URL:

https://www.mediafire.com/file/dtojoagm1tkidcr/Release.zip/file

Full analysis: https://app.any.run/tasks/d85809a8-3ff1-4a42-905b-e3191eeccbee
Verdict: Malicious activity
Analysis date: January 11, 2025, 00:41:59
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MD5:

61FB6EAAB421C353056F4B2DEC89F3C5

SHA1:

B902A5E77998650A620314D8A3B4B5B2B89EF36D

SHA256:

AA35FC259046058D132AB4A6531431B4F963532094438BED055D084E059B8943

SSDEEP:

3:N8DSLw3eGUoXOMnErfMy:2OLw3eGDO0By

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    No malicious indicators.
  • SUSPICIOUS

    • Reads the BIOS version

      • Zylo Free Tweaking Utility.exe (PID: 3552)
    • The process checks if it is being run in the virtual environment

      • Zylo Free Tweaking Utility.exe (PID: 3552)
    • Modifies existing scheduled task

      • schtasks.exe (PID: 2456)
      • schtasks.exe (PID: 4136)
      • schtasks.exe (PID: 7036)
      • schtasks.exe (PID: 7028)
    • Read disk information to detect sandboxing environments

      • Zylo Free Tweaking Utility.exe (PID: 3552)
    • Starts CMD.EXE for commands execution

      • Zylo Free Tweaking Utility.exe (PID: 3552)
    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 3912)
      • cmd.exe (PID: 7812)
      • cmd.exe (PID: 7712)
      • cmd.exe (PID: 7408)
      • cmd.exe (PID: 3828)
      • cmd.exe (PID: 6668)
      • cmd.exe (PID: 7600)
      • cmd.exe (PID: 1760)
      • cmd.exe (PID: 7584)
      • cmd.exe (PID: 7160)
    • Uses powercfg.exe to modify the power settings

      • cmd.exe (PID: 7584)
      • cmd.exe (PID: 7160)
  • INFO

    • Reads the computer name

      • identity_helper.exe (PID: 7208)
      • Zylo Free Tweaking Utility.exe (PID: 3552)
    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 7676)
    • The process uses the downloaded file

      • msedge.exe (PID: 8160)
      • WinRAR.exe (PID: 7676)
    • Manual execution by a user

      • Zylo Free Tweaking Utility.exe (PID: 3552)
      • WinRAR.exe (PID: 7676)
    • Reads Environment values

      • identity_helper.exe (PID: 7208)
    • Checks supported languages

      • identity_helper.exe (PID: 7208)
      • Zylo Free Tweaking Utility.exe (PID: 3552)
    • Application launched itself

      • msedge.exe (PID: 2132)
    • Reads the machine GUID from the registry

      • Zylo Free Tweaking Utility.exe (PID: 3552)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
807
Monitored processes
677
Malicious processes
7
Suspicious processes
1

Behavior graph

Click at the process to see the details
start msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs rundll32.exe no specs winrar.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs zylo free tweaking utility.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs schtasks.exe no specs schtasks.exe no specs schtasks.exe no specs schtasks.exe no specs schtasks.exe no specs schtasks.exe no specs cmd.exe no specs conhost.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs schtasks.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs reg.exe no specs