File name:

wopt021.zip

Full analysis: https://app.any.run/tasks/b2bcae9e-b94d-4990-89da-46d1da36e85b
Verdict: Malicious activity
Analysis date: May 23, 2021, 13:12:21
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

C350BEE10C4DA6183EDA547447530DC6

SHA1:

59BB73C6A842BB7410D84F39BAAD85E794630F41

SHA256:

DBB718FCCE5354D332F818DC1077B691C31886D3741C98CA4124ECDBA53123DA

SSDEEP:

12288:IodqXUP/3OfHkfwAvZcQs+9OWdzgvYQYqxX7IeUYN7gI/WE+Z/U2KYe:TdqXU33OfH2ZvZ9zExTdIeX7zeEaVKYe

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 3592)
      • WLAN Optimizer.exe (PID: 3328)
      • WLAN Optimizer.exe (PID: 1536)
      • WLAN Optimizer.exe (PID: 3296)

    • Application was dropped or rewritten from another process

      • WLAN Optimizer.exe (PID: 3328)
      • WLAN Optimizer.exe (PID: 1536)
      • WLAN Optimizer.exe (PID: 3296)

    • Changes the autorun value in the registry

      • WLAN Optimizer.exe (PID: 3296)

  • SUSPICIOUS

    • Drops a file with too old compile date

      • WinRAR.exe (PID: 272)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 272)

    • Drops a file that was compiled in debug mode

      • WinRAR.exe (PID: 272)

  • INFO

    • Manual execution by user

      • regedit.exe (PID: 2644)
      • WLAN Optimizer.exe (PID: 3328)
      • regedit.exe (PID: 3700)
      • WLAN Optimizer.exe (PID: 1536)
      • notepad.exe (PID: 984)
      • WLAN Optimizer.exe (PID: 3296)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: EULA.TXT
ZipUncompressedSize: 544
ZipCompressedSize: 322
ZipCRC: 0x1cf1d0ec
ZipModifyDate: 2009:08:01 15:42:00
ZipCompression: Deflated
ZipBitFlag: -
ZipRequiredVersion: 20
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
46
Monitored processes
8
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe searchprotocolhost.exe no specs wlan optimizer.exe no specs regedit.exe no specs regedit.exe notepad.exe no specs wlan optimizer.exe no specs wlan optimizer.exe

Process information

PID
CMD
Path
Indicators
Parent process
272"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\wopt021.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
984"C:\Windows\system32\notepad.exe" "C:\Users\admin\Desktop\WipeOut.reg"C:\Windows\system32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1536"C:\Users\admin\Desktop\WLAN Optimizer.exe" C:\Users\admin\Desktop\WLAN Optimizer.exeexplorer.exe
User:
admin
Company:
none
Integrity Level:
MEDIUM
Description:
WLAN Optimizer
Exit code:
0
Version:
09.08.07
Modules
Images
c:\users\admin\desktop\wlan optimizer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
2644"regedit.exe" "C:\Users\admin\Desktop\WipeOut.reg"C:\Windows\regedit.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Editor
Exit code:
3221226540
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\regedit.exe
c:\systemroot\system32\ntdll.dll
3296"C:\Users\admin\Desktop\WLAN Optimizer.exe" C:\Users\admin\Desktop\WLAN Optimizer.exe
explorer.exe
User:
admin
Company:
none
Integrity Level:
HIGH
Description:
WLAN Optimizer
Exit code:
0
Version:
09.08.07
Modules
Images
c:\users\admin\desktop\wlan optimizer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
3328"C:\Users\admin\Desktop\WLAN Optimizer.exe" C:\Users\admin\Desktop\WLAN Optimizer.exeexplorer.exe
User:
admin
Company:
none
Integrity Level:
MEDIUM
Description:
WLAN Optimizer
Exit code:
0
Version:
09.08.07
Modules
Images
c:\users\admin\desktop\wlan optimizer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
c:\windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
3592"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Exit code:
0
Version:
7.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3700"regedit.exe" "C:\Users\admin\Desktop\WipeOut.reg"C:\Windows\regedit.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Editor
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\regedit.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
498
Read events
469
Write events
28
Delete events
1

Modification events

(PID) Process:(272) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(272) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(272) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\13D\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(272) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\wopt021.zip
(PID) Process:(272) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(272) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(272) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(272) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(272) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\13D\52C64B7E
Operation:writeName:@C:\Windows\system32\notepad.exe,-469
Value:
Text Document
(PID) Process:(272) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\13D\52C64B7E
Operation:writeName:@C:\Windows\regedit.exe,-309
Value:
Registration Entries
Executable files
4
Suspicious files
0
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
272WinRAR.exeC:\Users\admin\Desktop\EULA.TXTtext
MD5:9871A2BD2288516D2A170771BC06536B
SHA256:46FB3ACE66231F16F287CE18F7BAF2A673D7F302905A4A13B56B70F1AD77ADCF
272WinRAR.exeC:\Users\admin\Desktop\Microsoft.VC90.CRT.manifestxml
MD5:C1EDA860810E6299F690459006E4C655
SHA256:DF2E70333883FA14F1AB0EB04665A26DBD5334EDD5C5A886A72075FBEBC57EA3
272WinRAR.exeC:\Users\admin\Desktop\WLAN Optimizer.exeexecutable
MD5:E998F77C0943056319A6A46C330606A4
SHA256:C154EC2D62ECBDAB62FD4FDF97157FF93EFBC1640871A68BCA38E43DAD55D2B4
272WinRAR.exeC:\Users\admin\Desktop\WipeOut.regtext
MD5:D1EEE0E108FD611C5C07558C1CF8298D
SHA256:7F095B52A3F7C7313A4D6701956A538925454942B7F1C20C676B59188DD2A7E3
272WinRAR.exeC:\Users\admin\Desktop\msvcm90.dllexecutable
MD5:7B37F8EC25C9AD853E8126C1D0992201
SHA256:866F51D4416B6A0BFBE8442CC8C1716152E4C3EE3137C375D05185E8171096A7
272WinRAR.exeC:\Users\admin\Desktop\msvcr90.dllexecutable
MD5:4D03CA609E68F4C90CF66515218017F8
SHA256:CF420ACED0D810E1D75F6811DD986F2D9FDED2FBB8D61FC9A7024520C475FEBB
272WinRAR.exeC:\Users\admin\Desktop\msvcp90.dllexecutable
MD5:871F979D70414C900B35E56222932DAF
SHA256:91FD46D7335C9990A20F215B9F6F53BC59551420A9C99AD8110AE2F9FF7598F0
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
wopt021.zip