File name:

Stars_pack_version_21.3.1.zip

Full analysis: https://app.any.run/tasks/20a8b1f6-a737-48df-bdaf-ec8f02315b90
Verdict: Malicious activity
Analysis date: March 11, 2025, 02:32:41
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
auto
generic
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract, compression method=store
MD5:

62DE72A8B5D947542B6C0A8F7273F074

SHA1:

BC977DED3CEC56E689BB201CDB1550A39F68B2FA

SHA256:

90A6D6B7AF9D74BB3B344F138EE56D572D60430B235D2609FF188BBCAEF836CB

SSDEEP:

98304:z7e8YCPDFcSbFE6K+mALol9hhRLPEi1zj7kNxaCF1LxGeWZVOUzUChBZ8FDcZ7s8:ZkaPJ7mTGYgJegd4UaaA/

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • GENERIC has been found (auto)

      • WinRAR.exe (PID: 2812)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 2812)

  • INFO

    • The sample compiled with english language support

      • WinRAR.exe (PID: 2812)

    • Manual execution by a user

      • zkwindow.exe (PID: 3064)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2812)

    • Reads the computer name

      • zkwindow.exe (PID: 3064)
      • zkwindow.exe (PID: 2360)

    • Checks supported languages

      • zkwindow.exe (PID: 3064)
      • zkwindow.exe (PID: 2360)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2025:03:10 19:02:46
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: version_21/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start #GENERIC winrar.exe zkwindow.exe zkwindow.exe

Process information

PID
CMD
Path
Indicators
Parent process
2360"C:\Users\admin\AppData\Local\Temp\Rar$EXa2812.19138\version_21\zkwindow.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2812.19138\version_21\zkwindow.exe
WinRAR.exe
User:
admin
Company:
Dirk Böttcher
Integrity Level:
MEDIUM
Description:
Ahnenblatt
Exit code:
3221225477
Version:
4.20.0.4
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2812.19138\version_21\zkwindow.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\appdata\local\temp\rar$exa2812.19138\version_21\borlndmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
2812"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\Stars_pack_version_21.3.1.zipC:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3064"C:\Users\admin\Desktop\version_21\zkwindow.exe" C:\Users\admin\Desktop\version_21\zkwindow.exe
explorer.exe
User:
admin
Company:
Dirk Böttcher
Integrity Level:
MEDIUM
Description:
Ahnenblatt
Exit code:
3221225477
Version:
4.20.0.4
Modules
Images
c:\users\admin\desktop\version_21\zkwindow.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\desktop\version_21\borlndmm.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
Total events
1 406
Read events
1 359
Write events
34
Delete events
13

Modification events

(PID) Process:(2812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2812) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(2812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(2812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(2812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Stars_pack_version_21.3.1.zip
(PID) Process:(2812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
6
Suspicious files
4
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
2812WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2812.19138\version_21\cc32290mt.dllexecutable
MD5:CAA0894A9B84FEC58881E06F93247B90
SHA256:4E8DF175D47501EF372B599141DA743A3AA1CBB51F6055C7E1888244FC849FF4
2812WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2812.19138\version_21\zkwindow.exeexecutable
MD5:950F3BEBB7563EE8354B21EF9CBEA4A2
SHA256:8F4F53BC02348A549F3437444AACEC43EAE5F90875EA3C5EC96600BA1CB4A061
2812WinRAR.exeC:\Users\admin\Desktop\version_21\cc32290mt.dllexecutable
MD5:CAA0894A9B84FEC58881E06F93247B90
SHA256:4E8DF175D47501EF372B599141DA743A3AA1CBB51F6055C7E1888244FC849FF4
2812WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2812.19138\version_21\borlndmm.dllexecutable
MD5:2455C75C25687F2E363F0DBEF000DAF3
SHA256:C36C66CFFEF5471D58CD81D61C9D799303FB44ABC784FC75FBCC2B5C6C44AA3A
2812WinRAR.exeC:\Users\admin\Desktop\version_21\borlndmm.dllexecutable
MD5:2455C75C25687F2E363F0DBEF000DAF3
SHA256:C36C66CFFEF5471D58CD81D61C9D799303FB44ABC784FC75FBCC2B5C6C44AA3A
2812WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2812.19138\version_21\legatee.vhdbinary
MD5:010E4EC745ADB44AACAB4ED624A99771
SHA256:157CE0AFE946F4DA14880498629B239DE9E4FA817FF348DC26EA77B72069A68D
2812WinRAR.exeC:\Users\admin\Desktop\version_21\zkwindow.exeexecutable
MD5:950F3BEBB7563EE8354B21EF9CBEA4A2
SHA256:8F4F53BC02348A549F3437444AACEC43EAE5F90875EA3C5EC96600BA1CB4A061
2812WinRAR.exeC:\Users\admin\Desktop\version_21\protolanguage.phpbinary
MD5:A2F83841FDA7B729B98BDA66C8627F3C
SHA256:1D8768C931E0C7AB9B1FD7A9269AA021204F93EE29259E7EA84742E5D6411DB4
2812WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2812.19138\version_21\protolanguage.phpbinary
MD5:A2F83841FDA7B729B98BDA66C8627F3C
SHA256:1D8768C931E0C7AB9B1FD7A9269AA021204F93EE29259E7EA84742E5D6411DB4
2812WinRAR.exeC:\Users\admin\Desktop\version_21\legatee.vhdbinary
MD5:010E4EC745ADB44AACAB4ED624A99771
SHA256:157CE0AFE946F4DA14880498629B239DE9E4FA817FF348DC26EA77B72069A68D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
whitelisted
1080
svchost.exe
224.0.0.252:5355
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 172.217.16.142
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Stars_pack_version_21.3.1.zip