analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

NIS Purchase_Order 25802020368946700.r00

Full analysis: https://app.any.run/tasks/55454466-d045-4586-9596-8432b32cdc54
Verdict: Malicious activity
Analysis date: March 31, 2020, 01:23:33
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

9CE96E365A8CC5BF66E905AC832DCCD9

SHA1:

6BC41C18053DBB0AAC97B483DC4018DBFCDD3017

SHA256:

AD58CAFE602EF9F71295F8DDFC834EF947EB5965DBCBF33F26604997070D94E0

SSDEEP:

12288:yGhmWw00Q83Glj74Tay+RfEAx2V4dq9+T5NYiyaV:HrwrQ8IETa7E0xdpNYVq

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • NIS APPROVED MATERIAL DATA SHEET ORDER.exe (PID: 2724)
      • NIS APPROVED MATERIAL DATA SHEET ORDER.exe (PID: 2896)
    • Actions looks like stealing of personal data

      • NIS APPROVED MATERIAL DATA SHEET ORDER.exe (PID: 2896)
    • Changes settings of System certificates

      • NIS APPROVED MATERIAL DATA SHEET ORDER.exe (PID: 2896)
  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3040)
      • NIS APPROVED MATERIAL DATA SHEET ORDER.exe (PID: 2896)
    • Application launched itself

      • NIS APPROVED MATERIAL DATA SHEET ORDER.exe (PID: 2724)
    • Connects to SMTP port

      • NIS APPROVED MATERIAL DATA SHEET ORDER.exe (PID: 2896)
    • Adds / modifies Windows certificates

      • NIS APPROVED MATERIAL DATA SHEET ORDER.exe (PID: 2896)
  • INFO

    • Manual execution by user

      • NIS APPROVED MATERIAL DATA SHEET ORDER.exe (PID: 2724)
    • Reads settings of System Certificates

      • NIS APPROVED MATERIAL DATA SHEET ORDER.exe (PID: 2896)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe nis approved material data sheet order.exe no specs nis approved material data sheet order.exe

Process information

PID
CMD
Path
Indicators
Parent process
3040"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\NIS Purchase_Order 25802020368946700.r00"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
2724"C:\Users\admin\Desktop\NIS APPROVED MATERIAL DATA SHEET ORDER.exe" C:\Users\admin\Desktop\NIS APPROVED MATERIAL DATA SHEET ORDER.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
2896"C:\Users\admin\Desktop\NIS APPROVED MATERIAL DATA SHEET ORDER.exe" C:\Users\admin\Desktop\NIS APPROVED MATERIAL DATA SHEET ORDER.exe
NIS APPROVED MATERIAL DATA SHEET ORDER.exe
User:
admin
Integrity Level:
MEDIUM
Total events
4 043
Read events
481
Write events
0
Delete events
0

Modification events

No data
Executable files
2
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
3040WinRAR.exeC:\Users\admin\Desktop\NIS APPROVED MATERIAL DATA SHEET ORDER.exeexecutable
MD5:5693E7AA8C210EED4D89D2A4C43C9584
SHA256:58DCFA9F7B937A7158C79775309070F0D94FB02FB0B478A2DDA2BD10651AA247
2896NIS APPROVED MATERIAL DATA SHEET ORDER.exeC:\Users\admin\AppData\Local\Temp\tmpG216.tmpexecutable
MD5:5693E7AA8C210EED4D89D2A4C43C9584
SHA256:58DCFA9F7B937A7158C79775309070F0D94FB02FB0B478A2DDA2BD10651AA247
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
1
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2896
NIS APPROVED MATERIAL DATA SHEET ORDER.exe
198.15.87.235:587
mail.ios.co.id
SECURED SERVERS LLC
US
unknown

DNS requests

Domain
IP
Reputation
mail.ios.co.id
  • 198.15.87.235
unknown

Threats

PID
Process
Class
Message
2896
NIS APPROVED MATERIAL DATA SHEET ORDER.exe
Generic Protocol Command Decode
SURICATA Applayer Detect protocol only one direction
No debug info