File name:

KeygenLucidAsc.rar

Full analysis: https://app.any.run/tasks/ab59879d-656f-4ca6-b282-9d3513d0bc23
Verdict: Malicious activity
Analysis date: February 05, 2024, 20:10:15
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v2.0, os: Win32
MD5:

8EB18589B938ED83D44CA9960D987FB3

SHA1:

7FD172D6F2E85D15DC1741F0DE829A9199273EAD

SHA256:

71D783065B626B29869F992D75692BE60365CEDBD452ED46B651D8DB3881837A

SSDEEP:

1536:WfDHGvVDr+WyOCQndT8j3dlKSzTZW9Uaa01DawOn:6DHGvVDrBRPnx8jdVW9Uah8n

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 572)
      • aScTimeTables 2008 Keygen.exe (PID: 1588)
      • aScTimeTables 2008 Keygen.exe (PID: 1408)
      • aScTimeTables 2008 Keygen.exe (PID: 3632)
      • aScTimeTables 2008 Keygen.exe (PID: 3860)

  • SUSPICIOUS

    • Write to the desktop.ini file (may be used to cloak folders)

      • WinRAR.exe (PID: 572)

    • Executable content was dropped or overwritten

      • aScTimeTables 2008 Keygen.exe (PID: 1588)
      • aScTimeTables 2008 Keygen.exe (PID: 1408)
      • aScTimeTables 2008 Keygen.exe (PID: 3632)
      • aScTimeTables 2008 Keygen.exe (PID: 3860)

    • Start notepad (likely ransomware note)

      • WinRAR.exe (PID: 572)

  • INFO

    • Reads the computer name

      • aScTimeTables 2008 Keygen.exe (PID: 1588)
      • aScTimeTables 2008 Keygen.exe (PID: 1408)
      • aScTimeTables 2008 Keygen.exe (PID: 3860)
      • aScTimeTables 2008 Keygen.exe (PID: 3632)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 572)

    • Checks supported languages

      • aScTimeTables 2008 Keygen.exe (PID: 1588)
      • aScTimeTables 2008 Keygen.exe (PID: 1408)
      • aScTimeTables 2008 Keygen.exe (PID: 3860)
      • aScTimeTables 2008 Keygen.exe (PID: 3632)

    • Create files in a temporary directory

      • aScTimeTables 2008 Keygen.exe (PID: 1588)
      • aScTimeTables 2008 Keygen.exe (PID: 1408)
      • aScTimeTables 2008 Keygen.exe (PID: 3632)
      • aScTimeTables 2008 Keygen.exe (PID: 3860)

    • Manual execution by a user

      • aScTimeTables 2008 Keygen.exe (PID: 3860)
      • aScTimeTables 2008 Keygen.exe (PID: 3632)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

CompressedSize: 42
UncompressedSize: -
OperatingSystem: Win32
ModifyDate: 2009:09:01 10:27:02
PackingMethod: Stored
ArchivedFileName: aSc.TimeTables.Keygen
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
45
Monitored processes
7
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe asctimetables 2008 keygen.exe asctimetables 2008 keygen.exe notepad.exe no specs notepad.exe no specs asctimetables 2008 keygen.exe asctimetables 2008 keygen.exe

Process information

PID
CMD
Path
Indicators
Parent process
572"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\KeygenLucidAsc.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1408"C:\Users\admin\AppData\Local\Temp\Rar$EXa572.33401\aSc.TimeTables.Keygen\aScTimeTables 2008 Keygen.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa572.33401\aSc.TimeTables.Keygen\aScTimeTables 2008 Keygen.exe
WinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa572.33401\asc.timetables.keygen\asctimetables 2008 keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
1588"C:\Users\admin\AppData\Local\Temp\Rar$EXa572.32887\aSc.TimeTables.Keygen\aScTimeTables 2008 Keygen.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa572.32887\aSc.TimeTables.Keygen\aScTimeTables 2008 Keygen.exe
WinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa572.32887\asc.timetables.keygen\asctimetables 2008 keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
2768"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\Rar$DIa572.35589\اقرأني.txtC:\Windows\System32\notepad.exeWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3156"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\Rar$DIa572.33793\desktop.iniC:\Windows\System32\notepad.exeWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3632"C:\Users\admin\Desktop\aScTimeTables 2008 Keygen.exe" C:\Users\admin\Desktop\aScTimeTables 2008 Keygen.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\asctimetables 2008 keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
3860"C:\Users\admin\Desktop\aScTimeTables 2008 Keygen.exe" C:\Users\admin\Desktop\aScTimeTables 2008 Keygen.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\asctimetables 2008 keygen.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
Total events
1 954
Read events
1 911
Write events
43
Delete events
0

Modification events

(PID) Process:(572) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(572) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(572) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(572) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(572) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(572) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(572) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(572) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(572) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(572) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\ArcColumnWidths
Operation:writeName:name
Value:
120
Executable files
8
Suspicious files
0
Text files
8
Unknown types
0

Dropped files

PID
Process
Filename
Type
572WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa572.33401\aSc.TimeTables.Keygen\desktop.initext
MD5:28190CF8D75ADD180CB53619453741D5
SHA256:2ABEF872FB358C1E3E2524D3DCE43D7862B529F77FC30162CE7D2546813CEF49
572WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa572.32887\aSc.TimeTables.Keygen\desktop.initext
MD5:28190CF8D75ADD180CB53619453741D5
SHA256:2ABEF872FB358C1E3E2524D3DCE43D7862B529F77FC30162CE7D2546813CEF49
572WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa572.33401\aSc.TimeTables.Keygen\اقرأني.txttext
MD5:272150366ED778FAFCAB7591045975E1
SHA256:59C9D995D612D98E9B1F0786C60CBBB205D4378FE421F2021D102ADA96034FE5
572WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa572.33401\aSc.TimeTables.Keygen\aScTimeTables 2008 Keygen.exeexecutable
MD5:10909732DCA100361BD9E6B76EF1F248
SHA256:6B50CEF22A698DD23A458D6E08ACB049B67D1FE9081D976E2E141EDBFE29F6B1
1588aScTimeTables 2008 Keygen.exeC:\Users\admin\AppData\Local\Temp\MHGkCfaAHS.dllexecutable
MD5:D2741BEB0690970348553278E40347D5
SHA256:9F7A25AD3CA98347ABFD35BB564BC02E2C4856012F808E5CF1CD95D54817A795
1408aScTimeTables 2008 Keygen.exeC:\Users\admin\AppData\Local\Temp\SfJvMAnqAP.dllexecutable
MD5:D2741BEB0690970348553278E40347D5
SHA256:9F7A25AD3CA98347ABFD35BB564BC02E2C4856012F808E5CF1CD95D54817A795
572WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa572.32887\aSc.TimeTables.Keygen\اقرأني.txttext
MD5:272150366ED778FAFCAB7591045975E1
SHA256:59C9D995D612D98E9B1F0786C60CBBB205D4378FE421F2021D102ADA96034FE5
572WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa572.32887\aSc.TimeTables.Keygen\aScTimeTables 2008 Keygen.exeexecutable
MD5:10909732DCA100361BD9E6B76EF1F248
SHA256:6B50CEF22A698DD23A458D6E08ACB049B67D1FE9081D976E2E141EDBFE29F6B1
572WinRAR.exeC:\Users\admin\Desktop\aScTimeTables 2008 Keygen.exeexecutable
MD5:10909732DCA100361BD9E6B76EF1F248
SHA256:6B50CEF22A698DD23A458D6E08ACB049B67D1FE9081D976E2E141EDBFE29F6B1
572WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa572.35589\اقرأني.txttext
MD5:272150366ED778FAFCAB7591045975E1
SHA256:59C9D995D612D98E9B1F0786C60CBBB205D4378FE421F2021D102ADA96034FE5
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
KeygenLucidAsc.rar