download:

/42.zip

Full analysis: https://app.any.run/tasks/1b3c584d-31b5-434f-a0db-69c6c9d60c93
Verdict: Malicious activity
Analysis date: February 10, 2024, 21:09:19
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v5.1 to extract, compression method=AES Encrypted
MD5:

1DF9A18B18332F153918030B7B516615

SHA1:

6C42C62696616B72BBFC88A4BE4EAD57AA7BC503

SHA256:

BBD05DE19AA2AF1455C0494639215898A15286D9B05073B6C4817FE24B2C36FA

SSDEEP:

768:hzyVr8GSKL6O3QOXk/0u3wqOghrFCezL1VFJdbq2QTJTw02Q:hGx8DKXE//ZhhCirFi2cwK

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Application launched itself

      • WinRAR.exe (PID: 3652)
      • WinRAR.exe (PID: 3660)
      • WinRAR.exe (PID: 3848)
      • WinRAR.exe (PID: 3304)
      • WinRAR.exe (PID: 864)
      • WinRAR.exe (PID: 3404)
      • WinRAR.exe (PID: 2244)

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 3652)
      • WinRAR.exe (PID: 3848)
      • WinRAR.exe (PID: 3660)
      • WinRAR.exe (PID: 3304)
      • WinRAR.exe (PID: 864)
      • WinRAR.exe (PID: 3404)
      • WinRAR.exe (PID: 2244)

  • INFO

    • Manual execution by a user

      • WinRAR.exe (PID: 1928)
      • WinRAR.exe (PID: 2860)
      • WinRAR.exe (PID: 3068)
      • WinRAR.exe (PID: 2244)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 51
ZipBitFlag: 0x0001
ZipCompression: Unknown (99)
ZipModifyDate: 2000:03:28 21:40:54
ZipCRC: 0x00000000
ZipCompressedSize: 2524
ZipUncompressedSize: 34902
ZipFileName: lib 0.zip
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
54
Monitored processes
12
Malicious processes
0
Suspicious processes
3

Behavior graph

Click at the process to see the details
start winrar.exe no specs winrar.exe no specs winrar.exe no specs winrar.exe no specs winrar.exe no specs winrar.exe no specs winrar.exe no specs winrar.exe no specs winrar.exe no specs winrar.exe no specs winrar.exe no specs winrar.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
864"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Rar$DIa3304.36346\doc 5.zip"C:\Program Files\WinRAR\WinRAR.exeWinRAR.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1848"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Rar$DIa3404.42654\page a.zip"C:\Program Files\WinRAR\WinRAR.exeWinRAR.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1928"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\lib 6.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2124"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Rar$DIa864.36459\page c.zip"C:\Program Files\WinRAR\WinRAR.exeWinRAR.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2244"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\chapter a.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2860"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\42.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3068"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\book 0.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3304"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Rar$DIa3848.36235\chapter 4.zip"C:\Program Files\WinRAR\WinRAR.exeWinRAR.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3404"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Rar$DIa2244.42578\doc a.zip"C:\Program Files\WinRAR\WinRAR.exeWinRAR.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3652"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\42.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
38 182
Read events
37 895
Write events
287
Delete events
0

Modification events

(PID) Process:(3652) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3652) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3652) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3652) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3652) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3652) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3652) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\42.zip
(PID) Process:(3652) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3652) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3652) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
0
Suspicious files
55
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
2124WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa2124.36717\0.dll
MD5:
SHA256:
3660WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa3660.36128\book 1.zipcompressed
MD5:38605A41EDA691B378C8304BF914C777
SHA256:F791BEA6D653EDDCAF8BE57E45B698E75F105E28A20C50F519AD43A2B2E27B2A
3652WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIb3652.35798\lib 0.zipcompressed
MD5:0A76BD3E26768BBA68ACA3D210997069
SHA256:9056B87F079861D1B0F041317D6415927D9FFB6498CE2530FF90FDA69FA64E78
2860WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2860.39076\lib c.zipcompressed
MD5:0A76BD3E26768BBA68ACA3D210997069
SHA256:9056B87F079861D1B0F041317D6415927D9FFB6498CE2530FF90FDA69FA64E78
2860WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2860.39076\lib e.zipcompressed
MD5:0A76BD3E26768BBA68ACA3D210997069
SHA256:9056B87F079861D1B0F041317D6415927D9FFB6498CE2530FF90FDA69FA64E78
2860WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2860.39076\lib 5.zipcompressed
MD5:0A76BD3E26768BBA68ACA3D210997069
SHA256:9056B87F079861D1B0F041317D6415927D9FFB6498CE2530FF90FDA69FA64E78
2860WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2860.39076\lib 9.zipcompressed
MD5:0A76BD3E26768BBA68ACA3D210997069
SHA256:9056B87F079861D1B0F041317D6415927D9FFB6498CE2530FF90FDA69FA64E78
2860WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2860.39076\lib 7.zipcompressed
MD5:0A76BD3E26768BBA68ACA3D210997069
SHA256:9056B87F079861D1B0F041317D6415927D9FFB6498CE2530FF90FDA69FA64E78
2860WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2860.39076\lib 1.zipcompressed
MD5:0A76BD3E26768BBA68ACA3D210997069
SHA256:9056B87F079861D1B0F041317D6415927D9FFB6498CE2530FF90FDA69FA64E78
2860WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2860.39076\lib b.zipcompressed
MD5:0A76BD3E26768BBA68ACA3D210997069
SHA256:9056B87F079861D1B0F041317D6415927D9FFB6498CE2530FF90FDA69FA64E78
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/42.zip