File name:

PRIMERA CITACION (1).rev

Full analysis: https://app.any.run/tasks/a160909d-abb9-4727-a327-a0127472872f
Verdict: Malicious activity
Analysis date: October 05, 2023, 12:33:21
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

EA052E8F470DC2E1F844C2D656E5CCC9

SHA1:

95A1288D018EFC14D9DFCB1D4F9B7CE3354AA10E

SHA256:

97C79C786FDC84285732D21A9BD655BE9A11312418EE6BE62CD4A6223B244DBA

SSDEEP:

98304:jrJ+ADO6jUQbVKKm1Xzz2TJIlWyzRPT977KZFhFdl+LXUrntara+A1/8FwE7+HpV:TqbONiVS

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 1648)

    • The process drops Mozilla's DLL files

      • WinRAR.exe (PID: 1648)

  • INFO

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 1648)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1648"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\PRIMERA CITACION (1).rev"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\program files\winrar\winrar.exe
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
Total events
1 018
Read events
1 000
Write events
18
Delete events
0

Modification events

(PID) Process:(1648) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1648) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(1648) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(1648) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(1648) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1648) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1648) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1648) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1648) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(1648) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
56
Suspicious files
0
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\api-ms-win-core-file-l1-2-0.dllexecutable
MD5:49C3FFD47257DBCB67A6BE9EE112BA7F
SHA256:322D963D2A2AEFD784E99697C59D494853D69BED8EFD4B445F59292930A6B165
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\api-ms-win-core-processthreads-l1-1-1.dllexecutable
MD5:D699333637DB92D319661286DF7CC39E
SHA256:FE760614903E6D46A1BE508DCCB65CF6929D792A1DB2C365FC937F2A8A240504
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\sarape.txtimage
MD5:860DBDDE7F02DA2A15BB4E835EB0781A
SHA256:B76FA44855B0BDB110C5B1C22B1594AB7FF6AE1872A45BEE6C336A2919D513EC
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\api-ms-win-core-timezone-l1-1-0.dllexecutable
MD5:F62B66F451F2DAA8410AD62D453FA0A2
SHA256:48EB5B52227B6FB5BE70CB34009C8DA68356B62F3E707DB56AF957338BA82720
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\1-DOCUMENTO JURIDICO.exeexecutable
MD5:AB63396CB0774AC41107B7B112F81D5A
SHA256:9A43C57F3E98BD69789E8CCBEEF2C1B6B5A3B1D06D63257BB4BD58DFFA23689D
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\api-ms-win-core-file-l2-1-0.dllexecutable
MD5:BFFFA7117FD9B1622C66D949BAC3F1D7
SHA256:1EA267A2E6284F17DD548C6F2285E19F7EDB15D6E737A55391140CE5CB95225E
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\api-ms-win-core-localization-l1-2-0.dllexecutable
MD5:588BD2A8E0152E0918742C1A69038F1D
SHA256:A07CC878AB5595AACD4AB229A6794513F897BD7AD14BCEC353793379146B2094
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\api-ms-win-crt-multibyte-l1-1-0.dllexecutable
MD5:4E033CFEE32EDF6BE7847E80A5114894
SHA256:DFF24441DF89A02DDE1CD984E4D3820845BAFDFF105458ED10D510126117115B
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\api-ms-win-crt-environment-l1-1-0.dllexecutable
MD5:C712515D052A385991D30B9C6AFC767F
SHA256:F7C6C7EA22EDD2F8BD07AA5B33CBCE862EF1DCDC2226EB130E0018E02FF91DC1
1648WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb1648.20065\PRIMERA CITACION\api-ms-win-crt-heap-l1-1-0.dllexecutable
MD5:F9E20DD3B07766307FCCF463AB26E3CA
SHA256:AF47AEBE065AF2F045A19F20EC7E54A6E73C0C3E9A5108A63095A7232B75381A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
unknown
2656
svchost.exe
239.255.255.250:1900
unknown
4
System
192.168.100.255:138
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
PRIMERA CITACION (1).rev