File name:

PRIMERA CITACION (1).rev

Full analysis: https://app.any.run/tasks/a160909d-abb9-4727-a327-a0127472872f
Verdict: Malicious activity
Analysis date: October 05, 2023, 12:33:21
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

EA052E8F470DC2E1F844C2D656E5CCC9

SHA1:

95A1288D018EFC14D9DFCB1D4F9B7CE3354AA10E

SHA256:

97C79C786FDC84285732D21A9BD655BE9A11312418EE6BE62CD4A6223B244DBA

SSDEEP:

98304:jrJ+ADO6jUQbVKKm1Xzz2TJIlWyzRPT977KZFhFdl+LXUrntara+A1/8FwE7+HpV:TqbONiVS

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 1648)

    • The process drops Mozilla's DLL files

      • WinRAR.exe (PID: 1648)

  • INFO

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 1648)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1648"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\PRIMERA CITACION (1).rev"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
Total events
1 018
Read events
1 000
Write events
18
Delete events
0

Modification events

(PID) Process:(1648) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1648) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(1648) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(1648) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(1648) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1648) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1648) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1648) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1648) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(1648) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
56
Suspicious files
0
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\api-ms-win-core-file-l1-2-0.dllexecutable
MD5:49C3FFD47257DBCB67A6BE9EE112BA7F
SHA256:322D963D2A2AEFD784E99697C59D494853D69BED8EFD4B445F59292930A6B165
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\sarape.txtimage
MD5:860DBDDE7F02DA2A15BB4E835EB0781A
SHA256:B76FA44855B0BDB110C5B1C22B1594AB7FF6AE1872A45BEE6C336A2919D513EC
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\api-ms-win-core-localization-l1-2-0.dllexecutable
MD5:588BD2A8E0152E0918742C1A69038F1D
SHA256:A07CC878AB5595AACD4AB229A6794513F897BD7AD14BCEC353793379146B2094
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\api-ms-win-core-synch-l1-2-0.dllexecutable
MD5:47388F3966E732706054FE3D530ED0DC
SHA256:59C14541107F5F2B94BBF8686EFEE862D20114BCC9828D279DE7BF664D721132
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\api-ms-win-crt-environment-l1-1-0.dllexecutable
MD5:C712515D052A385991D30B9C6AFC767F
SHA256:F7C6C7EA22EDD2F8BD07AA5B33CBCE862EF1DCDC2226EB130E0018E02FF91DC1
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\api-ms-win-core-timezone-l1-1-0.dllexecutable
MD5:F62B66F451F2DAA8410AD62D453FA0A2
SHA256:48EB5B52227B6FB5BE70CB34009C8DA68356B62F3E707DB56AF957338BA82720
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\api-ms-win-crt-conio-l1-1-0.dllexecutable
MD5:6C88D0006CF852F2D8462DFA4E9CA8D1
SHA256:D5960C7356E8AB97D0AD77738E18C80433DA277671A6E89A943C7F7257FF3663
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\api-ms-win-crt-convert-l1-1-0.dllexecutable
MD5:D53637EAB49FE1FE1BD45D12F8E69C1F
SHA256:83678F181F46FE77F8AFE08BFC48AEBB0B4154AD45B2EFE9BFADC907313F6087
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\api-ms-win-crt-heap-l1-1-0.dllexecutable
MD5:F9E20DD3B07766307FCCF463AB26E3CA
SHA256:AF47AEBE065AF2F045A19F20EC7E54A6E73C0C3E9A5108A63095A7232B75381A
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\api-ms-win-crt-multibyte-l1-1-0.dllexecutable
MD5:4E033CFEE32EDF6BE7847E80A5114894
SHA256:DFF24441DF89A02DDE1CD984E4D3820845BAFDFF105458ED10D510126117115B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2656
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
PRIMERA CITACION (1).rev