File name:

MrsMajor-1.0-master.zip

Full analysis: https://app.any.run/tasks/df9b8a80-6e00-4648-85cd-0c8d8ee70f2b
Verdict: Malicious activity
Analysis date: May 31, 2021, 18:52:50
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract
MD5:

AD17AC5F0C0F18B221C5A0EE5FBD5484

SHA1:

CC3E14ED0F6D3EFCF7543F5E9D4EB23A003CD251

SHA256:

CF1E524FE49A8870CAC9FB0E18F718A9D8C471F49DA9290F612962F1C54FAE6B

SSDEEP:

49152:+/Zell/uCmVtj7CMlozsfcjvvRDA/l0mIS0blIdALI8dxy:+/Z8/ROtSmgIGvCmmJ0blIdALIp

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • MrsMjrGui.exe (PID: 3188)

  • SUSPICIOUS

    • Checks supported languages

      • WinRAR.exe (PID: 2744)
      • MrsMjrGui.exe (PID: 3188)

    • Reads the computer name

      • WinRAR.exe (PID: 2744)
      • MrsMjrGui.exe (PID: 3188)

    • Drops a file that was compiled in debug mode

      • WinRAR.exe (PID: 2744)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2744)

  • INFO

    • Manual execution by user

      • MrsMjrGui.exe (PID: 3188)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: MrsMajor-1.0-master/
ZipUncompressedSize: -
ZipCompressedSize: -
ZipCRC: 0x00000000
ZipModifyDate: 2020:06:25 08:46:05
ZipCompression: None
ZipBitFlag: -
ZipRequiredVersion: 10
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe mrsmjrgui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2744"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\MrsMajor-1.0-master.zip"C:\Program Files\WinRAR\WinRAR.exe
Explorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3188"C:\Users\admin\Desktop\MrsMajor 1.0\MrsMjrGui.exe" C:\Users\admin\Desktop\MrsMajor 1.0\MrsMjrGui.exeExplorer.EXE
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\mrsmajor 1.0\mrsmjrgui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
1 021
Read events
998
Write events
23
Delete events
0

Modification events

(PID) Process:(2744) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2744) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2744) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2744) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(2744) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\MrsMajor-1.0-master.zip
(PID) Process:(2744) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2744) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2744) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2744) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2744) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath
Operation:writeName:0
Value:
C:\Users\admin\Desktop
Executable files
1
Suspicious files
0
Text files
12
Unknown types
2

Dropped files

PID
Process
Filename
Type
2744WinRAR.exeC:\Users\admin\Desktop\MrsMajor-1.0-master\README.mdtext
MD5:
SHA256:
2744WinRAR.exeC:\Users\admin\Desktop\MrsMajor-1.0-master\MrsMajor 1.0\Icon_resource\SkullIco.icoimage
MD5:C7BF05D7CB3535F7485606CF5B5987FE
SHA256:4C1CFBE274F993941AC5FA512C376B6D7344800FB8BE08CC6344E6C16A418311
2744WinRAR.exeC:\Users\admin\Desktop\MrsMajor-1.0-master\MrsMajor 1.0\def_resource\@Tile@@.jpgimage
MD5:3E21BCF0D1E7F39D8B8EC2C940489CA2
SHA256:064F135FCC026A574552F42901B51052345F4B0F122EDD7ACD5F2DCC023160A5
2744WinRAR.exeC:\Users\admin\Desktop\MrsMajor-1.0-master\MrsMajor 1.0\CPUUsage.vbstext
MD5:0E4C01BF30B13C953F8F76DB4A7E857D
SHA256:28E69E90466034CE392E84DB2BDE3AD43AD556D12609E3860F92016641B2A738
2744WinRAR.exeC:\Users\admin\Desktop\MrsMajor-1.0-master\MrsMajor 1.0\MrsMjrGuiLauncher.battext
MD5:C7146F88F4184C6EE5DCF7A62846AA23
SHA256:47E6C9F62FFC41FBC555F8644AD099A96573C8C023797127F78B1A952CA1B963
2744WinRAR.exeC:\Users\admin\Desktop\MrsMajor-1.0-master\MrsMajor 1.0\MrsMjrGui.exeexecutable
MD5:450F49426B4519ECAAC8CD04814C03A4
SHA256:087FCA40E079746B9C1DFAF777D3994C0321EA8F69D08238CDFC02FB109ADD1D
2744WinRAR.exeC:\Users\admin\Desktop\MrsMajor-1.0-master\MrsMajor 1.0\Launcher.vbstext
MD5:B5A1C9AE4C2AE863AC3F6A019F556A22
SHA256:6F0BB8CC239AF15C9215867D6225C8FF344052AAA0DEEB3452DBF463B8C46529
2744WinRAR.exeC:\Users\admin\Desktop\MrsMajor-1.0-master\MrsMajor 1.0\def_resource\Skullcur.curimage
MD5:CEA57C3A54A04118F1DB9DB8B38EA17A
SHA256:D2B6DB8B28112DA51E34972DEC513278A56783D24B8B5408F11997E9E67D422B
2744WinRAR.exeC:\Users\admin\Desktop\MrsMajor-1.0-master\MrsMajor 1.0\DreS_X.battext
MD5:BA81D7FA0662E8EE3780C5BECC355A14
SHA256:2590879A8CD745DBBE7AD66A548F31375CCFB0F8090D56B5E4BD5909573AC816
2744WinRAR.exeC:\Users\admin\Desktop\MrsMajor-1.0-master\MrsMajor 1.0\def_resource\creepysound.mp3mov
MD5:4A9B1D8A8FE8A75C81DDBA3E411DDC5D
SHA256:79E9A3611494B5FFAFAA79788BA7E11DD218E3800C40B56684CCC0C33AB64EAC
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
MrsMajor-1.0-master.zip