File name:

idrac8 license generator-beb5dec.bin.zip

Full analysis: https://app.any.run/tasks/1746dd92-c0b9-4f22-b0b8-25d48f4778bc
Verdict: Malicious activity
Analysis date: October 19, 2023, 12:38:05
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

CC288F606A237A2C3FF0D7AC20AE0F06

SHA1:

4CE2FA60A0C23CFD4459E94B148B14DF2E5A4FEE

SHA256:

8B2574CD84BD63BBD8B47CE538F5E3623DD977834CBB42DB546E976D1F8BD3FD

SSDEEP:

98304:kWhrtohoSFRCnBZbjDBcR2r5hQlleNkENEjOow2I8cZpxj/T/2y//E0rKvIroD8B:wdG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • idrac8 license generator-beb5dec.exe (PID: 2424)
      • idrac8 license generator-beb5dec.exe (PID: 2416)

  • SUSPICIOUS

    • Reads the Internet Settings

      • idrac8 license generator-beb5dec.exe (PID: 2424)
      • idrac8 license generator-beb5dec.exe (PID: 2416)

    • Application launched itself

      • idrac8 license generator-beb5dec.exe (PID: 2424)

  • INFO

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3628)

    • Reads the computer name

      • idrac8 license generator-beb5dec.exe (PID: 2424)
      • idrac8 license generator-beb5dec.exe (PID: 2416)

    • Checks supported languages

      • idrac8 license generator-beb5dec.exe (PID: 2424)
      • idrac8 license generator-beb5dec.exe (PID: 2416)

    • Manual execution by a user

      • idrac8 license generator-beb5dec.exe (PID: 2424)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 788
ZipBitFlag: 0x0001
ZipCompression: Deflated
ZipModifyDate: 2023:10:19 12:36:34
ZipCRC: 0xb965a65c
ZipCompressedSize: 2050104
ZipUncompressedSize: 2293760
ZipFileName: idrac8 license generator-beb5dec.bin
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
45
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs idrac8 license generator-beb5dec.exe no specs idrac8 license generator-beb5dec.exe

Process information

PID
CMD
Path
Indicators
Parent process
2416"C:\Users\admin\Desktop\idrac8 license generator-beb5dec.exe" C:\Users\admin\Desktop\idrac8 license generator-beb5dec.exe
idrac8 license generator-beb5dec.exe
User:
admin
Company:
MaxLim
Integrity Level:
HIGH
Description:
UpDater
Exit code:
3221225477
Version:
2.1.0.0
Modules
Images
c:\windows\system32\ntdll.dll
c:\users\admin\desktop\idrac8 license generator-beb5dec.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
2424"C:\Users\admin\Desktop\idrac8 license generator-beb5dec.exe" C:\Users\admin\Desktop\idrac8 license generator-beb5dec.exeexplorer.exe
User:
admin
Company:
MaxLim
Integrity Level:
MEDIUM
Description:
UpDater
Exit code:
0
Version:
2.1.0.0
Modules
Images
c:\windows\system32\ntdll.dll
c:\users\admin\desktop\idrac8 license generator-beb5dec.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\advapi32.dll
3628"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\idrac8 license generator-beb5dec.bin.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\usp10.dll
Total events
1 241
Read events
1 225
Write events
16
Delete events
0

Modification events

(PID) Process:(3628) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3628) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(3628) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3628) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3628) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3628) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3628) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3628) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2424) idrac8 license generator-beb5dec.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(2424) idrac8 license generator-beb5dec.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
1
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
3628WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb3628.8081\idrac8 license generator-beb5dec.binexecutable
MD5:1925BA5DFDBE3C447936025E9EAD0743
SHA256:E4B99C2CE537164344485A1359CC1BAD28D74506DE9861A85998CF1B73BF88DD
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
2
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

Domain
IP
Reputation
kinohome.live
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
idrac8 license generator-beb5dec.bin.zip