analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

1.7z

Full analysis: https://app.any.run/tasks/1b17327b-405f-4801-852d-f4349a8610ab
Verdict: Malicious activity
Analysis date: June 27, 2022, 08:40:29
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

450B047C5B3723482F2DB899080D2F88

SHA1:

350EC992BF41EDF31AF83D88A044DB52C07FFA90

SHA256:

A045E17493A073CA80B7E0A3C8780FFDBC187AED96D5090595337A52C7A0B52A

SSDEEP:

24576:y8IId5L5n08looAYLoALYeAqM/EFK1pi/KOA2gKE:y8Is5LVxxAYrLYhx/Jpi/U2gKE

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Drops executable file immediately after starts

      • WinRAR.exe (PID: 2564)
  • SUSPICIOUS

    • Checks supported languages

      • WinRAR.exe (PID: 2564)
      • cmd.exe (PID: 992)
    • Drops a file with a compile date too recent

      • WinRAR.exe (PID: 2564)
    • Reads the computer name

      • WinRAR.exe (PID: 2564)
    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2564)
    • Executed via COM

      • explorer.exe (PID: 2472)
  • INFO

    • Manual execution by user

      • cmd.exe (PID: 992)
    • Reads the computer name

      • explorer.exe (PID: 2472)
      • explorer.exe (PID: 2160)
    • Checks supported languages

      • explorer.exe (PID: 2472)
      • explorer.exe (PID: 2160)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
4
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe cmd.exe no specs explorer.exe no specs explorer.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2564"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\1.7z"C:\Program Files\WinRAR\WinRAR.exe
Explorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
992"cmd.exe" /s /k pushd "C:\Users\admin\Desktop"C:\Windows\system32\cmd.exeExplorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2160explorer.exe log.comC:\Windows\explorer.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
2472C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -EmbeddingC:\Windows\explorer.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Total events
1 192
Read events
1 159
Write events
0
Delete events
0

Modification events

No data
Executable files
2
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
2564WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2564.39975\log.comexecutable
MD5:F61955A2D14CD3B2D76F36E7FD21B305
SHA256:3DB7CF5F42B0BC39E1DE1E9036F57CA3578F8B98D5EF07F58CEA9BCD196E1ED6
2564WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2564.39975\360zip.exeexecutable
MD5:03D53D7431470E434D44E50050AFBB27
SHA256:4A21ACAE2BC6F435106EF7D16E8B89045F938C39DCDCBE00FA7B8FEB910F076D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info