File name:

IndRat v.9.5.zip

Full analysis: https://app.any.run/tasks/65a3e695-2943-46d1-a7ff-b43befd91da6
Verdict: No threats detected
Analysis date: June 16, 2020, 18:36:24
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

4D79420BA4144A480626CF508E3174CB

SHA1:

3A76E8BC8744EB22FCBE98549287495D0498301C

SHA256:

943DA1A8ABC518C28402B4B8E596D55A363A34CCCD3BDF24733AA0536B4379D8

SSDEEP:

393216:JRWZ3BeewrIT31qcynDoMUlrehlvebGKl2:vlewry1ynZUGKo

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • IndRat.exe (PID: 2032)

    • Application was dropped or rewritten from another process

      • IndRat.exe (PID: 2032)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • IndRat.exe (PID: 2032)
      • WinRAR.exe (PID: 1812)

    • Reads Internet Cache Settings

      • IndRat.exe (PID: 2032)

    • Reads internet explorer settings

      • IndRat.exe (PID: 2032)

  • INFO

    • Dropped object may contain Bitcoin addresses

      • WinRAR.exe (PID: 1812)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (33.3)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2016:11:14 09:42:01
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: IndRat v.9.5/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start start winrar.exe indrat.exe

Process information

PID
CMD
Path
Indicators
Parent process
1812"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\IndRat v.9.5.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2032"C:\Users\admin\AppData\Local\Temp\Rar$EXa1812.44740\IndRat v.9.5\IndRat.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa1812.44740\IndRat v.9.5\IndRat.exe
WinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Version:
3, 3, 8, 1
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa1812.44740\indrat v.9.5\indrat.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\wsock32.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\nsi.dll
c:\windows\system32\version.dll
Total events
526
Read events
506
Write events
20
Delete events
0

Modification events

(PID) Process:(1812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(1812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(1812) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1812) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E
Operation:writeName:@C:\Windows\system32\NetworkExplorer.dll,-1
Value:
Network
(PID) Process:(1812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\IndRat v.9.5.zip
(PID) Process:(1812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1812) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
Executable files
7
Suspicious files
0
Text files
470
Unknown types
2

Dropped files

PID
Process
Filename
Type
1812WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1812.44740\IndRat v.9.5\Bandeiras\af.pngimage
MD5:E5D92DB7336D1DC8B4BE5425FF751325
SHA256:2BF77EE6997D42C789F6BDF02806F66F6615D6AB033353C3246D69020DD92B52
1812WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1812.44740\IndRat v.9.5\Bandeiras\au.pngimage
MD5:2A1384DE781BF1374F8A96710ED5CD70
SHA256:5D7C2318950FD8490EEA8C6C488917E386407D4D0C29FF2B71D10F73A9169162
1812WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1812.44740\IndRat v.9.5\Bandeiras\al.pngimage
MD5:938F6D2AD6EB0754B4B1CE8D6EFE3D00
SHA256:D3AD4F7C40CF88D3072EB158F6083053017D4B4F0537CFB8C0AAAD7CD79D768C
1812WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1812.44740\IndRat v.9.5\Bandeiras\bb.pngimage
MD5:1B660FC7E3FF7C5F1B6F2825AA2340F1
SHA256:ABE7B71B3C2797BAD35AFFF72B13936A597D6FEB8D8DE8B207639618D0020361
1812WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1812.44740\IndRat v.9.5\Bandeiras\at.pngimage
MD5:018CB031396887BB748C95FF32FA6B6A
SHA256:F2488FB3A8A7D485E53050A00B6895408F6ADADAD7F68365DB274686CA26864A
1812WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1812.44740\IndRat v.9.5\Bandeiras\ao.pngimage
MD5:5A020033C257E92D7613B278109CC404
SHA256:B82F6BFF7F8772C7A663DDBFEA394695E0970162E7D0E18696CC386160597D1F
1812WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1812.44740\IndRat v.9.5\Bandeiras\bd.pngimage
MD5:978CA19E2EE0BBD3CE75F92209636841
SHA256:C5405D50A1F056B82002B92D959DA2E25FF8EAB78F56CF62F284FB8686B23B64
1812WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1812.44740\IndRat v.9.5\Bandeiras\az.pngimage
MD5:4BA2F81E697F419D69FD71BBA504510C
SHA256:7D1B5DF9160BCCD7C19C6E30C6EF4EBE75E50023286F04861237D74D387757AD
1812WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1812.44740\IndRat v.9.5\Bandeiras\be.pngimage
MD5:18E4B453844A360A88EB140660726BD9
SHA256:10F1D7E798624369C1546581D64267580818D888771EE19853670805275C5841
1812WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1812.44740\IndRat v.9.5\Bandeiras\ag.pngimage
MD5:1C0D859D89EA2FD426B5995629B48C02
SHA256:DB673A779729744BD091322D388F31857B6E4B2F516C212317FB80BB6AE0660E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
IndRat v.9.5.zip