analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

B7EB8D1DB2B60E53F5F11F28B2763A4C029C9A1C597FCFB3E0CA6C2AD1259FE6.zip

Full analysis: https://app.any.run/tasks/1b87fb51-9577-4c10-81bc-c5bd60f9b5ed
Verdict: Malicious activity
Analysis date: December 02, 2019, 18:12:37
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

D5E5D2FC07843EB1CA60D24033C38B4E

SHA1:

8EEDCBD11AF48EAF8B7309FE6B9C10938B92FC2B

SHA256:

96CF81B7AA8ABCCD401CD4BE399DDDEC661664A06EBA9C605E0B1C85989A8FEB

SSDEEP:

1536:3os42MMzthLOHBh3x678x5ygKSHXTkL44KePZp2Y1a:J42MMfO3xfxQxt84KS3A

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Loads dropped or rewritten executable

      • svchost.exe (PID: 864)
      • explorer.exe (PID: 352)
      • SearchProtocolHost.exe (PID: 3124)
  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • explorer.exe (PID: 352)
  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: B7EB8D1DB2B60E53F5F11F28B2763A4C029C9A1C597FCFB3E0CA6C2AD1259FE6
ZipUncompressedSize: 135168
ZipCompressedSize: 68082
ZipCRC: 0x14ab3f60
ZipModifyDate: 2019:12:02 18:09:04
ZipCompression: Deflated
ZipBitFlag: 0x0009
ZipRequiredVersion: 20
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
4
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs searchprotocolhost.exe no specs explorer.exe svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
4060"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\B7EB8D1DB2B60E53F5F11F28B2763A4C029C9A1C597FCFB3E0CA6C2AD1259FE6.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.60.0
3124"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Version:
7.00.7600.16385 (win7_rtm.090713-1255)
352C:\Windows\Explorer.EXEC:\Windows\explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
864C:\Windows\system32\svchost.exe -k netsvcsC:\Windows\System32\svchost.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Total events
3 920
Read events
3 864
Write events
0
Delete events
0

Modification events

No data
Executable files
3
Suspicious files
0
Text files
0
Unknown types
1

Dropped files

PID
Process
Filename
Type
4060WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb4060.41147\B7EB8D1DB2B60E53F5F11F28B2763A4C029C9A1C597FCFB3E0CA6C2AD1259FE6
MD5:
SHA256:
4060WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb4060.44000\B7EB8D1DB2B60E53F5F11F28B2763A4C029C9A1C597FCFB3E0CA6C2AD1259FE6
MD5:
SHA256:
864svchost.exeC:\Windows\appcompat\programs\RecentFileCache.bcftxt
MD5:74DC25C12CA59FB0F9AF8FC1CA3A1318
SHA256:3FCC863F670408EA1D3D7A80421994FF39F92FBC25FF1586523ECB2B4DE05206
352explorer.exeC:\Users\admin\Desktop\a (2).exeexecutable
MD5:8736CB63AF9B99340643C57DEC52394E
SHA256:B7EB8D1DB2B60E53F5F11F28B2763A4C029C9A1C597FCFB3E0CA6C2AD1259FE6
352explorer.exeC:\Users\admin\Desktop\B7EB8D1DB2B60E53F5F11F28B2763A4C029C9A1C597FCFB3E0CA6C2AD1259FE6executable
MD5:8736CB63AF9B99340643C57DEC52394E
SHA256:B7EB8D1DB2B60E53F5F11F28B2763A4C029C9A1C597FCFB3E0CA6C2AD1259FE6
352explorer.exeC:\Users\admin\Desktop\a.exeexecutable
MD5:8736CB63AF9B99340643C57DEC52394E
SHA256:B7EB8D1DB2B60E53F5F11F28B2763A4C029C9A1C597FCFB3E0CA6C2AD1259FE6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info