analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Fluxus.zip

Full analysis: https://app.any.run/tasks/11545a2b-ab36-47a9-a20a-2ce30229adfd
Verdict: Malicious activity
Analysis date: May 21, 2022, 10:41:37
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract
MD5:

D4858578C1C9BA11EB3826DB0565FA28

SHA1:

3FBFF4B587CA9E7DFE501BCFDDF81C5280D7A069

SHA256:

C4509F2215ADA6B565F31396DB54CF58A28373D850357C81638A3CF414A3EB12

SSDEEP:

49152:/wRqkuGNovkR2Bc0m4h56cfWazoJ6ARRQarQbK2wP+Vl:ayGNFkB/NfD8QAXbrQbK2Dn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops executable file immediately after starts

      • WinRAR.exe (PID: 1000)

    • Application was dropped or rewritten from another process

      • Fluxus V7.exe (PID: 3744)
      • Fluxus V7.exe (PID: 2348)
      • Fluxus V7.exe (PID: 2116)
      • Fluxus V7.exe (PID: 3856)

  • SUSPICIOUS

    • Checks supported languages

      • WinRAR.exe (PID: 1000)
      • Fluxus V7.exe (PID: 2348)
      • Fluxus V7.exe (PID: 2116)

    • Reads the computer name

      • WinRAR.exe (PID: 1000)
      • Fluxus V7.exe (PID: 2348)
      • Fluxus V7.exe (PID: 2116)

    • Drops a file with a compile date too recent

      • WinRAR.exe (PID: 1000)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1000)

    • Reads Environment values

      • Fluxus V7.exe (PID: 2348)
      • Fluxus V7.exe (PID: 2116)

    • Creates a directory in Program Files

      • Fluxus V7.exe (PID: 2348)

  • INFO

    • Manual execution by user

      • Fluxus V7.exe (PID: 3744)
      • Fluxus V7.exe (PID: 2348)
      • Fluxus V7.exe (PID: 3856)
      • Fluxus V7.exe (PID: 2116)

    • Reads the computer name

      • WISPTIS.EXE (PID: 3360)
      • WISPTIS.EXE (PID: 3360)

    • Checks supported languages

      • WISPTIS.EXE (PID: 3360)
      • WISPTIS.EXE (PID: 3360)

    • Reads settings of System Certificates

      • Fluxus V7.exe (PID: 2348)

    • Checks Windows Trust Settings

      • Fluxus V7.exe (PID: 2348)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: Fluxus/
ZipUncompressedSize: -
ZipCompressedSize: -
ZipCRC: 0x00000000
ZipModifyDate: 2022:04:10 18:36:08
ZipCompression: None
ZipBitFlag: -
ZipRequiredVersion: 10
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
53
Monitored processes
9
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe fluxus v7.exe no specs fluxus v7.exe wisptis.exe no specs wisptis.exe no specs fluxus v7.exe no specs fluxus v7.exe wisptis.exe no specs wisptis.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1000"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Fluxus.zip"C:\Program Files\WinRAR\WinRAR.exe
Explorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
3744"C:\Users\admin\Desktop\New folder\Fluxus V7.exe" C:\Users\admin\Desktop\New folder\Fluxus V7.exeExplorer.EXE
User:
admin
Company:
Fluxteam
Integrity Level:
MEDIUM
Description:
Fluxus
Exit code:
3221226540
Version:
1.0.0.0
2348"C:\Users\admin\Desktop\New folder\Fluxus V7.exe" C:\Users\admin\Desktop\New folder\Fluxus V7.exe
Explorer.EXE
User:
admin
Company:
Fluxteam
Integrity Level:
HIGH
Description:
Fluxus
Exit code:
4294967295
Version:
1.0.0.0
1804"C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch;C:\Windows\SYSTEM32\WISPTIS.EXEFluxus V7.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Pen and Touch Input Component
Exit code:
3221226540
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
3360"C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch;C:\Windows\SYSTEM32\WISPTIS.EXEFluxus V7.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Pen and Touch Input Component
Exit code:
24
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
3856"C:\Users\admin\Desktop\New folder\Fluxus V7.exe" C:\Users\admin\Desktop\New folder\Fluxus V7.exeExplorer.EXE
User:
admin
Company:
Fluxteam
Integrity Level:
MEDIUM
Description:
Fluxus
Exit code:
3221226540
Version:
1.0.0.0
2116"C:\Users\admin\Desktop\New folder\Fluxus V7.exe" C:\Users\admin\Desktop\New folder\Fluxus V7.exe
Explorer.EXE
User:
admin
Company:
Fluxteam
Integrity Level:
HIGH
Description:
Fluxus
Version:
1.0.0.0
3372"C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch;C:\Windows\SYSTEM32\WISPTIS.EXEFluxus V7.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Pen and Touch Input Component
Exit code:
3221226540
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
3360"C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch;C:\Windows\SYSTEM32\WISPTIS.EXEFluxus V7.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Pen and Touch Input Component
Exit code:
24
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Total events
10 027
Read events
9 902
Write events
0
Delete events
0

Modification events

No data
Executable files
1
Suspicious files
3
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
1000WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1000.37562\Fluxus\Fluxus V7.exeexecutable
MD5:BA0DCC1BA9DC8859C158ED18832E4D88
SHA256:05AAB9A378FF04E4216402DF67BD64FB3C5ED553156EBE3F7187D9CC8032248E
2348Fluxus V7.exeC:\Users\admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCachebinary
MD5:D371C9688BD41AB45C86183AF86658C0
SHA256:B2F8C08A0B3A6F459392E9F67EACEB781C80F551EE3CB953AC8A6F6987962284
2348Fluxus V7.exeC:\Users\admin\AppData\Local\Temp\302h4lr0.lwv.psm1binary
MD5:C4CA4238A0B923820DCC509A6F75849B
SHA256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
2348Fluxus V7.exeC:\Users\admin\AppData\Local\Temp\pwwllcks.a0n.ps1binary
MD5:C4CA4238A0B923820DCC509A6F75849B
SHA256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Fluxus.zip