File name:

PRIMERA CITACION (1).rev

Full analysis: https://app.any.run/tasks/a160909d-abb9-4727-a327-a0127472872f
Verdict: Malicious activity
Analysis date: October 05, 2023, 12:33:21
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

EA052E8F470DC2E1F844C2D656E5CCC9

SHA1:

95A1288D018EFC14D9DFCB1D4F9B7CE3354AA10E

SHA256:

97C79C786FDC84285732D21A9BD655BE9A11312418EE6BE62CD4A6223B244DBA

SSDEEP:

98304:jrJ+ADO6jUQbVKKm1Xzz2TJIlWyzRPT977KZFhFdl+LXUrntara+A1/8FwE7+HpV:TqbONiVS

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 1648)

    • The process drops Mozilla's DLL files

      • WinRAR.exe (PID: 1648)

  • INFO

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 1648)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1648"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\PRIMERA CITACION (1).rev"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
Total events
1 018
Read events
1 000
Write events
18
Delete events
0

Modification events

(PID) Process:(1648) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1648) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(1648) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(1648) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(1648) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1648) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1648) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1648) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1648) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(1648) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
56
Suspicious files
0
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\api-ms-win-core-file-l1-2-0.dllexecutable
MD5:49C3FFD47257DBCB67A6BE9EE112BA7F
SHA256:322D963D2A2AEFD784E99697C59D494853D69BED8EFD4B445F59292930A6B165
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\sarape.txtimage
MD5:860DBDDE7F02DA2A15BB4E835EB0781A
SHA256:B76FA44855B0BDB110C5B1C22B1594AB7FF6AE1872A45BEE6C336A2919D513EC
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\api-ms-win-core-file-l2-1-0.dllexecutable
MD5:BFFFA7117FD9B1622C66D949BAC3F1D7
SHA256:1EA267A2E6284F17DD548C6F2285E19F7EDB15D6E737A55391140CE5CB95225E
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\api-ms-win-crt-convert-l1-1-0.dllexecutable
MD5:D53637EAB49FE1FE1BD45D12F8E69C1F
SHA256:83678F181F46FE77F8AFE08BFC48AEBB0B4154AD45B2EFE9BFADC907313F6087
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\api-ms-win-crt-conio-l1-1-0.dllexecutable
MD5:6C88D0006CF852F2D8462DFA4E9CA8D1
SHA256:D5960C7356E8AB97D0AD77738E18C80433DA277671A6E89A943C7F7257FF3663
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\api-ms-win-core-timezone-l1-1-0.dllexecutable
MD5:F62B66F451F2DAA8410AD62D453FA0A2
SHA256:48EB5B52227B6FB5BE70CB34009C8DA68356B62F3E707DB56AF957338BA82720
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\api-ms-win-core-synch-l1-2-0.dllexecutable
MD5:47388F3966E732706054FE3D530ED0DC
SHA256:59C14541107F5F2B94BBF8686EFEE862D20114BCC9828D279DE7BF664D721132
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\api-ms-win-crt-filesystem-l1-1-0.dllexecutable
MD5:F0D507DE92851A8C0404AC78C383C5CD
SHA256:610332203D29AB218359E291401BF091BB1DB1A6D7ED98AB9A7A9942384B8E27
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\api-ms-win-core-localization-l1-2-0.dllexecutable
MD5:588BD2A8E0152E0918742C1A69038F1D
SHA256:A07CC878AB5595AACD4AB229A6794513F897BD7AD14BCEC353793379146B2094
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\api-ms-win-crt-math-l1-1-0.dllexecutable
MD5:4DD7A61590D07500704E7E775255CB00
SHA256:A25D0654DEB0CEA1AEF189BA2174D0F13BDF52F098D3A9EC36D15E4BFB30C499
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
2656
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
PRIMERA CITACION (1).rev