analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

b50707ee6dd7e7a77ef5b3d9782afb326c63d4676e32c9dd64c4a506c62bb6f8.bin.gz

Full analysis: https://app.any.run/tasks/830e01f6-0759-4371-be14-e5779aca0fe3
Verdict: Malicious activity
Analysis date: January 22, 2019, 13:43:19
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/gzip
File info: gzip compressed data, max compression, from Unix
MD5:

8FC770F2DC722190A3C2F13AE4662816

SHA1:

D60C4909D65A6E9005278DA7490F4AF0382D4BA6

SHA256:

7ED6D20F92432C3455E2C5EEEEC5766D8BE006B6EEEBF5AE6EB7043337C78166

SSDEEP:

12288:4GlyGU0te4T3WOPzAsjDifj83jVIuAIZ25op:YXpOPcsKfu5M5Q

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • b50707ee6dd7e7a77ef5b3d9782afb326c63d4676e32c9dd64c4a506c62bb6f8.bin.exe (PID: 3084)
  • SUSPICIOUS

    • Starts Internet Explorer

      • b50707ee6dd7e7a77ef5b3d9782afb326c63d4676e32c9dd64c4a506c62bb6f8.bin.exe (PID: 3084)
    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3448)
  • INFO

    • Reads internet explorer settings

      • iexplore.exe (PID: 588)
    • Reads Internet Cache Settings

      • iexplore.exe (PID: 588)
    • Creates files in the user directory

      • iexplore.exe (PID: 588)
      • iexplore.exe (PID: 2024)
    • Changes internet zones settings

      • iexplore.exe (PID: 2024)
    • Reads settings of System Certificates

      • iexplore.exe (PID: 2024)
    • Application launched itself

      • chrome.exe (PID: 3964)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.z/gz/gzip | GZipped data (100)

EXIF

ZIP

Compression: Deflated
Flags: (none)
ModifyDate: 0000:00:00 00:00:00
ExtraFlags: Maximum Compression
OperatingSystem: Unix
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
48
Monitored processes
16
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe b50707ee6dd7e7a77ef5b3d9782afb326c63d4676e32c9dd64c4a506c62bb6f8.bin.exe no specs iexplore.exe iexplore.exe chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3448"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\b50707ee6dd7e7a77ef5b3d9782afb326c63d4676e32c9dd64c4a506c62bb6f8.bin.gz.z"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
3084"C:\Users\admin\Desktop\b50707ee6dd7e7a77ef5b3d9782afb326c63d4676e32c9dd64c4a506c62bb6f8.bin.exe" C:\Users\admin\Desktop\b50707ee6dd7e7a77ef5b3d9782afb326c63d4676e32c9dd64c4a506c62bb6f8.bin.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Project Alpha New
Version:
1.0.0.0
2024"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
b50707ee6dd7e7a77ef5b3d9782afb326c63d4676e32c9dd64c4a506c62bb6f8.bin.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
588"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2024 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3964"C:\Program Files\Google\Chrome\Application\chrome.exe" C:\Program Files\Google\Chrome\Application\chrome.exe
explorer.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
3221225547
Version:
68.0.3440.106
2812"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x6b3500b0,0x6b3500c0,0x6b3500ccC:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
2156"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3968 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
MEDIUM
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
3572"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=980,6635755228321002718,12204616253173706903,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=C17813723C1BDDFF73CED0E9F3F2AEBA --mojo-platform-channel-handle=1000 --ignored=" --type=renderer " /prefetch:2C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
2416"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,6635755228321002718,12204616253173706903,131072 --enable-features=PasswordImport --service-pipe-token=9486D031FF2E8DFDB25F291EAC7BB823 --lang=en-US --instant-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=9486D031FF2E8DFDB25F291EAC7BB823 --renderer-client-id=5 --mojo-platform-channel-handle=1900 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
3132"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=980,6635755228321002718,12204616253173706903,131072 --enable-features=PasswordImport --service-pipe-token=48B148AEEEC8D7378C35C64823E4B62F --lang=en-US --extension-process --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=48B148AEEEC8D7378C35C64823E4B62F --renderer-client-id=3 --mojo-platform-channel-handle=2168 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google Inc.
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
68.0.3440.106
Total events
1 271
Read events
1 137
Write events
0
Delete events
0

Modification events

No data
Executable files
1
Suspicious files
104
Text files
116
Unknown types
16

Dropped files

PID
Process
Filename
Type
2024iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico
MD5:
SHA256:
2024iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
588iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\sKFfn[1].txt
MD5:
SHA256:
588iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\css[1].txt
MD5:
SHA256:
2024iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\NewLogo[1].png
MD5:
SHA256:
588iexplore.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@shrinkearn[1].txttext
MD5:13B64DD84FCE7EF2532E2624EB934EB8
SHA256:DFD19C8B1E72078F493CCADD6AE0E534FD39D1DA5155BE6C36E6FEED305F242A
588iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\sKFfn[1].htmhtml
MD5:45EEA98A05EF9DB57D0555C57928EB7A
SHA256:9291A51668E1A78EF85947D1B79DA74A9494ADA68BE4805CC22057693D5B8552
588iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\styles.min[1].csstext
MD5:A1E9EAD8C5F7933E4AEF9EE918E88E16
SHA256:7CEA4DCE37D7F3591AFDA8A6D0C7FFF440597812CA558A0DD3FDFE64CD2C8FA6
3448WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3448.13283\b50707ee6dd7e7a77ef5b3d9782afb326c63d4676e32c9dd64c4a506c62bb6f8.bin.gzexecutable
MD5:CEE7E34D283C6F56926F457777289347
SHA256:B50707EE6DD7E7A77EF5B3D9782AFB326C63D4676E32C9DD64C4A506C62BB6F8
588iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PP6KS563\script.min[1].jstext
MD5:600EF0F9468F01F5ABDEDAE5521CB01A
SHA256:62EB8C55E05F53EF96A7DAAEC19F0B9BF2BEEE9846B83368AC423FB3297D80B4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
88
DNS requests
55
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3964
chrome.exe
GET
200
93.184.221.240:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
US
compressed
55.2 Kb
whitelisted
2024
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
3964
chrome.exe
GET
200
93.184.221.240:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/7E04DE896A3E666D00E687D33FFAD93BE83D349E.crt
US
der
579 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
588
iexplore.exe
172.217.21.234:443
fonts.googleapis.com
Google Inc.
US
whitelisted
588
iexplore.exe
172.217.16.162:443
pagead2.googlesyndication.com
Google Inc.
US
whitelisted
2024
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
588
iexplore.exe
104.31.78.94:443
wishes2.com
Cloudflare Inc
US
shared
588
iexplore.exe
104.20.107.54:443
shrinkearn.com
Cloudflare Inc
US
shared
588
iexplore.exe
172.217.20.104:443
www.googletagmanager.com
Google Inc.
US
whitelisted
588
iexplore.exe
172.217.21.195:443
www.gstatic.com
Google Inc.
US
whitelisted
588
iexplore.exe
216.58.208.35:443
fonts.gstatic.com
Google Inc.
US
whitelisted
3964
chrome.exe
172.217.16.195:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
588
iexplore.exe
216.58.205.226:443
adservice.google.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
shrinkearn.com
  • 104.20.107.54
  • 104.20.106.54
whitelisted
wishes2.com
  • 104.31.78.94
  • 104.31.79.94
malicious
www.googletagmanager.com
  • 172.217.20.104
whitelisted
fonts.googleapis.com
  • 172.217.21.234
whitelisted
pagead2.googlesyndication.com
  • 172.217.16.162
  • 172.217.23.162
whitelisted
www.google.com
  • 172.217.18.100
whitelisted
fonts.gstatic.com
  • 216.58.208.35
whitelisted
adservice.google.com
  • 216.58.205.226
  • 172.217.16.130
whitelisted
www.gstatic.com
  • 172.217.21.195
whitelisted

Threats

No threats detected
No debug info