File name:

Intel(R) Rapid Storage Technology(THBU2-035-129).7z

Full analysis: https://app.any.run/tasks/525d0724-fcda-4bf1-9d99-74411da50ac9
Verdict: Malicious activity
Analysis date: February 06, 2024, 09:28:26
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

B4A92E4E9CB74A29AAAF968948A6F4E9

SHA1:

D04415E688A850B3F6CA16DCFAC711C67F4CF403

SHA256:

B9BB663299733E5991475A4AC759A63FB97A162FC95699A1CD22790891F03133

SSDEEP:

98304:7GUispzojIF0euV9+qUmD6eM+TdrxHbwdTwjWn0hg+fqfjuqRkSmc1tcKdOA7BeP:USeD4e4GIn3+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Creates a writable file in the system directory

      • lodctr.exe (PID: 3060)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 752)

    • Reads the Internet Settings

      • IAStorHelp.exe (PID: 3816)
      • IAStorUI.exe (PID: 1932)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 752)

    • Create files in a temporary directory

      • IAStorUI.exe (PID: 1932)

    • Reads the machine GUID from the registry

      • IAStorUI.exe (PID: 1932)
      • IAStorIcon.exe (PID: 3600)
      • IAStorHelp.exe (PID: 3816)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 3808)
      • IAStorHelp.exe (PID: 3816)
      • IAStorUI.exe (PID: 1376)
      • IAStorUI.exe (PID: 1932)
      • IAStorIcon.exe (PID: 3600)

    • Reads the computer name

      • wmpnscfg.exe (PID: 3808)
      • IAStorUI.exe (PID: 1932)
      • IAStorHelp.exe (PID: 3816)
      • IAStorIcon.exe (PID: 3600)

    • Checks supported languages

      • IAStorHelp.exe (PID: 3816)
      • wmpnscfg.exe (PID: 3808)
      • IAStorUI.exe (PID: 1932)
      • IAStorIcon.exe (PID: 3600)

    • Reads Environment values

      • IAStorUI.exe (PID: 1932)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 752)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
49
Monitored processes
7
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe wmpnscfg.exe no specs iastorui.exe no specs iastorui.exe iastoricon.exe no specs lodctr.exe no specs iastorhelp.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
752"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Intel(R) Rapid Storage Technology(THBU2-035-129).7z"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1376"C:\Users\admin\Desktop\Intel(R) Rapid Storage Technology\IAStorUI.exe" C:\Users\admin\Desktop\Intel(R) Rapid Storage Technology\IAStorUI.exeexplorer.exe
User:
admin
Company:
Intel Corporation
Integrity Level:
MEDIUM
Description:
IAStorUI
Exit code:
3221226540
Version:
15.5.0.1051
Modules
Images
c:\users\admin\desktop\intel(r) rapid storage technology\iastorui.exe
c:\windows\system32\ntdll.dll
1932"C:\Users\admin\Desktop\Intel(R) Rapid Storage Technology\IAStorUI.exe" C:\Users\admin\Desktop\Intel(R) Rapid Storage Technology\IAStorUI.exe
explorer.exe
User:
admin
Company:
Intel Corporation
Integrity Level:
HIGH
Description:
IAStorUI
Exit code:
0
Version:
15.5.0.1051
Modules
Images
c:\users\admin\desktop\intel(r) rapid storage technology\iastorui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3060"C:\Windows\system32\lodctr.exe" "C:\Users\admin\AppData\Local\Temp\tmpB7FA.tmp"C:\Windows\System32\lodctr.exeIAStorUI.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Load PerfMon Counters
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\lodctr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\loadperf.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3600"C:\Users\admin\Desktop\Intel(R) Rapid Storage Technology\IAStorIcon.exe" C:\Users\admin\Desktop\Intel(R) Rapid Storage Technology\IAStorIcon.exeexplorer.exe
User:
admin
Company:
Intel Corporation
Integrity Level:
MEDIUM
Description:
IAStorIcon
Exit code:
0
Version:
15.5.0.1051
Modules
Images
c:\users\admin\desktop\intel(r) rapid storage technology\iastoricon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3808"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3816"C:\Users\admin\Desktop\Intel(R) Rapid Storage Technology\IAStorHelp.exe" C:\Users\admin\Desktop\Intel(R) Rapid Storage Technology\IAStorHelp.exeexplorer.exe
User:
admin
Company:
Intel Corporation
Integrity Level:
MEDIUM
Description:
IAStorHelp
Exit code:
0
Version:
15.5.0.1051
Modules
Images
c:\users\admin\desktop\intel(r) rapid storage technology\iastorhelp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
3 674
Read events
3 643
Write events
30
Delete events
1

Modification events

(PID) Process:(752) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(752) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(752) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(752) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(752) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(752) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(752) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(752) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(752) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1932) IAStorUI.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
281
Suspicious files
4
Text files
112
Unknown types
0

Dropped files

PID
Process
Filename
Type
752WinRAR.exeC:\Users\admin\Desktop\Intel(R) Rapid Storage Technology\ar\license.txttext
MD5:689D56D2277763A33A8F7DDA8D524D97
SHA256:43A92DF3B4EBB6854CA8B990F4D7C7C7BDB6A2591C75ECFAA89E0D37E211AD31
752WinRAR.exeC:\Users\admin\Desktop\Intel(R) Rapid Storage Technology\ar-SA\removdrv.txttext
MD5:A50AF4E8A84BEB3A9E645E7EAE3A04E9
SHA256:5F153B36AEE1C29748FAC81138392879DB253FA8110A6688CF680347D080DA46
752WinRAR.exeC:\Users\admin\Desktop\Intel(R) Rapid Storage Technology\cs-CZ\removdrv.txttext
MD5:B35C163D539BAAA359BBAEC4F4B01EB4
SHA256:8E0973F4D7CCF3402F824E11DFC30340B002ED4E14F77D0F99BA3E96F1B34250
752WinRAR.exeC:\Users\admin\Desktop\Intel(R) Rapid Storage Technology\ar-SA\license.txttext
MD5:C536D3019A15F7C7367E325EC1F4AE5F
SHA256:9FD2F844B815654D5ED5705389177E1C5C9DF9AD5C1BCFC7A9FF14D7B2309AF9
752WinRAR.exeC:\Users\admin\Desktop\Intel(R) Rapid Storage Technology\da\license.txttext
MD5:58009F0600E21FC4FDEDFB342510BE9F
SHA256:5A61815446603BD8FF69D9558B18781457481BB505DC3B59954BC0C773A71978
752WinRAR.exeC:\Users\admin\Desktop\Intel(R) Rapid Storage Technology\cs\license.txttext
MD5:DEACC60E7F89431FAF063E3D2C8C357E
SHA256:C4B944CEDFDDD2570A4151C65A75E77B32A5DC55F5DBF4EAE8386B4D04F9C41C
752WinRAR.exeC:\Users\admin\Desktop\Intel(R) Rapid Storage Technology\el\license.txttext
MD5:AC3AB19C17ABCA235FA7AA8F1B140B57
SHA256:0D6910240197185F69998E6C205570584DCB512759488E3535046D6327FCEBFE
752WinRAR.exeC:\Users\admin\Desktop\Intel(R) Rapid Storage Technology\cs\removdrv.txttext
MD5:2DA3BE15D6701193949B76510ACBC937
SHA256:BBBB7FBABB89B4D0CA7CCEBA6E21F09000EB477BFEEDFEADDD97444CE8A2D284
752WinRAR.exeC:\Users\admin\Desktop\Intel(R) Rapid Storage Technology\de-DE\license.txttext
MD5:32AA2CAB26D852A014190F7B4E85E4B3
SHA256:3CA85F8F58EB87B73B1E935B75FBD414B7E27F2FF39C77AA831554DD13C97F52
752WinRAR.exeC:\Users\admin\Desktop\Intel(R) Rapid Storage Technology\da\removdrv.txttext
MD5:D53E5540DC2D230DDDE8E119639A4D78
SHA256:8A7D0CDD41DE37FCDB799E589BC658782C1883C5207009847B455FE0E012C074
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Intel(R) Rapid Storage Technology(THBU2-035-129).7z