analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

CDMA+Workshop+2.7.rar

Full analysis: https://app.any.run/tasks/43cadd60-1724-45ee-9052-3dff2793368a
Verdict: Malicious activity
Analysis date: August 08, 2020, 20:44:58
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

2A80D1C71281FAC67C6896C62555A0DF

SHA1:

7AD2503E38AF70124D733AA99E30BEEECE8E39A3

SHA256:

713C304397FCFE49886AEFF0319C74C5DDEF7CDA6B84FB256207B84876D446BA

SSDEEP:

98304:zH9jFw2FiNVCqYDZOlIlmL6uhlgm0PqfSASO3/NUqU6vUgRHtdDyMwSq++Ew:zHjzoNVTYBReFJKAF/WqUHgpWxT+xw

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • cdma workshop.exe (PID: 2336)
  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1020)
  • INFO

    • Manual execution by user

      • cdma_workshop_FULL_Cracked.exe (PID: 2976)
      • cdma workshop.exe (PID: 2336)
      • cdma_workshop_FULL_Cracked.exe (PID: 3964)
      • cdma_workshop_FULL_Cracked.exe (PID: 2576)
      • cdma_workshop_FULL_Cracked.exe (PID: 2060)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

ArchivedFileName: CDMA Workshop 2.7\cdma workshop - ?????.lnk
PackingMethod: Normal
ModifyDate: 2016:10:05 08:07:15
OperatingSystem: Win32
UncompressedSize: 812
CompressedSize: 537
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
49
Monitored processes
7
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe cdma_workshop_full_cracked.exe cdma_workshop_full_cracked.exe cdma workshop.exe no specs cdma_workshop_full_cracked.exe cdma_workshop_full_cracked.exe cdma_workshop_full_cracked.exe

Process information

PID
CMD
Path
Indicators
Parent process
1020"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\CDMA+Workshop+2.7.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.60.0
3964"C:\Users\admin\Desktop\CDMA Workshop 2.7\cdma_workshop_FULL_Cracked.exe" C:\Users\admin\Desktop\CDMA Workshop 2.7\cdma_workshop_FULL_Cracked.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
2
2576"C:\Users\admin\Desktop\CDMA Workshop 2.7\cdma_workshop_FULL_Cracked.exe" C:\Users\admin\Desktop\CDMA Workshop 2.7\cdma_workshop_FULL_Cracked.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
2
2336"C:\Users\admin\Desktop\CDMA Workshop 2.7\cdma workshop.exe" C:\Users\admin\Desktop\CDMA Workshop 2.7\cdma workshop.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
2648"cdma_workshop_FULL_Cracked.exe"C:\Users\admin\Desktop\CDMA Workshop 2.7\cdma_workshop_FULL_Cracked.exe
cdma workshop.exe
User:
admin
Integrity Level:
MEDIUM
2976"C:\Users\admin\Desktop\CDMA Workshop 2.7\cdma_workshop_FULL_Cracked.exe" C:\Users\admin\Desktop\CDMA Workshop 2.7\cdma_workshop_FULL_Cracked.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
2
2060"C:\Users\admin\Desktop\CDMA Workshop 2.7\cdma_workshop_FULL_Cracked.exe" C:\Users\admin\Desktop\CDMA Workshop 2.7\cdma_workshop_FULL_Cracked.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
2
Total events
443
Read events
419
Write events
24
Delete events
0

Modification events

(PID) Process:(1020) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(1020) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(1020) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\137\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1020) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\137\52C64B7E
Operation:writeName:@C:\Windows\system32\NetworkExplorer.dll,-1
Value:
Network
(PID) Process:(1020) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\CDMA+Workshop+2.7.rar
(PID) Process:(1020) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1020) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1020) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1020) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3964) cdma_workshop_FULL_Cracked.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WinLicense
Operation:writeName:CheckIN
Value:
1
Executable files
1
Suspicious files
1
Text files
0
Unknown types
1

Dropped files

PID
Process
Filename
Type
1020WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1020.36234\CDMA Workshop 2.7\cdma_workshop_FULL_Cracked.exe
MD5:
SHA256:
1020WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1020.36234\CDMA Workshop 2.7\cdma workshop - Ярлык.lnklnk
MD5:EC987939727F3DBD28A9F1F15432D260
SHA256:3831A16AE7D0779FA6E06AF273BC5B82887320439AB90C3627A54DAFA4FE3AA0
1020WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1020.36234\CDMA Workshop 2.7\cdma workshop.exeexecutable
MD5:6E4AA3D87CB3B35DBDEF34B5F268A374
SHA256:74B91FB5BB5C61ED31D7E0DDF5EA7CD1C5DDEA3648860DD99633E73850E83F37
2336cdma workshop.exeC:\Users\admin\Desktop\CDMA Workshop 2.7\key_workshop.datbinary
MD5:0DE37F6B2C1E34ED985FA40EDC5B9911
SHA256:4C1DFDDFACEDA12BB8E92ADE509330EFBF10A8372D0A4BA901267CB467FE190D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
Process
Message
cdma_workshop_FULL_Cracked.exe
%s------------------------------------------------ --- WinLicense Professional --- --- (c)2007 Oreans Technologies --- ------------------------------------------------
cdma_workshop_FULL_Cracked.exe
%s------------------------------------------------ --- WinLicense Professional --- --- (c)2007 Oreans Technologies --- ------------------------------------------------
cdma_workshop_FULL_Cracked.exe
%s------------------------------------------------ --- WinLicense Professional --- --- (c)2007 Oreans Technologies --- ------------------------------------------------
cdma_workshop_FULL_Cracked.exe
%s------------------------------------------------ --- WinLicense Professional --- --- (c)2007 Oreans Technologies --- ------------------------------------------------