File name:

FanControl.zip

Full analysis: https://app.any.run/tasks/c8c9e2a1-fa1f-4c0e-9ab5-781c09abc637
Verdict: Malicious activity
Analysis date: April 19, 2024, 19:39:51
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

77FBA7268491535DDBA8E253792E407D

SHA1:

AE627CC69447A5A5752E605B6DB95AAC54E47A7C

SHA256:

A933D20C70CBF1BFD1A0A4ADCB405A9DE14E62EDCA6000C9437E37F3A7348FD7

SSDEEP:

98304:Qh2F0h8yy/CpxwDjpDOByYaIEzWJx1fYK9uze7LqfIMYyDKB22Hs3K+HWAcVvLdT:60bGlrno+Nl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 1196)
      • FanControl.exe (PID: 2028)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 2524)

    • Drops a system driver (possible attempt to evade defenses)

      • FanControl.exe (PID: 2028)

    • Executable content was dropped or overwritten

      • FanControl.exe (PID: 2028)

  • INFO

    • Checks supported languages

      • FanControl.exe (PID: 2028)

    • Manual execution by a user

      • WinRAR.exe (PID: 2524)
      • FanControl.exe (PID: 3332)
      • FanControl.exe (PID: 2028)

    • Reads the computer name

      • FanControl.exe (PID: 2028)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2524)

    • Reads the machine GUID from the registry

      • FanControl.exe (PID: 2028)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 2524)

    • Creates files in the program directory

      • FanControl.exe (PID: 2028)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2022:02:10 18:07:10
ZipCRC: 0xdb6673c5
ZipCompressedSize: 4058
ZipUncompressedSize: 9728
ZipFileName: de\Microsoft.Win32.TaskScheduler.resources.dll
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
43
Monitored processes
4
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs winrar.exe fancontrol.exe no specs fancontrol.exe

Process information

PID
CMD
Path
Indicators
Parent process
1196"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\Desktop\FanControl.zipC:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2028"C:\Users\admin\Desktop\FanControl\FanControl.exe" C:\Users\admin\Desktop\FanControl\FanControl.exe
explorer.exe
User:
admin
Company:
Rémi Mercier
Integrity Level:
HIGH
Description:
FanControl
Version:
187.0.0.0
Modules
Images
c:\users\admin\desktop\fancontrol\fancontrol.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2524"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Desktop\FanControl.zip" C:\Users\admin\Desktop\FanControl\C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3332"C:\Users\admin\Desktop\FanControl\FanControl.exe" C:\Users\admin\Desktop\FanControl\FanControl.exeexplorer.exe
User:
admin
Company:
Rémi Mercier
Integrity Level:
MEDIUM
Description:
FanControl
Exit code:
3221226540
Version:
187.0.0.0
Modules
Images
c:\users\admin\desktop\fancontrol\fancontrol.exe
c:\windows\system32\ntdll.dll
Total events
4 564
Read events
4 536
Write events
28
Delete events
0

Modification events

(PID) Process:(1196) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(1196) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(1196) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1196) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(1196) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(1196) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(1196) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\FanControl.zip
(PID) Process:(1196) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1196) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1196) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
41
Suspicious files
1
Text files
5
Unknown types
0

Dropped files

PID
Process
Filename
Type
2524WinRAR.exeC:\Users\admin\Desktop\FanControl\es\Microsoft.Win32.TaskScheduler.resources.dllexecutable
MD5:15DB634B70D6D9D6CD41BAAE3F02EB14
SHA256:E893C6907DA8D68C03B1A10E68B554AD5A8C0533F15912106F32E925F2BEABF0
2524WinRAR.exeC:\Users\admin\Desktop\FanControl\de\Microsoft.Win32.TaskScheduler.resources.dllexecutable
MD5:F83D720B236576C7D1F9F55D3BB988F9
SHA256:6909A1C134D0285FBA2422A40EA0E65C1F0CA3C3EF2B94A1166015AF2A87780F
2524WinRAR.exeC:\Users\admin\Desktop\FanControl\fr\Microsoft.Win32.TaskScheduler.resources.dllexecutable
MD5:3B4621370ADDCF4306669C9E7E45C865
SHA256:E3EE50E08124A7603BE7D996DCF596EB0D3F9C603768E86E003F7B942D7097F3
2524WinRAR.exeC:\Users\admin\Desktop\FanControl\zh-CN\Microsoft.Win32.TaskScheduler.resources.dllexecutable
MD5:3CEFEC17BAAC089C54C8102A4CFD160C
SHA256:AAFBE48966DBC5372A308AB9501245CE261D2715F336AD1908C799D354C981A2
2524WinRAR.exeC:\Users\admin\Desktop\FanControl\pl\Microsoft.Win32.TaskScheduler.resources.dllexecutable
MD5:B60817A69E314B22F746917C826DA53E
SHA256:6E58D86C42B61226DD7AF35D7C9432CE6F0982D1D0D5A2F4120E8ABC5C787A02
2524WinRAR.exeC:\Users\admin\Desktop\FanControl\Resources\EULA.txttext
MD5:CA2BEC7E34A6021E0CD3F3CE02B9B261
SHA256:501AA9552D83B094D4C42E2CD268ADEA0DD59C8E3A085A72F54F898EF286E9C7
2524WinRAR.exeC:\Users\admin\Desktop\FanControl\zh-Hant\Microsoft.Win32.TaskScheduler.resources.dllexecutable
MD5:833F269BA6F0C34F49273DA7FBD7DCE7
SHA256:F8C769A357E6CD27452835E5288FE515FB50BFEEC83EF3969975171174B467E5
2524WinRAR.exeC:\Users\admin\Desktop\FanControl\Emoji.Wpf.dllexecutable
MD5:689E1A832309C484F95B07BD07FE6A2A
SHA256:21FB67EFACE68ADE290EE88F8A6CCC3869E648A49B5F5FFBAD686C3323D1CF03
2524WinRAR.exeC:\Users\admin\Desktop\FanControl\ru\Microsoft.Win32.TaskScheduler.resources.dllexecutable
MD5:DADE13E423762BDAE745D57CA3DC86EF
SHA256:1A1D5FDAC027144BCAA0E8110F4DE717E80944420C59708B3DD8E2BD31BC7ED4
2524WinRAR.exeC:\Users\admin\Desktop\FanControl\Autofac.dllexecutable
MD5:EFDF8C3BC767A12924C0BA8BB5040077
SHA256:7C01DB10615C750AFC9E711F2E2F9E9BF03B9B96586A904B54124C601FC1CBAE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
unknown
4
System
192.168.100.255:138
unknown
224.0.0.252:5355
unknown
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
FanControl.zip