File name:

Partition_Bad_Disk_3.4.1___Crack.rar

Full analysis: https://app.any.run/tasks/402299ac-1000-4b8d-89c4-cfda15b0aef3
Verdict: Malicious activity
Analysis date: June 08, 2018, 08:39:00
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

1094C856D615013E410E41D3FCB0B80B

SHA1:

7D52EE4B07E12F0E1F1231CB5E72AF5ECDD69AE0

SHA256:

9065327AB4BA3165878BF060547B9A6A6AA1F7A6282944E08BEACB751A671B8C

SSDEEP:

196608:192/EkpyKVJ6MEmJcDvD0/+XdZdt8O7liQlTMXvzSMk2VAwINxDLPP:1U/EgH/J2Q/+tyYiQavzHZ6xP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • pbd-setup.exe (PID: 1732)
      • pbd-setup.exe (PID: 332)
      • pbd.exe (PID: 2260)
      • pbd.exe (PID: 3732)
      • pbd.exe (PID: 2968)
    • Loads dropped or rewritten executable

      • pbd.exe (PID: 2260)
  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • 7zFM.exe (PID: 3132)
      • pbd-setup.exe (PID: 332)
      • pbd-setup.exe (PID: 1732)
      • pbd-setup.tmp (PID: 2816)
  • INFO

    • Loads dropped or rewritten executable

      • pbd-setup.tmp (PID: 2816)
    • Application was dropped or rewritten from another process

      • pbd-setup.tmp (PID: 3588)
      • pbd-setup.tmp (PID: 2816)
    • Dropped object may contain URL's

      • pbd-setup.exe (PID: 332)
      • pbd-setup.exe (PID: 1732)
      • pbd-setup.tmp (PID: 2816)
    • Creates files in the program directory

      • pbd-setup.tmp (PID: 2816)
    • Creates a software uninstall entry

      • pbd-setup.tmp (PID: 2816)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

CompressedSize: 187
UncompressedSize: 109
OperatingSystem: Win32
ModifyDate: 2016:09:29 17:53:18
PackingMethod: Best Compression
ArchivedFileName: Partition Bad Disk 3.4.1 + Crack\Crack\CracksUP.com.url
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
50
Monitored processes
8
Malicious processes
2
Suspicious processes
2

Behavior graph

Click at the process to see the details
drop and start drop and start start drop and start drop and start 7zfm.exe pbd-setup.exe pbd-setup.tmp no specs pbd-setup.exe pbd-setup.tmp pbd.exe no specs pbd.exe no specs pbd.exe

Process information

PID
CMD
Path
Indicators
Parent process
332"C:\Users\admin\AppData\Local\Temp\7zOC3CF8D74\pbd-setup.exe" /SPAWNWND=$601FA /NOTIFYWND=$601F4 C:\Users\admin\AppData\Local\Temp\7zOC3CF8D74\pbd-setup.exe
pbd-setup.tmp
User:
admin
Company:
Goodlucksoft
Integrity Level:
HIGH
Description:
Partition Bad Disk Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\local\temp\7zoc3cf8d74\pbd-setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
1732"C:\Users\admin\AppData\Local\Temp\7zOC3CF8D74\pbd-setup.exe" C:\Users\admin\AppData\Local\Temp\7zOC3CF8D74\pbd-setup.exe
7zFM.exe
User:
admin
Company:
Goodlucksoft
Integrity Level:
MEDIUM
Description:
Partition Bad Disk Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\appdata\local\temp\7zoc3cf8d74\pbd-setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
2260"C:\Program Files\Partition Bad Disk\pbd.exe"C:\Program Files\Partition Bad Disk\pbd.exepbd-setup.tmp
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\program files\partition bad disk\pbd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
2816"C:\Users\admin\AppData\Local\Temp\is-ENTLM.tmp\pbd-setup.tmp" /SL5="$701FC,9777337,54272,C:\Users\admin\AppData\Local\Temp\7zOC3CF8D74\pbd-setup.exe" /SPAWNWND=$601FA /NOTIFYWND=$601F4 C:\Users\admin\AppData\Local\Temp\is-ENTLM.tmp\pbd-setup.tmp
pbd-setup.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.52.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-entlm.tmp\pbd-setup.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
2968"C:\Users\admin\Desktop\pbd.exe" C:\Users\admin\Desktop\pbd.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
3221225781
Modules
Images
c:\users\admin\desktop\pbd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
3132"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\admin\AppData\Local\Temp\Partition_Bad_Disk_3.4.1___Crack.rar"C:\Program Files\7-Zip\7zFM.exe
explorer.exe
User:
admin
Company:
Igor Pavlov
Integrity Level:
MEDIUM
Description:
7-Zip File Manager
Exit code:
0
Version:
16.04
Modules
Images
c:\program files\7-zip\7zfm.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
3588"C:\Users\admin\AppData\Local\Temp\is-Q8SGE.tmp\pbd-setup.tmp" /SL5="$601F4,9777337,54272,C:\Users\admin\AppData\Local\Temp\7zOC3CF8D74\pbd-setup.exe" C:\Users\admin\AppData\Local\Temp\is-Q8SGE.tmp\pbd-setup.tmppbd-setup.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.52.0.0
Modules
Images
c:\users\admin\appdata\local\temp\is-q8sge.tmp\pbd-setup.tmp
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
3732"C:\Users\admin\AppData\Local\Temp\7zOC3C771D4\pbd.exe" C:\Users\admin\AppData\Local\Temp\7zOC3C771D4\pbd.exe7zFM.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221225781
Modules
Images
c:\users\admin\appdata\local\temp\7zoc3c771d4\pbd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
Total events
957
Read events
910
Write events
41
Delete events
6

Modification events

(PID) Process:(3132) 7zFM.exeKey:HKEY_CURRENT_USER\Software\7-Zip\FM\Columns
Operation:writeName:7-Zip.Rar
Value:
0100000004000000010000000400000001000000A00000000700000001000000640000000800000001000000640000000C00000001000000640000000A00000001000000640000000B00000001000000640000000900000001000000640000000F00000001000000640000000D00000001000000640000000E00000001000000640000001000000001000000640000001100000001000000640000001300000001000000640000001700000001000000640000001600000001000000640000002100000001000000640000001F0000000100000064000000200000000100000064000000
(PID) Process:(3132) 7zFM.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(3132) 7zFM.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
(PID) Process:(2816) pbd-setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Owner
Value:
000B0000E404223F04FFD301
(PID) Process:(2816) pbd-setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:SessionHash
Value:
07E0E7CF4849763E5454E195A108EF0946E21B325B62E4155F94B26A15E15DAE
(PID) Process:(2816) pbd-setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:Sequence
Value:
1
(PID) Process:(2816) pbd-setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFiles0000
Value:
C:\Program Files\Partition Bad Disk\pbd.exe
(PID) Process:(2816) pbd-setup.tmpKey:HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session0000
Operation:writeName:RegFilesHash
Value:
401A08BF1088F420C44516AB2D9976E3B5A057930C2F91A080D9F3AA14DAE5CD
(PID) Process:(2816) pbd-setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B12BB43-0437-42B0-9409-01CC516016E7}_is1
Operation:writeName:Inno Setup: Setup Version
Value:
5.5.1 (a)
(PID) Process:(2816) pbd-setup.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B12BB43-0437-42B0-9409-01CC516016E7}_is1
Operation:writeName:Inno Setup: App Path
Value:
C:\Program Files\Partition Bad Disk
Executable files
14
Suspicious files
0
Text files
3
Unknown types
3

Dropped files

PID
Process
Filename
Type
2816pbd-setup.tmpC:\Program Files\Partition Bad Disk\is-SL95C.tmp
MD5:
SHA256:
2816pbd-setup.tmpC:\Program Files\Partition Bad Disk\is-9DMG8.tmp
MD5:
SHA256:
2816pbd-setup.tmpC:\Program Files\Partition Bad Disk\is-8QG50.tmp
MD5:
SHA256:
2816pbd-setup.tmpC:\Program Files\Partition Bad Disk\is-SUB3T.tmp
MD5:
SHA256:
2816pbd-setup.tmpC:\Program Files\Partition Bad Disk\is-R3VIO.tmp
MD5:
SHA256:
2816pbd-setup.tmpC:\Program Files\Partition Bad Disk\is-NOI27.tmp
MD5:
SHA256:
2816pbd-setup.tmpC:\Program Files\Partition Bad Disk\is-96J9O.tmp
MD5:
SHA256:
2816pbd-setup.tmpC:\Program Files\Partition Bad Disk\is-EIPIK.tmp
MD5:
SHA256:
2816pbd-setup.tmpC:\Program Files\Partition Bad Disk\is-7P1F9.tmp
MD5:
SHA256:
2816pbd-setup.tmpC:\Program Files\Partition Bad Disk\is-PURFS.tmp
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info