHA256:170FA4EE0B89606259ADC0C4A77DEF93FA06A2CA2E6710185F5227B4CE1CD405
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
13
DNS requests
6
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1372
svchost.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
1372
svchost.exe
GET
304
23.50.131.200:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?33775f6043c93e33
unknown
whitelisted
1372
svchost.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
1060
svchost.exe
GET
304
23.50.131.216:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?6db8a07497701bb0
unknown
whitelisted
2580
setupg.exe
GET
200
23.50.131.200:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?c8d13d613f1fd601
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2564
svchost.exe
239.255.255.250:3702
whitelisted
1372
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
1060
svchost.exe
224.0.0.252:5355
whitelisted
4
System
192.168.100.255:138
whitelisted
1372
svchost.exe
23.50.131.200:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
unknown
1372
svchost.exe
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
unknown
2580
setupg.exe
23.50.131.200:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown
1060
svchost.exe
23.50.131.216:80
ctldl.windowsupdate.com
Akamai International B.V.
DE
unknown

DNS requests

Domain
IP
Reputation
google.com
  • 142.250.181.238
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
ctldl.windowsupdate.com
  • 23.50.131.200
  • 23.50.131.216
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
com0com-3.0.0.0-i386-and-x64-signed.zip