analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

FakeActivation.zip

Full analysis: https://app.any.run/tasks/2a0880f3-f775-4a16-9fa8-6254e3bf0ccf
Verdict: Malicious activity
Analysis date: July 13, 2020, 06:27:54
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

6DB8A7DA4E8DC527D445B7A37D02D5D6

SHA1:

4FCC7CFF8B49A834858D8C6016C3C6F109C9C794

SHA256:

7CC43D4259F9DBE6806E1C067EBD1784EAAF56A026047D9380BE944B71E5B984

SSDEEP:

6144:slA1Q2B6SIHODfBeO6706bWyFyA3tvZqfgP6mJJtkvnBM1KgHWR:iCQ2B3IHO1e3WeGoHJJtkvnBOi

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • [email protected] (PID: 3788)
      • Free YouTube Downloader.exe (PID: 2696)
      • [email protected] (PID: 3072)
      • Free YouTube Downloader.exe (PID: 2748)
      • Uninstall.exe (PID: 2540)
      • Uninstall.exe (PID: 3384)
      • Uninstall.exe (PID: 2852)
      • Free YouTube Downloader.exe (PID: 2464)
      • Free YouTube Downloader.exe (PID: 2196)

    • Changes the autorun value in the registry

  • SUSPICIOUS

    • Executable content was dropped or overwritten

    • Creates files in the Windows directory

    • Creates a software uninstall entry

    • Removes files from Windows directory

      • Uninstall.exe (PID: 2540)

    • Uses TASKLIST.EXE to query information about running processes

      • cmd.exe (PID: 3544)
      • cmd.exe (PID: 2948)

    • Uses TASKKILL.EXE to kill process

      • cmd.exe (PID: 3544)
      • cmd.exe (PID: 2948)

  • INFO

    • Manual execution by user

      • Free YouTube Downloader.exe (PID: 2748)
      • cmd.exe (PID: 3544)
      • explorer.exe (PID: 1048)
      • Free YouTube Downloader.exe (PID: 2464)
      • Uninstall.exe (PID: 3384)
      • Uninstall.exe (PID: 2852)
      • Free YouTube Downloader.exe (PID: 2196)
      • cmd.exe (PID: 2948)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: [email protected]
ZipUncompressedSize: 405748
ZipCompressedSize: 281609
ZipCRC: 0x00b8d682
ZipModifyDate: 2016:01:22 20:15:24
ZipCompression: Deflated
ZipBitFlag: 0x0001
ZipRequiredVersion: 20
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
74
Monitored processes
22
Malicious processes
3
Suspicious processes
3

Behavior graph

Click at the process to see the details
drop and start drop and start start drop and start drop and start winrar.exe [email protected] no specs [email protected] free youtube downloader.exe no specs cmd.exe no specs free youtube downloader.exe no specs explorer.exe no specs uninstall.exe no specs uninstall.exe uninstall.exe no specs free youtube downloader.exe no specs free youtube downloader.exe tasklist.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs cmd.exe tasklist.exe no specs taskkill.exe no specs taskkill.exe no specs taskkill.exe no specs tasklist.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3212"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\FakeActivation.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
3072"C:\Users\admin\AppData\Local\Temp\Rar$EXb3212.2881\[email protected]" C:\Users\admin\AppData\Local\Temp\Rar$EXb3212.2881\[email protected]WinRAR.exe
User:
admin
Company:
Free Youtube Downloader
Integrity Level:
MEDIUM
Description:
Free Youtube Downloader 4.1.1.1 Installation
Exit code:
3221226540
Version:
4.1.1.1
3788"C:\Users\admin\AppData\Local\Temp\Rar$EXb3212.2881\[email protected]" C:\Users\admin\AppData\Local\Temp\Rar$EXb3212.2881\[email protected]
WinRAR.exe
User:
admin
Company:
Free Youtube Downloader
Integrity Level:
HIGH
Description:
Free Youtube Downloader 4.1.1.1 Installation
Exit code:
0
Version:
4.1.1.1
2696"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe" C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe[email protected]
User:
admin
Integrity Level:
HIGH
Description:
Free YouTube Downloader
Exit code:
1
Version:
4.1.1.1
3544"C:\Windows\system32\cmd.exe" C:\Windows\system32\cmd.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
3221225786
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2748"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exe" C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Free YouTube Downloader
Exit code:
1
Version:
4.1.1.1
1048"C:\Windows\explorer.exe" C:\Windows\explorer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
3384"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe" C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
2852"C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe" C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
2540"C:\Users\admin\AppData\Local\Temp\Uninstall.exe" endC:\Users\admin\AppData\Local\Temp\Uninstall.exeUninstall.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Total events
1 186
Read events
1 115
Write events
0
Delete events
0

Modification events

No data
Executable files
6
Suspicious files
0
Text files
1
Unknown types
1

Dropped files

PID
Process
Filename
Type
3788[email protected]C:\Users\admin\AppData\Local\Temp\$inst\2.tmp
MD5:
SHA256:
3788[email protected]C:\Users\admin\AppData\Local\Temp\$inst\temp_0.tmp
MD5:
SHA256:
2540Uninstall.exeC:\Users\admin\AppData\Local\Temp\Uninstall.ini
MD5:
SHA256:
3788[email protected]C:\Users\admin\Desktop\Free Youtube Downloader.lnklnk
MD5:8DBB715015E9CF37BE6580A188EB38BB
SHA256:5D22D3A008A54DA2C1C91C043D078FDF297F773E3EF9C3C991B9666CF8978B11
2852Uninstall.exeC:\Users\admin\AppData\Local\Temp\Uninstall.exeexecutable
MD5:AB648A0DF4FE7A47FE9D980C545B065D
SHA256:905A849721EC95AB08754AEEE9A60B3ED435D36962466FCBE5CFCA63DFC455CD
3788[email protected]C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.exeexecutable
MD5:AB648A0DF4FE7A47FE9D980C545B065D
SHA256:905A849721EC95AB08754AEEE9A60B3ED435D36962466FCBE5CFCA63DFC455CD
3788[email protected]C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Box.exeexecutable
MD5:1BB4DD43A8AEBC8F3B53ACD05E31D5B5
SHA256:A2380A5F503BC6F5FCFD4C72E5B807DF0740A60A298E8686BF6454F92E5D3C02
3788[email protected]C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Uninstall.initext
MD5:2059CA65DCEB7B8D4952017D04D846EF
SHA256:A549548626AD771B4A3C336B2BAF9E57775795BF76420058A0B9FFC425FD4623
3212WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb3212.2881\[email protected]executable
MD5:13F4B868603CF0DD6C32702D1BD858C9
SHA256:CAE57A60C4D269CD1CA43EF143AEDB8BFC4C09A7E4A689544883D05CE89406E7
3788[email protected]C:\Windows\Free Youtube Downloader\Free Youtube Downloader\Free YouTube Downloader.exeexecutable
MD5:F33A4E991A11BAF336A2324F700D874D
SHA256:A87524035509FF7AA277788E1A9485618665B7DA35044D70C41EC0F118F3DFD7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
FakeActivation.zip