analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Junit.zip

Full analysis: https://app.any.run/tasks/756f7a8c-5d19-48d3-8be9-62bebdd57aa7
Verdict: Malicious activity
Analysis date: December 06, 2019, 16:00:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

B9EA34681E1825F19723B90EF6D3053B

SHA1:

B380911DEAE942407FBD41BFDC5C931794455900

SHA256:

CEA903FBD465CEB16CF743A424594DFA64595FFD14D86D2077FFD58AEDED0BFD

SSDEEP:

49152:V8z2EGFoSXAO16WAddDMI7xCTljQ6B1HD5L2N7OlnN5oAEjsHst:VCGL1d/Q095CFOlnN5w

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Uses RUNDLL32.EXE to load library

      • WinRAR.exe (PID: 992)

    • Starts CMD.EXE for commands execution

      • WinRAR.exe (PID: 992)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (36.3)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2019:10:22 00:38:29
ZipCRC: 0x1f866908
ZipCompressedSize: 2244
ZipUncompressedSize: 6259
ZipFileName: Junit/build.gradle.kts
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
44
Monitored processes
8
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs cmd.exe no specs java.exe no specs java.exe no specs rundll32.exe no specs rundll32.exe no specs rundll32.exe no specs rundll32.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
992"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Junit.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.60.0
2200cmd /c ""C:\Users\admin\AppData\Local\Temp\Rar$DIa992.9456\gradlew.bat" "C:\Windows\system32\cmd.exeWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
1
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
2944java.exe -version C:\ProgramData\Oracle\Java\javapath\java.execmd.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
0
Version:
8.0.920.14
2376"java.exe" "-Xmx64m" "-Xms64m" "-Dorg.gradle.appname=gradlew" -classpath "C:\Users\admin\AppData\Local\Temp\Rar$DIa992.9456\\gradle\wrapper\gradle-wrapper.jar" org.gradle.wrapper.GradleWrapperMain C:\ProgramData\Oracle\Java\javapath\java.execmd.exe
User:
admin
Company:
Oracle Corporation
Integrity Level:
MEDIUM
Description:
Java(TM) Platform SE binary
Exit code:
1
Version:
8.0.920.14
2472"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\AppData\Local\Temp\Rar$DIa992.13940\AssertAll.javaC:\Windows\system32\rundll32.exeWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
2544"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\AppData\Local\Temp\Rar$DIa992.14037\AssertFalse.javaC:\Windows\system32\rundll32.exeWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
3960"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\AppData\Local\Temp\Rar$DIa992.14190\AssertionUtils.javaC:\Windows\system32\rundll32.exeWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
892"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\AppData\Local\Temp\Rar$DIa992.14307\AssertArrayEquals.javaC:\Windows\system32\rundll32.exeWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Total events
517
Read events
480
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
7
Unknown types
0

Dropped files

PID
Process
Filename
Type
2944java.exeC:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamptext
MD5:976E648E28516B7D68606A6E47B4CF31
SHA256:54CB515B2394B7DBAC09A7EFC8766FE4A8D7521410D89C0804A7DA6B6E3C95AC
992WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa992.9456\gradlew.battext
MD5:EBBD0EECBF8C36AE45F0707B19247C7B
SHA256:87268485AC5C93F230997F2715A9831DCAAFB3A631C7A1646DCA2AFC2DBDA7F2
992WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa992.14037\AssertFalse.javatext
MD5:F7634E57E93E7784492485917A0FCE80
SHA256:9231244E4669DC0D14BA3DD7E8BDCD68509B198DBAD33827E87CE8BA2FCA24B0
992WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa992.14190\AssertionUtils.javatext
MD5:CCC84DCB33DB90C4AEAAE36515208B00
SHA256:76222871286E96C1AEE6406C5BC5BDF12878F2B44428A077543D57F619ECDDC1
992WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa992.14307\AssertArrayEquals.javatext
MD5:C9A8E70B07DE0A0F70126C49B554A492
SHA256:62E7D08C2C12C421E8B98603FD5206BC14BDB09FAB45018E0D557793FC76EC50
2376java.exeC:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamptext
MD5:976E648E28516B7D68606A6E47B4CF31
SHA256:54CB515B2394B7DBAC09A7EFC8766FE4A8D7521410D89C0804A7DA6B6E3C95AC
992WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa992.13940\AssertAll.javatext
MD5:0DEF4951ED2F2B504A6BC3F84F881EE0
SHA256:52E0922B86224D79F958D531ADF45B56D8634477A686EC9981C63008DEE5271C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Junit.zip