analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

jailbreak-master.zip

Full analysis: https://app.any.run/tasks/54299020-bd02-4c28-8959-ba8b7d05300a
Verdict: Malicious activity
Analysis date: September 19, 2019, 09:39:49
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract
MD5:

B28DB8208018F46166CD34E2B603E5B1

SHA1:

B3F3CE5BF914E944314282D8D2BB2A8F6BA249F6

SHA256:

AD4B7DB6BE59E3F5A4D17087F0A48B567CF9AF49C0309E486A084C6C0A630DFC

SSDEEP:

12288:5fofS7wYViDXiY0g5X/dHFCjtJORW6iZfoQS7wYViDm:5AKkYhY0wdHMJORW6OAbkYX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • jailbreak32.exe (PID: 3160)
      • jbstore2_32.exe (PID: 2972)
      • jailbreak32.exe (PID: 2340)
      • jailbreak32.exe (PID: 3192)
    • Loads dropped or rewritten executable

      • explorer.exe (PID: 276)
      • jailbreak32.exe (PID: 3160)
      • jailbreak32.exe (PID: 2340)
      • SearchProtocolHost.exe (PID: 1732)
      • jailbreak32.exe (PID: 3192)
  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2880)
    • Starts CMD.EXE for commands execution

      • explorer.exe (PID: 276)
  • INFO

    • Manual execution by user

      • jbstore2_32.exe (PID: 2972)
      • jailbreak32.exe (PID: 2340)
      • jailbreak32.exe (PID: 3160)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: jailbreak-master/
ZipUncompressedSize: -
ZipCompressedSize: -
ZipCRC: 0x00000000
ZipModifyDate: 2015:12:28 09:11:23
ZipCompression: None
ZipBitFlag: -
ZipRequiredVersion: 10
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
51
Monitored processes
9
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe searchprotocolhost.exe no specs jbstore2_32.exe no specs jailbreak32.exe no specs jailbreak32.exe explorer.exe no specs cmd.exe no specs jailbreak32.exe no specs mmc.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2880"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\jailbreak-master.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.60.0
1732"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Version:
7.00.7600.16385 (win7_rtm.090713-1255)
2972"C:\Users\admin\Desktop\jailbreak-master\binaries\jbstore2_32.exe" C:\Users\admin\Desktop\jailbreak-master\binaries\jbstore2_32.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
3160"C:\Users\admin\Desktop\jailbreak-master\binaries\jailbreak32.exe" C:\Users\admin\Desktop\jailbreak-master\binaries\jailbreak32.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
4294967295
2340"C:\Users\admin\Desktop\jailbreak-master\binaries\jailbreak32.exe" C:\Users\admin\Desktop\jailbreak-master\binaries\jailbreak32.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
4294967295
276C:\Windows\Explorer.EXEC:\Windows\explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
2188cmd /c ""C:\Users\admin\Desktop\jailbreak-master\jbcert32.bat" "C:\Windows\system32\cmd.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
4294967295
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
3192jailbreak32.exe C:\Windows\system32\mmc.exe C:\Windows\system32\certmgr.msc -32C:\Users\admin\Desktop\jailbreak-master\binaries\jailbreak32.execmd.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
4294967295
3432C:\Windows\system32\mmc.exe C:\Windows\system32\certmgr.msc -32C:\Windows\system32\mmc.exejailbreak32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Management Console
Exit code:
3221226540
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Total events
2 180
Read events
2 010
Write events
170
Delete events
0

Modification events

(PID) Process:(2880) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2880) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2880) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(276) explorer.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2880) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\jailbreak-master.zip
(PID) Process:(276) explorer.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ApplicationDestinations
Operation:writeName:MaxEntries
Value:
15
(PID) Process:(2880) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2880) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2880) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2880) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
10
Suspicious files
0
Text files
40
Unknown types
2

Dropped files

PID
Process
Filename
Type
2880WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2880.1667\jailbreak-master\binaries\jailbreak32.exe.sha256text
MD5:A9EF1A5A43306C7739C44C8AEBB9637A
SHA256:0E3E504E355827F2C66A9F0FB3AEFDA75E08E51B64A6DED5C486119861A6078E
2880WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2880.1667\jailbreak-master\binaries\jailbreakhook32.dllexecutable
MD5:236171178DE3C0D985AB7038E5B1E64D
SHA256:796C4E92F5B78E5FAF2C2DD22BEA768638DE14B10D3C37B666A62B162901A6B7
2880WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2880.1667\jailbreak-master\binaries\jbstore2_64.exeexecutable
MD5:565653A01D5E914DE9676BE44E5D323A
SHA256:2E998997F746F5F331DFDCC038FDA80A7A581664503CDD148651ACDB9A69352F
2880WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2880.1667\jailbreak-master\.gitignoretext
MD5:710A4CB08A9DDD43ED04879169BD63DD
SHA256:2F6BEE2423BD7DEC17683E42B2A85A5EC446A5A22BEB70A49082BA72B638ABD2
2880WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2880.1667\jailbreak-master\binaries\jailbreak64.exe.sha256text
MD5:263321A3A4A7E64D9AB99FC5FF2F2FBB
SHA256:ED014305ACA9D332D9256F23AB8A9161E6D7CBB42CEC9BA9344435752486D44A
2880WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2880.1667\jailbreak-master\LICENSEtext
MD5:D8406488EA21766D65902668C1F625F3
SHA256:9D8CB63A8C8A1060D0162757DAE6BED58D0C66708D67E2300A834093A23F5D0A
2880WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2880.1667\jailbreak-master\binaries\jailbreakhook64.dll.sha256text
MD5:E9058C4669A3FBC4BD9BB2C90A29211A
SHA256:6BCADF205B82F729233043146A36E46A78CC4E9AB8268CBE9B7A23BAD3D3F16D
2880WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2880.1667\jailbreak-master\binaries\jbstore2_32.exe.sha256text
MD5:55E200FF20CC7FEC26D483D1CB3A8533
SHA256:7D5C77BBE02328FDE7B2AF4BEE8B9727CF21FC58D3E73FCF2B25E8A7F7F99A51
2880WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2880.1667\jailbreak-master\README.mdtext
MD5:4AAFD0BD76FF3FBA9FB78F86843510B4
SHA256:86FD6A4F9CDD53F118044A5963F58BD77CEBBA1D369D96D990CB74936DE87A57
2880WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2880.1667\jailbreak-master\binaries\jailbreak32.exeexecutable
MD5:8FBE0B5E85EE953A824CC952AE50D3B7
SHA256:7E50BC71C20EFDAE915BA1647D7B8C4FDB2A189908D9861F795DEE699FFE1DE3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info