File name:

System Destroyer Virus.zip

Full analysis: https://app.any.run/tasks/dd43a469-ddb4-4c80-92c4-26def6c349ad
Verdict: Malicious activity
Analysis date: March 17, 2024, 20:06:41
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract, compression method=deflate
MD5:

922339F35F039C3C267C15084171F998

SHA1:

67C0D90CBE1E2E403F7D912218E5624F63D241D0

SHA256:

D16C355CC672E2CE6514FB2D6A5EA4E85458ED38578FFAA691E091F2C51E9638

SSDEEP:

98304:O6eDDY4ORgLQLtD5aSmkRdc6597EnLrIC7UK11ydFLapZsLSFN/3UziDnzXTa24M:7JNEh

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 1692)

    • Changes the autorun value in the registry

      • reg.exe (PID: 2632)

    • Creates a writable file in the system directory

      • cmd.exe (PID: 3984)

  • SUSPICIOUS

    • Reads the BIOS version

      • System Destroyer Virus.exe (PID: 748)

    • Uses REG/REGEDIT.EXE to modify registry

      • cmd.exe (PID: 3984)

    • Uses ATTRIB.EXE to modify file attributes

      • cmd.exe (PID: 3984)

    • Creates file in the systems drive root

      • cmd.exe (PID: 3984)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1692)

    • Checks supported languages

      • System Destroyer Virus.exe (PID: 748)

    • Manual execution by a user

      • System Destroyer Virus.exe (PID: 748)
      • System Destroyer Virus.exe (PID: 1824)
      • cmd.exe (PID: 3984)

    • Process checks whether UAC notifications are on

      • System Destroyer Virus.exe (PID: 748)

    • Reads the computer name

      • System Destroyer Virus.exe (PID: 748)

    • Reads the machine GUID from the registry

      • System Destroyer Virus.exe (PID: 748)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2023:10:13 03:07:56
ZipCRC: 0x1b37bcc6
ZipCompressedSize: 2409970
ZipUncompressedSize: 2439680
ZipFileName: System Destroyer Virus.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
53
Monitored processes
6
Malicious processes
0
Suspicious processes
3

Behavior graph

Click at the process to see the details
start winrar.exe system destroyer virus.exe no specs system destroyer virus.exe cmd.exe attrib.exe no specs reg.exe

Process information

PID
CMD
Path
Indicators
Parent process
748"C:\Users\admin\Desktop\System Destroyer Virus.exe" C:\Users\admin\Desktop\System Destroyer Virus.exe
explorer.exe
User:
admin
Company:
My Telegram:@MONSTERMC
Integrity Level:
HIGH
Description:
System Destroyer Virus
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\system destroyer virus.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
840attrib +h C:\Users\admin\Desktop\Virus.batC:\Windows\System32\attrib.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Attribute Utility
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\attrib.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ulib.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1692"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\System Destroyer Virus.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
1824"C:\Users\admin\Desktop\System Destroyer Virus.exe" C:\Users\admin\Desktop\System Destroyer Virus.exeexplorer.exe
User:
admin
Company:
My Telegram:@MONSTERMC
Integrity Level:
MEDIUM
Description:
System Destroyer Virus
Exit code:
3221226540
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\system destroyer virus.exe
c:\windows\system32\ntdll.dll
2632reg add "hklm\Software\Microsoft\Windows\CurrentVersion\Run" /v "rundll32_26552_toolbar" /t "REG_SZ" /d C:\Users\admin\Desktop\Virus.bat /f C:\Windows\System32\reg.exe
cmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Console Tool
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\reg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3984"C:\Windows\System32\cmd.exe" /C "C:\Users\admin\Desktop\Virus.bat" C:\Windows\System32\cmd.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
2 922
Read events
2 910
Write events
12
Delete events
0

Modification events

(PID) Process:(1692) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(1692) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(1692) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1692) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(1692) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(1692) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(1692) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\System Destroyer Virus.zip
(PID) Process:(1692) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1692) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1692) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
2
Suspicious files
1
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
3984cmd.exeC:\Windows\system32\PathHost
MD5:
SHA256:
748System Destroyer Virus.exeC:\Users\admin\Desktop\Virus.battext
MD5:17294C16825DBC8A6C44D4787A8E7663
SHA256:3121CA7FDC6FCE8802224D8B3445E3A3660A1B8534F03D1288C358AB4DE0EE56
1692WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1692.750\System Destroyer Virus.exeexecutable
MD5:452BFF8C8B53075B1AF79E3FA80EA966
SHA256:A51CE89B49D7AF1B638055323249002785CB2FC8C2799C306D05FB7AC291FBF4
3984cmd.exeC:\autorun.inftext
MD5:9CC52BF4A1B9E598ADBE3B45EF67C0C1
SHA256:3277EBE14439FF683F0485633465903BAD62AA6C6218221259FA145F7F4B806A
748System Destroyer Virus.exeC:\Users\admin\Desktop\ransomwarecompressed
MD5:F6183D188EE1F2867D7C13CAE5570F9F
SHA256:F0B7F041A66337A2D325A30F0DFE0C492686084015B479F64C2ABFB35204CE4E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
224.0.0.252:5355
unknown
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
System Destroyer Virus.zip