File name:

mzTool vba 8.0.1.2.rar

Full analysis: https://app.any.run/tasks/ca4cfee5-4493-4a32-bce2-b04f9c95b1ec
Verdict: Malicious activity
Analysis date: April 20, 2024, 10:48:35
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

3B0824C6ABDFC2615DCC7ADA769CF438

SHA1:

D9E9424199E3C05ABDCC311C84C6FF07DB169CA8

SHA256:

6F83A89A9B89BAA3BA7F617631526A1CB346B5CDB8FED2D277C463A9F8F1D922

SSDEEP:

98304:KPcBPbgQCP0U+dtrPjUBSyQm4tI3WKuVpchuK/OXjJyFQKaiXKKVrwxrGtXzaMD+:sg54pcuUCQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • MZTools8VBASetup.exe (PID: 2360)
      • MZTools8VBASetup.tmp (PID: 3108)
      • Patch.exe (PID: 2488)

    • Actions looks like stealing of personal data

      • Patch.exe (PID: 2488)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • MZTools8VBASetup.exe (PID: 2360)
      • MZTools8VBASetup.tmp (PID: 3108)
      • Patch.exe (PID: 2488)

    • Reads the Windows owner or organization settings

      • MZTools8VBASetup.tmp (PID: 3108)

    • Creates/Modifies COM task schedule object

      • MZTools8VBASetup.tmp (PID: 3108)

  • INFO

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 2764)

    • Checks supported languages

      • MZTools8VBASetup.exe (PID: 2360)
      • MZTools8VBASetup.tmp (PID: 3108)
      • Patch.exe (PID: 2488)

    • Manual execution by a user

      • MZTools8VBASetup.exe (PID: 2360)
      • Patch.exe (PID: 3456)
      • Patch.exe (PID: 2488)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2764)

    • Create files in a temporary directory

      • MZTools8VBASetup.exe (PID: 2360)

    • Reads the computer name

      • MZTools8VBASetup.tmp (PID: 3108)
      • Patch.exe (PID: 2488)

    • Creates files or folders in the user directory

      • MZTools8VBASetup.tmp (PID: 3108)
      • Patch.exe (PID: 2488)

    • Creates a software uninstall entry

      • MZTools8VBASetup.tmp (PID: 3108)

    • Reads the machine GUID from the registry

      • Patch.exe (PID: 2488)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
43
Monitored processes
5
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe mztools8vbasetup.exe mztools8vbasetup.tmp patch.exe no specs patch.exe

Process information

PID
CMD
Path
Indicators
Parent process
2360"C:\Users\admin\Desktop\MZ-Tools 8.0.1.2944 for VBA\MZTools8VBASetup.exe" C:\Users\admin\Desktop\MZ-Tools 8.0.1.2944 for VBA\MZTools8VBASetup.exe
explorer.exe
User:
admin
Company:
MZTools
Integrity Level:
MEDIUM
Description:
MZ-Tools 8.0 - VBA (Build 8.0.1.2944) Setup
Exit code:
0
Version:
8.0.1.2944
Modules
Images
c:\users\admin\desktop\mz-tools 8.0.1.2944 for vba\mztools8vbasetup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2488"C:\Users\admin\Desktop\MZ-Tools 8.0.1.2944 for VBA\Crack\Patch.exe" C:\Users\admin\Desktop\MZ-Tools 8.0.1.2944 for VBA\Crack\Patch.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Description:
WindowsFormsApplication1
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\mz-tools 8.0.1.2944 for vba\crack\patch.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2764"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\mzTool vba 8.0.1.2.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3108"C:\Users\admin\AppData\Local\Temp\is-FD6U7.tmp\MZTools8VBASetup.tmp" /SL5="$8025E,4665091,197632,C:\Users\admin\Desktop\MZ-Tools 8.0.1.2944 for VBA\MZTools8VBASetup.exe" C:\Users\admin\AppData\Local\Temp\is-FD6U7.tmp\MZTools8VBASetup.tmp
MZTools8VBASetup.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-fd6u7.tmp\mztools8vbasetup.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3456"C:\Users\admin\Desktop\MZ-Tools 8.0.1.2944 for VBA\Crack\Patch.exe" C:\Users\admin\Desktop\MZ-Tools 8.0.1.2944 for VBA\Crack\Patch.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
WindowsFormsApplication1
Exit code:
3221226540
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\mz-tools 8.0.1.2944 for vba\crack\patch.exe
c:\windows\system32\ntdll.dll
Total events
6 209
Read events
6 156
Write events
53
Delete events
0

Modification events

(PID) Process:(2764) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2764) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2764) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2764) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(2764) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(2764) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(2764) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\mzTool vba 8.0.1.2.rar
(PID) Process:(2764) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2764) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2764) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
35
Suspicious files
5
Text files
378
Unknown types
0

Dropped files

PID
Process
Filename
Type
3108MZTools8VBASetup.tmpC:\Users\admin\AppData\Local\MZTools Software\MZTools8VBA\OperatingSystemDependencies.dll
MD5:
SHA256:
3108MZTools8VBASetup.tmpC:\Users\admin\AppData\Local\MZTools Software\MZTools8VBA\MZTools8PlugIn.dll
MD5:
SHA256:
3108MZTools8VBASetup.tmpC:\Users\admin\AppData\Local\MZTools Software\MZTools8VBA\Help\accessaddins.png
MD5:
SHA256:
3108MZTools8VBASetup.tmpC:\Users\admin\AppData\Local\MZTools Software\MZTools8VBA\Help\access_keys_review_options.htm
MD5:
SHA256:
3108MZTools8VBASetup.tmpC:\Users\admin\AppData\Local\MZTools Software\MZTools8VBA\Help\action_when_closing_solution_options.htm
MD5:
SHA256:
3108MZTools8VBASetup.tmpC:\Users\admin\AppData\Local\MZTools Software\MZTools8VBA\Help\addinmanager.png
MD5:
SHA256:
3108MZTools8VBASetup.tmpC:\Users\admin\AppData\Local\MZTools Software\MZTools8VBA\Help\addinmanagervb6.png
MD5:
SHA256:
3108MZTools8VBASetup.tmpC:\Users\admin\AppData\Local\MZTools Software\MZTools8VBA\Help\is-1UOKA.tmp
MD5:
SHA256:
3108MZTools8VBASetup.tmpC:\Users\admin\AppData\Local\MZTools Software\MZTools8VBA\Help\addinmanagervs.png
MD5:
SHA256:
2764WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2764.43707\MZ-Tools 8.0.1.2944 for VBA\Crack\Guide.txttext
MD5:FDB860BBB139E82CDD622BD550A4F5AD
SHA256:7B56A21AC12219BDE830E4458E241204C46C035FE3A859DFE489B4CBCC077E46
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
mzTool vba 8.0.1.2.rar