File name:

winrar-x32-700.exe

Full analysis: https://app.any.run/tasks/36a98097-510e-4556-9cc6-d6de9a629927
Verdict: Malicious activity
Analysis date: May 20, 2024, 09:56:22
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

EC2C341F6C3D83620F63F614CFDA8866

SHA1:

5BC64AF5CBF6011EAE548555EEDC173228587EB8

SHA256:

709B6D062EF270090E1EBC7F349AFBC778E1D4949190179212F5363CD3C77AAF

SSDEEP:

98304:gcnA/8pUUblgVGr0zt/U5MYuOXWJ20sSeI07SYycbISJmbTXOhbeQypUi7Hx7N04:q9pKK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • winrar-x32-700.exe (PID: 1200)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • winrar-x32-700.exe (PID: 1200)

    • Reads the Internet Settings

      • winrar-x32-700.exe (PID: 1200)

    • Reads Microsoft Outlook installation path

      • winrar-x32-700.exe (PID: 1200)

    • Drops 7-zip archiver for unpacking

      • winrar-x32-700.exe (PID: 1200)

    • Reads Internet Explorer settings

      • winrar-x32-700.exe (PID: 1200)

    • Executable content was dropped or overwritten

      • winrar-x32-700.exe (PID: 1200)

    • Creates/Modifies COM task schedule object

      • uninstall.exe (PID: 2304)

    • Creates a software uninstall entry

      • uninstall.exe (PID: 2304)

    • Searches for installed software

      • uninstall.exe (PID: 2304)

  • INFO

    • Reads the computer name

      • winrar-x32-700.exe (PID: 1200)
      • uninstall.exe (PID: 2304)

    • Checks supported languages

      • winrar-x32-700.exe (PID: 1200)
      • uninstall.exe (PID: 2304)

    • Checks proxy server information

      • winrar-x32-700.exe (PID: 1200)

    • Reads the machine GUID from the registry

      • winrar-x32-700.exe (PID: 1200)

    • Creates files in the program directory

      • winrar-x32-700.exe (PID: 1200)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (64.6)
.dll | Win32 Dynamic Link Library (generic) (15.4)
.exe | Win32 Executable (generic) (10.5)
.exe | Generic Win/DOS Executable (4.6)
.exe | DOS Executable Generic (4.6)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:02:26 09:02:00+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.33
CodeSize: 238592
InitializedDataSize: 273920
UninitializedDataSize: -
EntryPoint: 0x23be0
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 7.0.0.0
ProductVersionNumber: 7.0.0.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
ProductName: WinRAR
CompanyName: Alexander Roshal
FileDescription: WinRAR
FileVersion: 7.0.0
ProductVersion: 7.0.0
InternalName: WinRAR
LegalCopyright: Copyright © Alexander Roshal 1993-2024
OriginalFileName: WinRAR.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar-x32-700.exe uninstall.exe no specs winrar-x32-700.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1200"C:\Users\admin\AppData\Local\Temp\winrar-x32-700.exe" C:\Users\admin\AppData\Local\Temp\winrar-x32-700.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
HIGH
Description:
WinRAR
Exit code:
0
Version:
7.0.0
Modules
Images
c:\users\admin\appdata\local\temp\winrar-x32-700.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2304"C:\Program Files\WinRAR\uninstall.exe" /setupC:\Program Files\WinRAR\uninstall.exewinrar-x32-700.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
HIGH
Description:
Uninstall WinRAR
Exit code:
0
Version:
7.0.0
Modules
Images
c:\program files\winrar\uninstall.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3992"C:\Users\admin\AppData\Local\Temp\winrar-x32-700.exe" C:\Users\admin\AppData\Local\Temp\winrar-x32-700.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR
Exit code:
3221226540
Version:
7.0.0
Modules
Images
c:\users\admin\appdata\local\temp\winrar-x32-700.exe
c:\windows\system32\ntdll.dll
Total events
1 530
Read events
1 433
Write events
93
Delete events
4

Modification events

(PID) Process:(1200) winrar-x32-700.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(1200) winrar-x32-700.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(1200) winrar-x32-700.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(1200) winrar-x32-700.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
(PID) Process:(1200) winrar-x32-700.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1200) winrar-x32-700.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1200) winrar-x32-700.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1200) winrar-x32-700.exeKey:HKEY_CURRENT_USER\Software\WinRAR SFX
Operation:writeName:C%%Program Files%WinRAR
Value:
C:\Program Files\WinRAR
(PID) Process:(1200) winrar-x32-700.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry
Operation:delete valueName:AddToFavoritesInitialSelection
Value:
(PID) Process:(1200) winrar-x32-700.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry
Operation:delete valueName:AddToFeedsInitialSelection
Value:
Executable files
9
Suspicious files
1
Text files
8
Unknown types
0

Dropped files

PID
Process
Filename
Type
1200winrar-x32-700.exe
MD5:
SHA256:
1200winrar-x32-700.exeC:\Program Files\WinRAR\License.txttext
MD5:672064CF19DB0B083B981CF0BE7662B0
SHA256:9FC8AA33CCAFA04C1CE4C0A61047B341297D720ADAB1B77F67B5FE59F43BB59F
1200winrar-x32-700.exeC:\Program Files\WinRAR\Uninstall.lsttext
MD5:62B9CD76BC35C97AAEA98CCBDEEE04BF
SHA256:39C919F0BF05FB379A4663F9A6C72BEDB6E8E2749DB402408349647E5D29C695
1200winrar-x32-700.exeC:\Program Files\WinRAR\Order.htmhtml
MD5:5C336DE3B3D794322AD9E5915E3A509F
SHA256:BCE29EF3B95306CB7B304FB8C3039BE7157356D9F9D4E7E1C6BFBF02A117F48F
1200winrar-x32-700.exeC:\Program Files\WinRAR\RarExt.dllexecutable
MD5:E5E51D3BD2EA0F858728489DE32106B1
SHA256:0CE0E0D2E5D9727D01E89A085F582DEB3CDEDF591F4001D633A43E7785A862F0
1200winrar-x32-700.exeC:\Program Files\WinRAR\Rar.exeexecutable
MD5:7F7292519EF82E7935008597E64B8304
SHA256:842E800CF3E4570B916250718580A8F53388FCBB8D1EAC61E3DDCA1DB287ED46
1200winrar-x32-700.exeC:\Program Files\WinRAR\RarExt64.dllexecutable
MD5:04317ACF9CA114DF3172056A8251486B
SHA256:F9397EDED0026E3E50B83157049D526443572189092DEF3091332807753B8AD8
1200winrar-x32-700.exeC:\Program Files\WinRAR\UnRAR.exeexecutable
MD5:FA54446689DEA37D67805A380B38BECE
SHA256:1E3C12A2361FD69D1A99ECF9AF7298A0A6488E8C7D7FA7F512866ACFB3B1E4CE
1200winrar-x32-700.exeC:\Program Files\WinRAR\7zxa.dllexecutable
MD5:6161EB75F65FABE5D05448FA5D7908B4
SHA256:23D67D4BCD765355C85B831279D61F46B641E7B8F3ED772ADA8C915E5DEA9CB5
1200winrar-x32-700.exeC:\Program Files\WinRAR\Descript.iontext
MD5:84846ABC52DC17020E4E934D3C94B4E6
SHA256:3449FD40D054C96285FAB92011E732174C7CD000EDA67470376F26F0D431F1F2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
1
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
winrar-x32-700.exe