analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

新建文本文档.7z

Full analysis: https://app.any.run/tasks/3507cc22-87cc-4cd9-934c-c07cffc420e6
Verdict: Malicious activity
Analysis date: July 18, 2019, 09:14:43
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

75F0F5585F56A49C5CB0B644BBF62A9B

SHA1:

7519A6373109F81D441E8128C940B46C3057961E

SHA256:

C5BE196C4E20675BEC3B79A23B52B52D065C915052B8A929129F953BA4FC24B5

SSDEEP:

96:bGD5/bNfNfuTj+VcZyNdznBfG5GF2pO6nMDJ29:yt/bNFyTkdzBfOg2ig

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • WScript.exe (PID: 2284)

    • Changes appearance of the explorer extensions

      • WScript.exe (PID: 2284)

  • SUSPICIOUS

    • Modifies the open verb of a shell class

      • WScript.exe (PID: 2284)

  • INFO

    • Manual execution by user

      • WScript.exe (PID: 2284)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs wscript.exe

Process information

PID
CMD
Path
Indicators
Parent process
2844"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\新建文本文档.7z"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
2284"C:\Windows\System32\WScript.exe" "C:\Users\admin\Desktop\新建文本文档.vbs" C:\Windows\System32\WScript.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Version:
5.8.7600.16385
Total events
1 386
Read events
459
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
2844WinRAR.exeC:\Users\admin\Desktop\新建文本文档.vbstext
MD5:8DDA45E550277D5C6670F8B146701457
SHA256:FF208AD4CC99E913D09632D50E2D57ED0723B8289F3CEB036E1ADE6A2C1DFCFB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
新建文本文档.7z