File name:

Ccleaner Pro.rar

Full analysis: https://app.any.run/tasks/16291818-3c40-41e7-b75b-19847dfd3b81
Verdict: Malicious activity
Threats:

Lumma is an information stealer, developed using the C programming language. It is offered for sale as a malware-as-a-service, with several plans available. It usually targets cryptocurrency wallets, login credentials, and other sensitive information on a compromised system. The malicious software regularly gets updates that improve and expand its functionality, making it a serious stealer threat.

Malware Trends Tracker     >>>
Analysis date: December 02, 2023, 13:45:49
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
lumma
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

0AC167AFF341EA5AF1082FF13D62CCBD

SHA1:

6D805ED5347F6239F60F6CB9EBB27102F8FCC480

SHA256:

93CE61D542B3ED558563932D044D60BC8598EC5E2B080E06A5831CE26DA7057F

SSDEEP:

196608:XuGP9r4vOT1ja8qDJNZnXO+w4zDaHKmOj:DPGvOZm8a7nXOloFNj

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • LUMMA has been detected (YARA)

      • Setup.exe (PID: 1360)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 564)

  • INFO

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 564)

    • Manual execution by a user

      • Setup.exe (PID: 3676)
      • notepad.exe (PID: 2136)
      • Setup.exe (PID: 1360)

    • Checks supported languages

      • Setup.exe (PID: 1360)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
47
Monitored processes
4
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs notepad.exe no specs setup.exe no specs #LUMMA setup.exe

Process information

PID
CMD
Path
Indicators
Parent process
564"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Ccleaner Pro.rar"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1360"C:\Users\admin\Desktop\Ccleaner Pro\Setup.exe" C:\Users\admin\Desktop\Ccleaner Pro\Setup.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\ccleaner pro\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
2136"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\Ccleaner Pro\readme.txtC:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3676"C:\Users\admin\Desktop\Ccleaner Pro\Setup.exe" C:\Users\admin\Desktop\Ccleaner Pro\Setup.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\ccleaner pro\setup.exe
c:\windows\system32\ntdll.dll
Total events
1 041
Read events
1 032
Write events
9
Delete events
0

Modification events

(PID) Process:(564) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
30
Suspicious files
0
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
564WinRAR.exeC:\Users\admin\Desktop\Ccleaner Pro\DATA\libEGL.dllexecutable
MD5:379358B4CD4B60137C0807F327531987
SHA256:0FF1D03926F5D9C01D02FAE5C5E1F018A87D7F90A1826DE47277530BFC7776F8
564WinRAR.exeC:\Users\admin\Desktop\Ccleaner Pro\DATA\libeay32.dllexecutable
MD5:67130D64A3C2B4B792C4F5F955B37287
SHA256:7581F48B16BD9C959491730E19687656F045AFBAB59222C0BABA52B25D1055BE
564WinRAR.exeC:\Users\admin\Desktop\Ccleaner Pro\DATA\libGLESV2.dllexecutable
MD5:AEBBD25609C3F1D16809C02F12E99896
SHA256:6765D163FAE52331DFDCCCAB371C9B8B5CD0915BFDB14BBF2CA5D3F42BB29F4C
564WinRAR.exeC:\Users\admin\Desktop\Ccleaner Pro\DATA\D3Dcompiler_47.dllexecutable
MD5:E6945CCEEFC0A122833576A5FC5F88F4
SHA256:FB8D0049F5DD5858C3B1DA4836FB4B77D97B72D67AD951EDB48F1A3E087EC2B1
564WinRAR.exeC:\Users\admin\Desktop\Ccleaner Pro\DATA\opengl32sw.dllexecutable
MD5:3BD5AEA364326CDFA667651A93E7A4C9
SHA256:23F04BA936568E9A7C9DCE7A6BEB52C9BE7EB13B734CD390C99E7546CBE1973D
564WinRAR.exeC:\Users\admin\Desktop\Ccleaner Pro\DATA\nssutil3.dllexecutable
MD5:F56F94F3ED54F8F59090CE505C846AE9
SHA256:9FE1BC77DE22CADBE0409F67E80873F164D19C7BCF99F44E2EBB5FB48162E8BC
564WinRAR.exeC:\Users\admin\Desktop\Ccleaner Pro\DATA\nssckbi.dllexecutable
MD5:8212B9D9E1C2068225DDA50A98E82FE2
SHA256:08A3FF20EEF63FCAD6A07A39CECDBBFDEDB5E811614DDB20D090BF2C71693C56
564WinRAR.exeC:\Users\admin\Desktop\Ccleaner Pro\DATA\odbcbase.dllexecutable
MD5:23F5CB42866EF4E70BB7744D1D88A640
SHA256:E16DD2B4BFCAEC5DC032873E358A656D978A916553017621914C7DA12829A12D
564WinRAR.exeC:\Users\admin\Desktop\Ccleaner Pro\DATA\Qt5Svg.dllexecutable
MD5:06CC5D18A496520E05BCFEE1E3169535
SHA256:EA31035FA96BA656D64B58D4F1A9DD210DF7154AFAD3D4F96EE36B41584E4360
564WinRAR.exeC:\Users\admin\Desktop\Ccleaner Pro\DATA\Qt5Core.dllexecutable
MD5:B4F2C1BE9AC448FDBB6833B0FBA3BB75
SHA256:7AB15D298CDD7185F2CCEAE2613715C54A54861FA788BB2DE3D152ECEB484288
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Ccleaner Pro.rar