File name:

Ccleaner Pro.rar

Full analysis: https://app.any.run/tasks/16291818-3c40-41e7-b75b-19847dfd3b81
Verdict: Malicious activity
Threats:

Lumma is an information stealer, developed using the C programming language. It is offered for sale as a malware-as-a-service, with several plans available. It usually targets cryptocurrency wallets, login credentials, and other sensitive information on a compromised system. The malicious software regularly gets updates that improve and expand its functionality, making it a serious stealer threat.

Malware Trends Tracker     >>>
Analysis date: December 02, 2023, 13:45:49
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
lumma
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

0AC167AFF341EA5AF1082FF13D62CCBD

SHA1:

6D805ED5347F6239F60F6CB9EBB27102F8FCC480

SHA256:

93CE61D542B3ED558563932D044D60BC8598EC5E2B080E06A5831CE26DA7057F

SSDEEP:

196608:XuGP9r4vOT1ja8qDJNZnXO+w4zDaHKmOj:DPGvOZm8a7nXOloFNj

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • LUMMA has been detected (YARA)

      • Setup.exe (PID: 1360)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 564)

  • INFO

    • Manual execution by a user

      • Setup.exe (PID: 3676)
      • notepad.exe (PID: 2136)
      • Setup.exe (PID: 1360)

    • Checks supported languages

      • Setup.exe (PID: 1360)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 564)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
47
Monitored processes
4
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs notepad.exe no specs setup.exe no specs #LUMMA setup.exe

Process information

PID
CMD
Path
Indicators
Parent process
564"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Ccleaner Pro.rar"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1360"C:\Users\admin\Desktop\Ccleaner Pro\Setup.exe" C:\Users\admin\Desktop\Ccleaner Pro\Setup.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\ccleaner pro\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
2136"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\Ccleaner Pro\readme.txtC:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3676"C:\Users\admin\Desktop\Ccleaner Pro\Setup.exe" C:\Users\admin\Desktop\Ccleaner Pro\Setup.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\ccleaner pro\setup.exe
c:\windows\system32\ntdll.dll
Total events
1 041
Read events
1 032
Write events
9
Delete events
0

Modification events

(PID) Process:(564) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
30
Suspicious files
0
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
564WinRAR.exeC:\Users\admin\Desktop\Ccleaner Pro\DATA\msvcp120.dllexecutable
MD5:FD5CABBE52272BD76007B68186EBAF00
SHA256:87C42CA155473E4E71857D03497C8CBC28FA8FF7F2C8D72E8A1F39B71078F608
564WinRAR.exeC:\Users\admin\Desktop\Ccleaner Pro\DATA\libGLESV2.dllexecutable
MD5:AEBBD25609C3F1D16809C02F12E99896
SHA256:6765D163FAE52331DFDCCCAB371C9B8B5CD0915BFDB14BBF2CA5D3F42BB29F4C
564WinRAR.exeC:\Users\admin\Desktop\Ccleaner Pro\DATA\libeay32.dllexecutable
MD5:67130D64A3C2B4B792C4F5F955B37287
SHA256:7581F48B16BD9C959491730E19687656F045AFBAB59222C0BABA52B25D1055BE
564WinRAR.exeC:\Users\admin\Desktop\Ccleaner Pro\ccleaner.jpgimage
MD5:70482CEFEBC97B22A58E23CE71852482
SHA256:92C932DFDC24E45E5107DBE623F067180895F8CC81CC2B49EF151AB5B8DBBCCB
564WinRAR.exeC:\Users\admin\Desktop\Ccleaner Pro\DATA\nspr4.dllexecutable
MD5:5154BC6B297FC05C434F5A30871E8DEB
SHA256:D52DCBC75DF8F316199F024D35577E80F0AE2B19775215E1B8B01A6AD794DBE5
564WinRAR.exeC:\Users\admin\Desktop\Ccleaner Pro\DATA\Qt5Svg.dllexecutable
MD5:06CC5D18A496520E05BCFEE1E3169535
SHA256:EA31035FA96BA656D64B58D4F1A9DD210DF7154AFAD3D4F96EE36B41584E4360
564WinRAR.exeC:\Users\admin\Desktop\Ccleaner Pro\DATA\opengl32sw.dllexecutable
MD5:3BD5AEA364326CDFA667651A93E7A4C9
SHA256:23F04BA936568E9A7C9DCE7A6BEB52C9BE7EB13B734CD390C99E7546CBE1973D
564WinRAR.exeC:\Users\admin\Desktop\Ccleaner Pro\DATA\Qt5Gui.dllexecutable
MD5:D9B78F4B2F8F393C8854C7CC95EAE5D8
SHA256:55FAEBB8F5E28CDE50F561BBD2638DB7EDCFD26E7EE7B975E0049B113145AE38
564WinRAR.exeC:\Users\admin\Desktop\Ccleaner Pro\DATA\msvcr120.dllexecutable
MD5:034CCADC1C073E4216E9466B720F9849
SHA256:86E39B5995AF0E042FCDAA85FE2AEFD7C9DDC7AD65E6327BD5E7058BC3AB615F
564WinRAR.exeC:\Users\admin\Desktop\Ccleaner Pro\DATA\nssdbm3.dllexecutable
MD5:54A419A3B8F98EB90618FC12C560FB2A
SHA256:2588E00763D5A161CF97925C07628F6C8571C5841735E43D1A9AE13E9D2717EA
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Ccleaner Pro.rar