File name:

MrsMajor-1.0-master.zip

Full analysis: https://app.any.run/tasks/df9b8a80-6e00-4648-85cd-0c8d8ee70f2b
Verdict: Malicious activity
Analysis date: May 31, 2021, 18:52:50
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract
MD5:

AD17AC5F0C0F18B221C5A0EE5FBD5484

SHA1:

CC3E14ED0F6D3EFCF7543F5E9D4EB23A003CD251

SHA256:

CF1E524FE49A8870CAC9FB0E18F718A9D8C471F49DA9290F612962F1C54FAE6B

SSDEEP:

49152:+/Zell/uCmVtj7CMlozsfcjvvRDA/l0mIS0blIdALI8dxy:+/Z8/ROtSmgIGvCmmJ0blIdALIp

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • MrsMjrGui.exe (PID: 3188)

  • SUSPICIOUS

    • Reads the computer name

      • WinRAR.exe (PID: 2744)
      • MrsMjrGui.exe (PID: 3188)

    • Checks supported languages

      • WinRAR.exe (PID: 2744)
      • MrsMjrGui.exe (PID: 3188)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2744)

    • Drops a file that was compiled in debug mode

      • WinRAR.exe (PID: 2744)

  • INFO

    • Manual execution by user

      • MrsMjrGui.exe (PID: 3188)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: MrsMajor-1.0-master/
ZipUncompressedSize: -
ZipCompressedSize: -
ZipCRC: 0x00000000
ZipModifyDate: 2020:06:25 08:46:05
ZipCompression: None
ZipBitFlag: -
ZipRequiredVersion: 10
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe mrsmjrgui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2744"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\MrsMajor-1.0-master.zip"C:\Program Files\WinRAR\WinRAR.exe
Explorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3188"C:\Users\admin\Desktop\MrsMajor 1.0\MrsMjrGui.exe" C:\Users\admin\Desktop\MrsMajor 1.0\MrsMjrGui.exeExplorer.EXE
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\mrsmajor 1.0\mrsmjrgui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
1 021
Read events
998
Write events
23
Delete events
0

Modification events

(PID) Process:(2744) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2744) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2744) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2744) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(2744) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\MrsMajor-1.0-master.zip
(PID) Process:(2744) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2744) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2744) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2744) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2744) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath
Operation:writeName:0
Value:
C:\Users\admin\Desktop
Executable files
1
Suspicious files
0
Text files
12
Unknown types
2

Dropped files

PID
Process
Filename
Type
2744WinRAR.exeC:\Users\admin\Desktop\MrsMajor-1.0-master\MrsMajor 1.0\DreS_X.battext
MD5:BA81D7FA0662E8EE3780C5BECC355A14
SHA256:2590879A8CD745DBBE7AD66A548F31375CCFB0F8090D56B5E4BD5909573AC816
2744WinRAR.exeC:\Users\admin\Desktop\MrsMajor-1.0-master\MrsMajor 1.0\Icon_resource\SkullIco.icoimage
MD5:C7BF05D7CB3535F7485606CF5B5987FE
SHA256:4C1CFBE274F993941AC5FA512C376B6D7344800FB8BE08CC6344E6C16A418311
2744WinRAR.exeC:\Users\admin\Desktop\MrsMajor-1.0-master\README.mdtext
MD5:
SHA256:
2744WinRAR.exeC:\Users\admin\Desktop\MrsMajor-1.0-master\MrsMajor 1.0\MrsMjrGuiLauncher.battext
MD5:C7146F88F4184C6EE5DCF7A62846AA23
SHA256:47E6C9F62FFC41FBC555F8644AD099A96573C8C023797127F78B1A952CA1B963
2744WinRAR.exeC:\Users\admin\Desktop\MrsMajor-1.0-master\MrsMajor 1.0\CPUUsage.vbstext
MD5:0E4C01BF30B13C953F8F76DB4A7E857D
SHA256:28E69E90466034CE392E84DB2BDE3AD43AD556D12609E3860F92016641B2A738
2744WinRAR.exeC:\Users\admin\Desktop\MrsMajor-1.0-master\MrsMajor 1.0\default.vbstext
MD5:30CFD8BB946A7E889090FB148EA6F501
SHA256:E1EBBD3ABFCADDF7D6960708F3CCD8EDA64C944723F0905FF76551C692B94210
2744WinRAR.exeC:\Users\admin\Desktop\MrsMajor-1.0-master\MrsMajor 1.0\def_resource\creepysound.mp3mov
MD5:4A9B1D8A8FE8A75C81DDBA3E411DDC5D
SHA256:79E9A3611494B5FFAFAA79788BA7E11DD218E3800C40B56684CCC0C33AB64EAC
2744WinRAR.exeC:\Users\admin\Desktop\MrsMajor-1.0-master\MrsMajor 1.0\mrsmajorlauncher.vbstext
MD5:E3FDF285B14FB588F674EBFC2134200C
SHA256:4D3AA3ECD16A6BA46A9D6C0BDACDCD9DCE70D93585941A94E544696E3E6F7D92
2744WinRAR.exeC:\Users\admin\Desktop\MrsMajor-1.0-master\MrsMajor 1.0\reStart.vbstext
MD5:0851E8D791F618DAA5B72D40E0C8E32B
SHA256:2CBD8BC239C5CFC3EF02F8472D867DFF61E5AED9FDE8A3823CDA28CC37D77722
2744WinRAR.exeC:\Users\admin\Desktop\MrsMajor-1.0-master\MrsMajor 1.0\Launcher.vbstext
MD5:B5A1C9AE4C2AE863AC3F6A019F556A22
SHA256:6F0BB8CC239AF15C9215867D6225C8FF344052AAA0DEEB3452DBF463B8C46529
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
MrsMajor-1.0-master.zip