File name:

cgminer-3.7.2-windows.rar

Full analysis: https://app.any.run/tasks/a1716dc6-7454-48ec-8a7c-df26ad15b7f4
Verdict: Malicious activity
Analysis date: October 25, 2023, 07:03:58
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

91D0CE49926F1A8C48DFB53473761591

SHA1:

F2DE7C70D8AECF6D7A9F70B3C63A47A372405BAE

SHA256:

BE3D7FF67699A974A9328DA4D916328C3E57DE497BEBE35105E12CDA0BF6C60E

SSDEEP:

98304:HvmX4ZKnQcKTJx3UZeC7n8251xeFIprDBiQf+6cLs9Qgd:PmX4v7KZveO/dfRcLs9QM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • cgminer-nogpu.exe (PID: 3880)
      • cgminer.exe (PID: 3668)
      • cgminer.exe (PID: 4056)
      • cgminer-nogpu.exe (PID: 3188)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Checks supported languages

      • cgminer-nogpu.exe (PID: 3880)
      • cgminer-nogpu.exe (PID: 3188)

    • Reads the computer name

      • cgminer-nogpu.exe (PID: 3880)
      • cgminer-nogpu.exe (PID: 3188)

    • Loads dropped or rewritten executable

      • cgminer-nogpu.exe (PID: 3880)
      • cgminer-nogpu.exe (PID: 3188)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3628)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

ArchivedFileName: cgminer-3.7.2-windows\api-example.c
PackingMethod: Normal
ModifyDate: 2015:11:04 21:39:48
OperatingSystem: Win32
UncompressedSize: 7505
CompressedSize: 2938
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
44
Monitored processes
5
Malicious processes
1
Suspicious processes
4

Behavior graph

Click at the process to see the details
drop and start drop and start drop and start drop and start start winrar.exe no specs cgminer.exe no specs cgminer-nogpu.exe no specs cgminer.exe no specs cgminer-nogpu.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3188"C:\Users\admin\AppData\Local\Temp\Rar$EXa3628.46291\cgminer-3.7.2-windows\cgminer-nogpu.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3628.46291\cgminer-3.7.2-windows\cgminer-nogpu.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa3628.46291\cgminer-3.7.2-windows\cgminer-nogpu.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3628"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\cgminer-3.7.2-windows.rar"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
3668"C:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44291\cgminer-3.7.2-windows\cgminer.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44291\cgminer-3.7.2-windows\cgminer.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221225781
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa3628.44291\cgminer-3.7.2-windows\cgminer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
3880"C:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44644\cgminer-3.7.2-windows\cgminer-nogpu.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44644\cgminer-3.7.2-windows\cgminer-nogpu.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa3628.44644\cgminer-3.7.2-windows\cgminer-nogpu.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\users\admin\appdata\local\temp\rar$exa3628.44644\cgminer-3.7.2-windows\libeay32.dll
c:\users\admin\appdata\local\temp\rar$exa3628.44644\cgminer-3.7.2-windows\libcurl-4.dll
4056"C:\Users\admin\AppData\Local\Temp\Rar$EXa3628.46025\cgminer-3.7.2-windows\cgminer.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3628.46025\cgminer-3.7.2-windows\cgminer.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221225781
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa3628.46025\cgminer-3.7.2-windows\cgminer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
Total events
1 662
Read events
1 633
Write events
29
Delete events
0

Modification events

(PID) Process:(3628) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3628) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(3628) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3628) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3628) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3628) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3628) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3628) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3628) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3628) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
36
Suspicious files
28
Text files
84
Unknown types
0

Dropped files

PID
Process
Filename
Type
3628WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44291\cgminer-3.7.2-windows\api-example.phptext
MD5:D871CA3EBFEF25DC359E6D1663351BAB
SHA256:1C4BC594D0142A00CD25E83F501B84409761D9214699238EC0A5DB8D60F8A55F
3628WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44291\cgminer-3.7.2-windows\bitstreams\COPYING_fpgaminertext
MD5:16D65CC704BC3E94E828BBA932BDC1F5
SHA256:0C5709EE030856BC5CD188D65B9D6A5EA80095673D8BCDFDCF8F7C14DD4DDD1B
3628WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44291\cgminer-3.7.2-windows\API.classbinary
MD5:64D7FC195B2C89AC9E3B6FF1370831A4
SHA256:EBCEEC62D90957AE2BDA97F2A1D848A429A9F32C44CD491D5437593AE19D7AB0
3628WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44291\cgminer-3.7.2-windows\API-README.txttext
MD5:05150EB357FF1FCB5111D97839736CA6
SHA256:23A7BD559F4D4EFF0A708DE729CCFECBD468B418C2BEA6A85717C8BE6FD88660
3628WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44291\cgminer-3.7.2-windows\ChangeLog.txttext
MD5:FFB3C75D7481330402271CBC43C2061F
SHA256:4E8B9850E53FA1C8CB8CF099AC97E04E24F1C4A8E07C5A809DBBEB83A299AABD
3628WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44291\cgminer-3.7.2-windows\COPYING.txttext
MD5:3C34AFDC3ADF82D2448F12715A255122
SHA256:0B383D5A63DA644F628D99C33976EA6487ED89AAA59F0B3257992DEAC1171E6B
3628WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44291\cgminer-3.7.2-windows\example.confbinary
MD5:D3FCC9D3C0F24952AAC39D8D2890A088
SHA256:88500BD51EC95B5D4A5300292FFEB487CF53ADF990D0E33222AE7CBEC7B3AEB6
3628WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44291\cgminer-3.7.2-windows\cgminer-nogpu.exeexecutable
MD5:542BBD3689E55D9E802FCBC32368896B
SHA256:4A5D4A1D27C50326AAB5738DF3DCC42F21D5738F2BBA33A9841F82038CA43713
3628WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44291\cgminer-3.7.2-windows\diablo130302.cltext
MD5:C4364C3B5D58799F6C12A3FC01B0BE01
SHA256:0B014F0CA49CA92E3C4BD6FFF0D718FDB5A96F7699AA4DD1C67F09D562221FDA
3628WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44291\cgminer-3.7.2-windows\FPGA-README.txttext
MD5:1866F128ABB385FD409C1528B689A3FD
SHA256:677520158FDFD6B21A3987E52E6B07EA2CFBFC65FFF41F94005988E0F6EC264A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2656
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
cgminer-3.7.2-windows.rar