analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

Jawset%20TurbulenceFD%20v1.0%20Build%201437%20R20%20win%E4%B8%AD%E8%8B%B1%E4%B8%80%E9%94%AE%E5%AE%89%E8%A3%85%E7%89%88.rar

Full analysis: https://app.any.run/tasks/1df56e4f-e8c8-46e0-a9a3-e841eff7f6a6
Verdict: Malicious activity
Analysis date: September 30, 2020, 07:35:44
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

AC69F98A3702B7405DB8BA32F3A1CAB9

SHA1:

62C36DFF9DCC10C4BBE8D0F4E20945C5BE0FAC0E

SHA256:

73A82276DAC740D3264E9FAB4AB7B00BE676957BB05C1F4835A397B43743A31B

SSDEEP:

196608:fDM5r+QYjsqG5Pj6IiQP/maSxiMzD/yP7bgUOX2pmQMke62hEO7vj28uqqjI:f3jor6/QHm/xiMzjGxOQmQghEaadE

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • TurbulenceFD中英一键安装版.exe (PID: 2964)
      • aaaa.exe (PID: 1240)
      • TurbulenceFD中英一键安装版.exe (PID: 3456)
      • aaaa.exe (PID: 2104)
      • aaaa.exe (PID: 2892)
      • aaaa.exe (PID: 1748)
      • aaaa.exe (PID: 3036)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • aaaa.tmp (PID: 372)
      • aaaa.exe (PID: 1240)
      • aaaa.exe (PID: 2892)
      • aaaa.tmp (PID: 1724)
      • aaaa.tmp (PID: 2960)
      • aaaa.exe (PID: 1748)

  • INFO

    • Application was dropped or rewritten from another process

      • aaaa.tmp (PID: 372)
      • aaaa.tmp (PID: 1724)
      • aaaa.tmp (PID: 2960)

    • Manual execution by user

      • TurbulenceFD中英一键安装版.exe (PID: 2964)
      • aaaa.exe (PID: 1240)
      • TurbulenceFD中英一键安装版.exe (PID: 3456)
      • aaaa.exe (PID: 2104)
      • aaaa.exe (PID: 2892)
      • aaaa.exe (PID: 1748)
      • aaaa.exe (PID: 3036)

    • Loads dropped or rewritten executable

      • aaaa.tmp (PID: 372)
      • aaaa.tmp (PID: 1724)
      • aaaa.tmp (PID: 2960)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
58
Monitored processes
11
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start winrar.exe no specs turbulencefd中英一键安装版.exe no specs turbulencefd中英一键安装版.exe aaaa.exe aaaa.tmp aaaa.exe no specs aaaa.exe aaaa.tmp aaaa.exe no specs aaaa.exe aaaa.tmp

Process information

PID
CMD
Path
Indicators
Parent process
844"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\775632b1-8162-436c-9da8-9102b4fe87bb.rar"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
2964"C:\Users\admin\Desktop\TurbulenceFD中英一键安装版.exe" C:\Users\admin\Desktop\TurbulenceFD中英一键安装版.exeexplorer.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
TurbulenceFD一键安装版 Setup
Exit code:
3221226540
Version:
3456"C:\Users\admin\Desktop\TurbulenceFD中英一键安装版.exe" C:\Users\admin\Desktop\TurbulenceFD中英一键安装版.exe
explorer.exe
User:
admin
Company:
Integrity Level:
HIGH
Description:
TurbulenceFD一键安装版 Setup
Exit code:
1
Version:
1240"C:\Users\admin\Desktop\fff\aaaa.exe" C:\Users\admin\Desktop\fff\aaaa.exe
explorer.exe
User:
admin
Company:
Integrity Level:
HIGH
Description:
TurbulenceFD一键安装版 Setup
Exit code:
1
Version:
372"C:\Users\admin\AppData\Local\Temp\is-3HT03.tmp\aaaa.tmp" /SL5="$301A2,17842568,215040,C:\Users\admin\Desktop\fff\aaaa.exe" C:\Users\admin\AppData\Local\Temp\is-3HT03.tmp\aaaa.tmp
aaaa.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
1
Version:
51.52.0.0
2104"C:\Users\admin\Desktop\fff\aaaa.exe" C:\Users\admin\Desktop\fff\aaaa.exeexplorer.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
TurbulenceFD一键安装版 Setup
Exit code:
3221226540
Version:
2892"C:\Users\admin\Desktop\fff\aaaa.exe" C:\Users\admin\Desktop\fff\aaaa.exe
explorer.exe
User:
admin
Company:
Integrity Level:
HIGH
Description:
TurbulenceFD一键安装版 Setup
Exit code:
1
Version:
1724"C:\Users\admin\AppData\Local\Temp\is-GLC4S.tmp\aaaa.tmp" /SL5="$301A4,17842568,215040,C:\Users\admin\Desktop\fff\aaaa.exe" C:\Users\admin\AppData\Local\Temp\is-GLC4S.tmp\aaaa.tmp
aaaa.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
1
Version:
51.52.0.0
3036"C:\Users\admin\Desktop\fff\aaaa.exe" C:\Users\admin\Desktop\fff\aaaa.exeexplorer.exe
User:
admin
Company:
Integrity Level:
MEDIUM
Description:
TurbulenceFD一键安装版 Setup
Exit code:
3221226540
Version:
1748"C:\Users\admin\Desktop\fff\aaaa.exe" C:\Users\admin\Desktop\fff\aaaa.exe
explorer.exe
User:
admin
Company:
Integrity Level:
HIGH
Description:
TurbulenceFD一键安装版 Setup
Exit code:
1
Version:
Total events
513
Read events
469
Write events
0
Delete events
0

Modification events

No data
Executable files
12
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
844WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa844.48646\TurbulenceFD中英一键安装版.exe
MD5:
SHA256:
844WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa844.48646\1.加入会员,海量资源免费获取.url
MD5:
SHA256:
844WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa844.48646\2.C4DSKY.com 书生影视CG资源站.url
MD5:
SHA256:
844WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa844.48646\3.书生官方淘宝店,感谢支持.url
MD5:
SHA256:
844WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa844.48646\4.免责声明,使用前必看.txt
MD5:
SHA256:
844WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa844.48646\更多资源\AE模板精选影视片头音乐合集Audio Jungle超级音效库.url
MD5:
SHA256:
844WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa844.48646\更多资源\书生微信公众号,每天都有新鲜的行业干货与福利.jpg
MD5:
SHA256:
844WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa844.48646\更多资源\更多优质软件,插件,素材,资源.url
MD5:
SHA256:
2892aaaa.exeC:\Users\admin\AppData\Local\Temp\is-GLC4S.tmp\aaaa.tmpexecutable
MD5:00AD950C80B4EF7639CA7A4151E7CC50
SHA256:480257360ACD9DA0C340E2E90867AE0E12E2C93A0DCFBD1FBA57F5C9F544ABB0
1240aaaa.exeC:\Users\admin\AppData\Local\Temp\is-3HT03.tmp\aaaa.tmpexecutable
MD5:00AD950C80B4EF7639CA7A4151E7CC50
SHA256:480257360ACD9DA0C340E2E90867AE0E12E2C93A0DCFBD1FBA57F5C9F544ABB0
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Jawset%20TurbulenceFD%20v1.0%20Build%201437%20R20%20win%E4%B8%AD%E8%8B%B1%E4%B8%80%E9%94%AE%E5%AE%89%E8%A3%85%E7%89%88.rar