File name:

FanControl.zip

Full analysis: https://app.any.run/tasks/c8c9e2a1-fa1f-4c0e-9ab5-781c09abc637
Verdict: Malicious activity
Analysis date: April 19, 2024, 19:39:51
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

77FBA7268491535DDBA8E253792E407D

SHA1:

AE627CC69447A5A5752E605B6DB95AAC54E47A7C

SHA256:

A933D20C70CBF1BFD1A0A4ADCB405A9DE14E62EDCA6000C9437E37F3A7348FD7

SSDEEP:

98304:Qh2F0h8yy/CpxwDjpDOByYaIEzWJx1fYK9uze7LqfIMYyDKB22Hs3K+HWAcVvLdT:60bGlrno+Nl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 1196)
      • FanControl.exe (PID: 2028)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 2524)

    • Executable content was dropped or overwritten

      • FanControl.exe (PID: 2028)

    • Drops a system driver (possible attempt to evade defenses)

      • FanControl.exe (PID: 2028)

  • INFO

    • Manual execution by a user

      • WinRAR.exe (PID: 2524)
      • FanControl.exe (PID: 2028)
      • FanControl.exe (PID: 3332)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2524)

    • Reads the computer name

      • FanControl.exe (PID: 2028)

    • Checks supported languages

      • FanControl.exe (PID: 2028)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 2524)

    • Reads the machine GUID from the registry

      • FanControl.exe (PID: 2028)

    • Creates files in the program directory

      • FanControl.exe (PID: 2028)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2022:02:10 18:07:10
ZipCRC: 0xdb6673c5
ZipCompressedSize: 4058
ZipUncompressedSize: 9728
ZipFileName: de\Microsoft.Win32.TaskScheduler.resources.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
43
Monitored processes
4
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs winrar.exe fancontrol.exe no specs fancontrol.exe

Process information

PID
CMD
Path
Indicators
Parent process
1196"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\Desktop\FanControl.zipC:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2028"C:\Users\admin\Desktop\FanControl\FanControl.exe" C:\Users\admin\Desktop\FanControl\FanControl.exe
explorer.exe
User:
admin
Company:
Rémi Mercier
Integrity Level:
HIGH
Description:
FanControl
Version:
187.0.0.0
Modules
Images
c:\users\admin\desktop\fancontrol\fancontrol.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2524"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Desktop\FanControl.zip" C:\Users\admin\Desktop\FanControl\C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3332"C:\Users\admin\Desktop\FanControl\FanControl.exe" C:\Users\admin\Desktop\FanControl\FanControl.exeexplorer.exe
User:
admin
Company:
Rémi Mercier
Integrity Level:
MEDIUM
Description:
FanControl
Exit code:
3221226540
Version:
187.0.0.0
Modules
Images
c:\users\admin\desktop\fancontrol\fancontrol.exe
c:\windows\system32\ntdll.dll
Total events
4 564
Read events
4 536
Write events
28
Delete events
0

Modification events

(PID) Process:(1196) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(1196) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(1196) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1196) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(1196) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(1196) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(1196) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\FanControl.zip
(PID) Process:(1196) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1196) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1196) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
41
Suspicious files
1
Text files
5
Unknown types
0

Dropped files

PID
Process
Filename
Type
2524WinRAR.exeC:\Users\admin\Desktop\FanControl\FanControl.Plugins.xmlxml
MD5:2F773BFF374F0EA0AFAE2E258D20D85C
SHA256:39CAFAF34D0FA0652E7EF4CF2FCD119D1898D98B0574FFB78C4C643FBB1B542C
2524WinRAR.exeC:\Users\admin\Desktop\FanControl\fr\Microsoft.Win32.TaskScheduler.resources.dllexecutable
MD5:3B4621370ADDCF4306669C9E7E45C865
SHA256:E3EE50E08124A7603BE7D996DCF596EB0D3F9C603768E86E003F7B942D7097F3
2524WinRAR.exeC:\Users\admin\Desktop\FanControl\es\Microsoft.Win32.TaskScheduler.resources.dllexecutable
MD5:15DB634B70D6D9D6CD41BAAE3F02EB14
SHA256:E893C6907DA8D68C03B1A10E68B554AD5A8C0533F15912106F32E925F2BEABF0
2524WinRAR.exeC:\Users\admin\Desktop\FanControl\pl\Microsoft.Win32.TaskScheduler.resources.dllexecutable
MD5:B60817A69E314B22F746917C826DA53E
SHA256:6E58D86C42B61226DD7AF35D7C9432CE6F0982D1D0D5A2F4120E8ABC5C787A02
2524WinRAR.exeC:\Users\admin\Desktop\FanControl\it\Microsoft.Win32.TaskScheduler.resources.dllexecutable
MD5:1C331DA4BCE2809E16913C02E385576E
SHA256:1D0493E38D8B3FCC7EFA4916FEA1EEA69EE6449BF435E1869C1BC3F54D4090C5
2524WinRAR.exeC:\Users\admin\Desktop\FanControl\zh-CN\Microsoft.Win32.TaskScheduler.resources.dllexecutable
MD5:3CEFEC17BAAC089C54C8102A4CFD160C
SHA256:AAFBE48966DBC5372A308AB9501245CE261D2715F336AD1908C799D354C981A2
2524WinRAR.exeC:\Users\admin\Desktop\FanControl\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dllexecutable
MD5:833F269BA6F0C34F49273DA7FBD7DCE7
SHA256:F8C769A357E6CD27452835E5288FE515FB50BFEEC83EF3969975171174B467E5
2524WinRAR.exeC:\Users\admin\Desktop\FanControl\FanControl.exe.configxml
MD5:24ADD3F9146A78C73A123AB5D9ABD33C
SHA256:05A46B19F73FE30022C77FC45B37A521F18E70BCE9F75E87219B3692D1A7BE7B
2524WinRAR.exeC:\Users\admin\Desktop\FanControl\FanControl.exeexecutable
MD5:07D98BDD62C93C3C4FB7B7432B21F436
SHA256:C2048B6A0948D53B85D181F270D57EAD7622CC135252B6B5D4AA47E3101B91DD
2524WinRAR.exeC:\Users\admin\Desktop\FanControl\Autofac.dllexecutable
MD5:EFDF8C3BC767A12924C0BA8BB5040077
SHA256:7C01DB10615C750AFC9E711F2E2F9E9BF03B9B96586A904B54124C601FC1CBAE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
FanControl.zip