download:

/files/file/1/download/alcor-u2-mp-v19041500-b16a-b17a_d08/

Full analysis: https://app.any.run/tasks/b777561b-10a2-4665-9c3a-60ecbd857496
Verdict: Malicious activity
Analysis date: January 25, 2025, 23:50:45
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
arch-exec
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

B6757AE95EA06BD563A27F4AABAD26DF

SHA1:

4624B8652E8D40420953A614CCC943A26622991F

SHA256:

C9FF8EB52F005AEF6E89BDFF493ACF3EA0AC2984AD51794BB29C8B660754E625

SSDEEP:

98304:CPdR5jtMEMO60fuK0nLPF/UI7zntkFlcTBrpdy6XnMQMranc1E/X+91vp98GF+Ss:aCFw0tp9QtWNh

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Generic archive extractor

      • WinRAR.exe (PID: 1560)

  • SUSPICIOUS

    • Drops a system driver (possible attempt to evade defenses)

      • WinRAR.exe (PID: 1560)

    • Reads security settings of Internet Explorer

      • WinRAR.exe (PID: 1560)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1560)

    • The sample compiled with english language support

      • WinRAR.exe (PID: 1560)

    • The sample compiled with chinese language support

      • WinRAR.exe (PID: 1560)

    • Checks supported languages

      • AutoMP.exe (PID: 1984)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)

EXIF

ZIP

FileVersion: 7z v0.04
ModifyDate: 2020:05:02 13:47:29+00:00
ArchivedFileName: ALCOR U2 MP v19.04.15.00 B16A B17A
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe automp.exe no specs alcormp.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
848"C:\Users\admin\AppData\Local\Temp\Rar$EXa1560.38155\ALCOR U2 MP v19.04.15.00 B16A B17A\\AlcorMP.exe" -AT:0005016EC:\Users\admin\AppData\Local\Temp\Rar$EXa1560.38155\ALCOR U2 MP v19.04.15.00 B16A B17A\AlcorMP.exeAutoMP.exe
User:
admin
Integrity Level:
MEDIUM
Description:
MP
Exit code:
3221226540
Version:
3, 1, 1, 33
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa1560.38155\alcor u2 mp v19.04.15.00 b16a b17a\alcormp.exe
c:\windows\system32\ntdll.dll
1560"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\alcor-u2-mp-v19041500-b16a-b17a_d08.7zC:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1984"C:\Users\admin\AppData\Local\Temp\Rar$EXa1560.38155\ALCOR U2 MP v19.04.15.00 B16A B17A\AutoMP.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa1560.38155\ALCOR U2 MP v19.04.15.00 B16A B17A\AutoMP.exeWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
AutoMP Microsoft 基础类应用程序
Exit code:
2
Version:
1, 0, 0, 1
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa1560.38155\alcor u2 mp v19.04.15.00 b16a b17a\automp.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mfc42.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
3 553
Read events
3 534
Write events
19
Delete events
0

Modification events

(PID) Process:(1560) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(1560) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(1560) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1560) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(1560) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(1560) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\omni_23_10_2024_.zip
(PID) Process:(1560) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\alcor-u2-mp-v19041500-b16a-b17a_d08.7z
(PID) Process:(1560) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1560) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1560) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
60
Suspicious files
22
Text files
534
Unknown types
0

Dropped files

PID
Process
Filename
Type
1560WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1560.38155\ALCOR U2 MP v19.04.15.00 B16A B17A\DRIVERS\LoadDrv.initext
MD5:95504E1F50EBAE8191F368B59C4EA6B2
SHA256:211C5431B56290B0317814F41B38105CBA04FAFB92705FD9AAD565B6B74CFBC9
1560WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1560.38155\ALCOR U2 MP v19.04.15.00 B16A B17A\AU698X MP user's manual_Chinese.pdfpdf
MD5:2E0E8192CBD52D9D1E369D2C2555A127
SHA256:BC5943224F643234924B3D83F71C98FC3CEA43B8EA5CD1EB99DD46EF78BAE37A
1560WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1560.38155\ALCOR U2 MP v19.04.15.00 B16A B17A\AlcorMP.initext
MD5:D5F6BC4865E865E788F5B6CCBBB55F39
SHA256:0D9E4AB9514CA51925E3AF30C41661A34E0E7E90088280E6F36A1AD764C11A79
1560WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1560.38155\ALCOR U2 MP v19.04.15.00 B16A B17A\AUTORUN\9384.imgbinary
MD5:08F9BCB981C3018B18AC8D7DFF51D822
SHA256:7239FF04D41997F048CB6C9B42D2DEAC2D2B7AFCD7296B180AEB4B63C25D9ABB
1560WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1560.38155\ALCOR U2 MP v19.04.15.00 B16A B17A\DRIVERS\BackMp.catbinary
MD5:0AE58B2F6F109240B81E626CD0E5C137
SHA256:79BB3DB8720E5B60D20581897377569316C479493E8777A09B1F2054B89E1CFF
1560WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1560.38155\ALCOR U2 MP v19.04.15.00 B16A B17A\HtmlFile.dattext
MD5:AA27D3760D65DAF85DA6B95B62701C4D
SHA256:F70DF5C163F78FABC63699AD1161C888FFCA28D84193B08E2F4B52790A1DC963
1560WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1560.38155\ALCOR U2 MP v19.04.15.00 B16A B17A\FlashList.inibinary
MD5:9A5216A5137FAC86BE192387A36410C4
SHA256:C29A8AC2F950918B45715CDD90B94830EBDA0FE002B81A1809ABE7DA5840FA10
1560WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1560.38155\ALCOR U2 MP v19.04.15.00 B16A B17A\FlashList.dattext
MD5:D211356E46C4B16FC7DC97F4DB38ABF3
SHA256:56C0C0B4B4C91E0232C71C1D4321159784F416F0A2F78FCA6FC9A053A36CD112
1560WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1560.38155\ALCOR U2 MP v19.04.15.00 B16A B17A\Templet.xltdocument
MD5:50DC89B5D1BF8924361D6510FE25025F
SHA256:72A001DFA02DEE4A18C574F9722EF6C199E8B0A3A4414B45D3762AEDE1F3593C
1560WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1560.38155\ALCOR U2 MP v19.04.15.00 B16A B17A\AlcorMP.cfgtext
MD5:F4BA0B8C9057DE6C9E07AD45B03FCB9B
SHA256:374403C7A14667DD4321D58AED8B32102C84074ADEEB6943F385733C1F2CDE6D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
whitelisted
1108
svchost.exe
224.0.0.252:5355
whitelisted

DNS requests

Domain
IP
Reputation
google.com
  • 216.58.206.78
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/files/file/1/download/alcor-u2-mp-v19041500-b16a-b17a_d08/