analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

original IDM trial reset.rar

Full analysis: https://app.any.run/tasks/f30d007d-e461-4b88-ab8c-bd8fb489b02c
Verdict: Malicious activity
Analysis date: December 06, 2019, 19:41:32
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

8399A47BAE7C384A00207D67198ED574

SHA1:

C21C8F0ACF56C86D22CF9945B29F77B79BD64CC8

SHA256:

9880EDA1C30A68C5226E0002332877B2CC5B2ADEECF2EECA73E6D240C6C1610F

SSDEEP:

24576:5YSN3kdGOgebtVwwVOez3Fw3KgViYLLoHLTzJ9BJdj8w4avHrnz+zu:fFg2Ct1c+FsiYLLsL541EHrz+K

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • idm_trial_reset.exe (PID: 2116)
      • idm_trial_reset.exe (PID: 952)
      • SetACLx32.exe (PID: 640)
      • SetACLx32.exe (PID: 788)
      • SetACLx32.exe (PID: 272)
      • SetACLx32.exe (PID: 2468)
      • SetACLx32.exe (PID: 2408)
      • SetACLx32.exe (PID: 2180)
      • SetACLx32.exe (PID: 1856)
      • SetACLx32.exe (PID: 3884)
      • SetACLx32.exe (PID: 1160)
      • SetACLx32.exe (PID: 1504)
      • SetACLx32.exe (PID: 2336)
      • SetACLx32.exe (PID: 2832)
      • SetACLx32.exe (PID: 2536)
      • SetACLx32.exe (PID: 2356)
      • SetACLx32.exe (PID: 3664)
      • SetACLx32.exe (PID: 2248)
      • SetACLx32.exe (PID: 3100)
      • SetACLx32.exe (PID: 3848)
      • SetACLx32.exe (PID: 2148)
      • SetACLx32.exe (PID: 4000)
      • SetACLx32.exe (PID: 3800)
      • SetACLx32.exe (PID: 3932)
      • SetACLx32.exe (PID: 976)
      • SetACLx32.exe (PID: 3276)
      • SetACLx32.exe (PID: 3148)
      • SetACLx32.exe (PID: 2996)
      • SetACLx32.exe (PID: 3424)
      • SetACLx32.exe (PID: 284)
      • SetACLx32.exe (PID: 3256)
      • SetACLx32.exe (PID: 3764)
      • SetACLx32.exe (PID: 996)
      • SetACLx32.exe (PID: 2728)
      • SetACLx32.exe (PID: 2604)
      • SetACLx32.exe (PID: 4036)
      • SetACLx32.exe (PID: 532)
      • SetACLx32.exe (PID: 656)
      • SetACLx32.exe (PID: 3804)
      • SetACLx32.exe (PID: 460)
      • SetACLx32.exe (PID: 2840)
      • SetACLx32.exe (PID: 2076)
      • SetACLx32.exe (PID: 2164)
      • SetACLx32.exe (PID: 2336)
      • SetACLx32.exe (PID: 884)
      • SetACLx32.exe (PID: 2752)
      • SetACLx32.exe (PID: 1024)
      • SetACLx32.exe (PID: 656)
      • SetACLx32.exe (PID: 2280)
      • SetACLx32.exe (PID: 3856)
      • SetACLx32.exe (PID: 2820)
      • SetACLx32.exe (PID: 3776)

  • SUSPICIOUS

    • Starts CMD.EXE for commands execution

      • idm_trial_reset.exe (PID: 952)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2168)
      • idm_trial_reset.exe (PID: 952)

    • Uses REG.EXE to modify Windows registry

      • cmd.exe (PID: 2188)
      • idm_trial_reset.exe (PID: 952)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

ArchivedFileName: idm_trial_reset.exe
PackingMethod: Normal
ModifyDate: 2015:04:11 22:52:01
OperatingSystem: Win32
UncompressedSize: 1179136
CompressedSize: 1030246
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
153
Monitored processes
62
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start drop and start start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start winrar.exe idm_trial_reset.exe no specs idm_trial_reset.exe cmd.exe no specs reg.exe no specs cmd.exe no specs findstr.exe no specs cmd.exe no specs findstr.exe no specs findstr.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs reg.exe no specs reg.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs setaclx32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2168"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\original IDM trial reset.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.60.0
2116"C:\Users\admin\AppData\Local\Temp\Rar$EXa2168.31472\idm_trial_reset.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2168.31472\idm_trial_reset.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
952"C:\Users\admin\AppData\Local\Temp\Rar$EXa2168.31472\idm_trial_reset.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2168.31472\idm_trial_reset.exe
WinRAR.exe
User:
admin
Integrity Level:
HIGH
2188C:\Windows\system32\cmd.exe /c reg query hkcr\clsid /s > C:\Users\admin\AppData\Local\Temp\reg_query.tmpC:\Windows\system32\cmd.exeidm_trial_reset.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2748reg query hkcr\clsid /s C:\Windows\system32\reg.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
1784"C:\Windows\system32\cmd.exe" /c findstr /N /I cDTvBFquXk0 C:\Users\admin\AppData\Local\Temp\reg_query.tmpC:\Windows\system32\cmd.exeidm_trial_reset.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
1948findstr /N /I cDTvBFquXk0 C:\Users\admin\AppData\Local\Temp\reg_query.tmpC:\Windows\system32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
3860"C:\Windows\system32\cmd.exe" /c findstr /N . C:\Users\admin\AppData\Local\Temp\reg_query.tmp | findstr /b -1:C:\Windows\system32\cmd.exeidm_trial_reset.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
2
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2928findstr /N . C:\Users\admin\AppData\Local\Temp\reg_query.tmp C:\Windows\system32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
2
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
1608findstr /b -1:C:\Windows\system32\findstr.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Find String (QGREP) Utility
Exit code:
2
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Total events
19 291
Read events
19 273
Write events
18
Delete events
0

Modification events

(PID) Process:(2168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2168) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\original IDM trial reset.rar
(PID) Process:(2168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(2168) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
Executable files
5
Suspicious files
0
Text files
10
Unknown types
0

Dropped files

PID
Process
Filename
Type
952idm_trial_reset.exeC:\Users\admin\AppData\Local\Temp\autC212.tmp
MD5:
SHA256:
952idm_trial_reset.exeC:\Users\admin\AppData\Local\Temp\autC213.tmp
MD5:
SHA256:
952idm_trial_reset.exeC:\Users\admin\AppData\Local\Temp\autC214.tmp
MD5:
SHA256:
952idm_trial_reset.exeC:\Users\admin\AppData\Local\Temp\autC215.tmp
MD5:
SHA256:
952idm_trial_reset.exeC:\Users\admin\AppData\Local\Temp\autC235.tmp
MD5:
SHA256:
2168WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2168.31472\source\core.au3text
MD5:04C13FC88BEBBAC1B5C9CE6E69A9183C
SHA256:C99E715763DAD1342EA5400E7C9D1D4F884400BCD46AF8CE92AEBBEE10889EE3
2168WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2168.31472\source\idm_trial_reset.au3text
MD5:276DA5472764D9BC8D8264BF523A571A
SHA256:C164E02D1D5408D89017B643DD0A504AA5C99ABBE774DFB4EE550DDF7F179165
2168WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2168.31472\source\idm_trial_reset.icoimage
MD5:C0CA78AE849DE5C3CA09F297DFCC9C81
SHA256:8B166B17B3DE50EA0853727E5DFE5CDB9BEDC0E3C2EF440C165327F0FE2E3575
2168WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2168.31472\source\idm_trial.regtext
MD5:237962E36948F3D0C9EC42EFA289AC52
SHA256:40AD93CF424EEE41A0877B11ACB92F7F12D58AB3AA6FA6D64D92CFBBE11695A2
2168WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa2168.31472\source\SetACLx64.exeexecutable
MD5:3E350EB5DF15C06DEC400A39DD1C6F29
SHA256:427FF43693CB3CA2812C4754F607F107A6B2D3F5A8B313ADDEE57D89982DF419
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
original IDM trial reset.rar