File name:

cgminer-3.7.2-windows.rar

Full analysis: https://app.any.run/tasks/a1716dc6-7454-48ec-8a7c-df26ad15b7f4
Verdict: Malicious activity
Analysis date: October 25, 2023, 07:03:58
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

91D0CE49926F1A8C48DFB53473761591

SHA1:

F2DE7C70D8AECF6D7A9F70B3C63A47A372405BAE

SHA256:

BE3D7FF67699A974A9328DA4D916328C3E57DE497BEBE35105E12CDA0BF6C60E

SSDEEP:

98304:HvmX4ZKnQcKTJx3UZeC7n8251xeFIprDBiQf+6cLs9Qgd:PmX4v7KZveO/dfRcLs9QM

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • cgminer.exe (PID: 4056)
      • cgminer-nogpu.exe (PID: 3188)
      • cgminer.exe (PID: 3668)
      • cgminer-nogpu.exe (PID: 3880)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • Checks supported languages

      • cgminer-nogpu.exe (PID: 3880)
      • cgminer-nogpu.exe (PID: 3188)

    • Reads the computer name

      • cgminer-nogpu.exe (PID: 3880)
      • cgminer-nogpu.exe (PID: 3188)

    • Loads dropped or rewritten executable

      • cgminer-nogpu.exe (PID: 3188)
      • cgminer-nogpu.exe (PID: 3880)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3628)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

ArchivedFileName: cgminer-3.7.2-windows\api-example.c
PackingMethod: Normal
ModifyDate: 2015:11:04 21:39:48
OperatingSystem: Win32
UncompressedSize: 7505
CompressedSize: 2938
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
44
Monitored processes
5
Malicious processes
1
Suspicious processes
4

Behavior graph

Click at the process to see the details
drop and start drop and start drop and start drop and start start winrar.exe no specs cgminer.exe no specs cgminer-nogpu.exe no specs cgminer.exe no specs cgminer-nogpu.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3188"C:\Users\admin\AppData\Local\Temp\Rar$EXa3628.46291\cgminer-3.7.2-windows\cgminer-nogpu.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3628.46291\cgminer-3.7.2-windows\cgminer-nogpu.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa3628.46291\cgminer-3.7.2-windows\cgminer-nogpu.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
3628"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\cgminer-3.7.2-windows.rar"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
3668"C:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44291\cgminer-3.7.2-windows\cgminer.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44291\cgminer-3.7.2-windows\cgminer.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221225781
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa3628.44291\cgminer-3.7.2-windows\cgminer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
3880"C:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44644\cgminer-3.7.2-windows\cgminer-nogpu.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44644\cgminer-3.7.2-windows\cgminer-nogpu.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa3628.44644\cgminer-3.7.2-windows\cgminer-nogpu.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\users\admin\appdata\local\temp\rar$exa3628.44644\cgminer-3.7.2-windows\libeay32.dll
c:\users\admin\appdata\local\temp\rar$exa3628.44644\cgminer-3.7.2-windows\libcurl-4.dll
4056"C:\Users\admin\AppData\Local\Temp\Rar$EXa3628.46025\cgminer-3.7.2-windows\cgminer.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3628.46025\cgminer-3.7.2-windows\cgminer.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221225781
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa3628.46025\cgminer-3.7.2-windows\cgminer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
Total events
1 662
Read events
1 633
Write events
29
Delete events
0

Modification events

(PID) Process:(3628) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3628) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(3628) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3628) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3628) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3628) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3628) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3628) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3628) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3628) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
36
Suspicious files
28
Text files
84
Unknown types
0

Dropped files

PID
Process
Filename
Type
3628WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44291\cgminer-3.7.2-windows\api-example.phptext
MD5:D871CA3EBFEF25DC359E6D1663351BAB
SHA256:1C4BC594D0142A00CD25E83F501B84409761D9214699238EC0A5DB8D60F8A55F
3628WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44291\cgminer-3.7.2-windows\API-README.txttext
MD5:05150EB357FF1FCB5111D97839736CA6
SHA256:23A7BD559F4D4EFF0A708DE729CCFECBD468B418C2BEA6A85717C8BE6FD88660
3628WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44291\cgminer-3.7.2-windows\api-example.pytext
MD5:BB24D7EFED668481296A45703E1F22CB
SHA256:EF0659D58FFFD91DE0D861171DDA60F5716E57F01E32C5F1D553F188A557D2EE
3628WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44291\cgminer-3.7.2-windows\API.classbinary
MD5:64D7FC195B2C89AC9E3B6FF1370831A4
SHA256:EBCEEC62D90957AE2BDA97F2A1D848A429A9F32C44CD491D5437593AE19D7AB0
3628WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44291\cgminer-3.7.2-windows\api-example.ctext
MD5:05DF3E115F5E60BBC3BE66F9F7CA6419
SHA256:2960E2A4246639AE06A35DA4B76F76706B0E56B0230AB80076610BADD2C3EB9A
3628WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44291\cgminer-3.7.2-windows\ASIC-README.txttext
MD5:A3569B76F5D58216848F339AA20141B1
SHA256:E79DCA673FF10942EC149B570B4842E41FBA2939519D331AEFC2633AF046DB3F
3628WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44291\cgminer-3.7.2-windows\cgminer-nogpu.exeexecutable
MD5:542BBD3689E55D9E802FCBC32368896B
SHA256:4A5D4A1D27C50326AAB5738DF3DCC42F21D5738F2BBA33A9841F82038CA43713
3628WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44291\cgminer-3.7.2-windows\bitstreams\COPYING_fpgaminertext
MD5:16D65CC704BC3E94E828BBA932BDC1F5
SHA256:0C5709EE030856BC5CD188D65B9D6A5EA80095673D8BCDFDCF8F7C14DD4DDD1B
3628WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44291\cgminer-3.7.2-windows\bitstreams\fpgaminer_top_fixed7_197MHz.ncdbinary
MD5:7C277A4CD37C476DCB2D18E63DF853A4
SHA256:30C6C2562B921DC6604B54A4AEA5E17D3985FB33A2D63BBE0F690FA29710A6F0
3628WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3628.44291\cgminer-3.7.2-windows\ChangeLog.txttext
MD5:FFB3C75D7481330402271CBC43C2061F
SHA256:4E8B9850E53FA1C8CB8CF099AC97E04E24F1C4A8E07C5A809DBBEB83A299AABD
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2656
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
cgminer-3.7.2-windows.rar