File name:

All-In-One Checker.rar

Full analysis: https://app.any.run/tasks/5468eb14-559e-4450-b8e2-63585d835c57
Verdict: Malicious activity
Analysis date: October 24, 2023, 17:50:33
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

512346DA7A18BE277E4A4BC9D0DFE97C

SHA1:

9DE00FA09DD3DACA626E3AA22B5EF28A62C9CA5D

SHA256:

796A43E327C15680C40312CB722B278309529590948F6B6C24D1DA5E2D0F235D

SSDEEP:

196608:TW7sDn8USlpp0qsgYJuMWsXqBRYYpuioY:csj8drLOuMaeYpu2

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • All-In-One Checker_v24721.exe (PID: 4036)

    • Loads dropped or rewritten executable

      • All-In-One Checker_v24721.exe (PID: 4036)

    • Drops the executable file immediately after the start

      • All-In-One Checker_v24721.exe (PID: 4036)

  • SUSPICIOUS

    • Reads the Internet Settings

      • All-In-One Checker_v24721.exe (PID: 4036)

  • INFO

    • Checks supported languages

      • All-In-One Checker_v24721.exe (PID: 4036)
      • wmpnscfg.exe (PID: 1412)

    • Manual execution by a user

      • All-In-One Checker_v24721.exe (PID: 4036)
      • wmpnscfg.exe (PID: 1412)

    • Reads the computer name

      • All-In-One Checker_v24721.exe (PID: 4036)
      • wmpnscfg.exe (PID: 1412)

    • Create files in a temporary directory

      • All-In-One Checker_v24721.exe (PID: 4036)

    • Reads the machine GUID from the registry

      • All-In-One Checker_v24721.exe (PID: 4036)
      • wmpnscfg.exe (PID: 1412)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 1824)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

ArchivedFileName: All-In-One Checker\All-In-One Checker_v24721.exe
PackingMethod: Normal
ModifyDate: 2014:03:27 09:58:04
OperatingSystem: Win32
UncompressedSize: 8607744
CompressedSize: 7519938
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
43
Monitored processes
5
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs all-in-one checker_v24721.exe no specs wisptis.exe no specs wisptis.exe wmpnscfg.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
964"C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch;C:\Windows\System32\wisptis.exeAll-In-One Checker_v24721.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Pen and Touch Input Component
Exit code:
3221226540
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\wisptis.exe
c:\windows\system32\ntdll.dll
1412"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\sechost.dll
c:\windows\system32\ole32.dll
1824"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\All-In-One Checker.rar"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
4036"C:\Users\admin\Desktop\All-In-One Checker\All-In-One Checker_v24721.exe" C:\Users\admin\Desktop\All-In-One Checker\All-In-One Checker_v24721.exeexplorer.exe
User:
admin
Company:
Coded by avQse [BCF.do.am]
Integrity Level:
MEDIUM
Description:
All-In-One Checker [BCF.do.am]
Exit code:
0
Version:
2.4.7.2
Modules
Images
c:\users\admin\desktop\all-in-one checker\all-in-one checker_v24721.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
4048"C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch;C:\Windows\System32\wisptis.exe
All-In-One Checker_v24721.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Pen and Touch Input Component
Exit code:
24
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\wisptis.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\ole32.dll
Total events
3 272
Read events
3 226
Write events
42
Delete events
4

Modification events

(PID) Process:(1824) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1824) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(1824) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(1824) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(1824) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1824) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1824) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1824) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(4036) All-In-One Checker_v24721.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
Explorer.EXE
(PID) Process:(4036) All-In-One Checker_v24721.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
26
Suspicious files
1
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
1824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1824.35115\All-In-One Checker\All-In-One Checker_v24721.exeodttf
MD5:F487A9AA1483FD537B930314A5F66B38
SHA256:866580985A946D88EAE129337E1DC22F0E9599CCEC98716DFE2B4EC3F762E594
4036All-In-One Checker_v24721.exeC:\Users\admin\AppData\Local\Temp\evb45E2.tmpexecutable
MD5:FE82167880D6B888CD57A73C3A6271CF
SHA256:E18FE429D6433B8A4BB910ABE426572FF35FD154843415A28EFA0E5B914EF8B8
4036All-In-One Checker_v24721.exeC:\Users\admin\AppData\Local\Temp\evb46D0.tmpexecutable
MD5:72234865E1892D91DC37ED9D8705815E
SHA256:010429848E281F54042A3A04110B549B8A87CFF8F185C93E8917AB68E6F7B047
4036All-In-One Checker_v24721.exeC:\Users\admin\AppData\Local\Temp\evb4468.tmpexecutable
MD5:F43E6F64DCFCC265F9B02CFD53C809BC
SHA256:49E652B51068D087D5664D471872E35FC4CDC62E65867DBD23E8DED69AF10E8A
4036All-In-One Checker_v24721.exeC:\Users\admin\AppData\Local\Temp\evb4428.tmpexecutable
MD5:F43E6F64DCFCC265F9B02CFD53C809BC
SHA256:49E652B51068D087D5664D471872E35FC4CDC62E65867DBD23E8DED69AF10E8A
4036All-In-One Checker_v24721.exeC:\Users\admin\AppData\Local\Temp\evb45B2.tmpexecutable
MD5:FE82167880D6B888CD57A73C3A6271CF
SHA256:E18FE429D6433B8A4BB910ABE426572FF35FD154843415A28EFA0E5B914EF8B8
4036All-In-One Checker_v24721.exeC:\Users\admin\AppData\Local\Temp\evb4916.tmpexecutable
MD5:C41255933A1B7B4AA656A7DE8667E704
SHA256:DE0E17AEA3FE13D919E011BCA1179FF56B59B0E3C7F5583304F9185724ED2767
4036All-In-One Checker_v24721.exeC:\Users\admin\AppData\Local\Temp\evb42FD.tmpexecutable
MD5:F3412C9A5BF676CDF6653D433CAA67F7
SHA256:EAA33BB4F4C1A60D706EABB580B2419B8299F5C26890171F494A88E145B6521E
4036All-In-One Checker_v24721.exeC:\Users\admin\AppData\Local\Temp\evb4631.tmpexecutable
MD5:FE82167880D6B888CD57A73C3A6271CF
SHA256:E18FE429D6433B8A4BB910ABE426572FF35FD154843415A28EFA0E5B914EF8B8
4036All-In-One Checker_v24721.exeC:\Users\admin\AppData\Local\Temp\evb4B3C.tmpexecutable
MD5:54833FAAA1B54239ABC24CAA9EF8D9DE
SHA256:D9CB100289311089405438A6B2EE2AA522FC6005CA29C1BD5D653248DCCB759A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
2
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

Domain
IP
Reputation
avqse.ru
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
All-In-One Checker.rar