File name:

HDD Regenerator.zip

Full analysis: https://app.any.run/tasks/2eb86372-1be2-4c4b-8038-832282ac0e2b
Verdict: Malicious activity
Analysis date: September 07, 2020, 17:57:10
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

94E95078709EF1FA52B454716D04C515

SHA1:

A490CBB72FC5FC58FE34696126AF26FAAE893D52

SHA256:

DE38F87E567DB5ED47B38D08F74A61A26C38DEE24527B86D5FDDAE718F7616D4

SSDEEP:

49152:QuJbJofHE5n9NnA9yjCiN2Joel+Y3YwvFDKXq:QmbqkVnAQupl+QJdT

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • HDD Regenerator.exe (PID: 2460)
      • HDD Regenerator.exe (PID: 3584)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2472)

  • INFO

    • Manual execution by user

      • HDD Regenerator.exe (PID: 3584)
      • HDD Regenerator.exe (PID: 2460)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2020:09:07 19:56:27
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: HDD Regenerator/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
47
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe hdd regenerator.exe no specs hdd regenerator.exe

Process information

PID
CMD
Path
Indicators
Parent process
2460"C:\Users\admin\Desktop\HDD Regenerator\HDD Regenerator\HDD Regenerator.exe" C:\Users\admin\Desktop\HDD Regenerator\HDD Regenerator\HDD Regenerator.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
3221225781
Modules
Images
c:\users\admin\desktop\hdd regenerator\hdd regenerator\hdd regenerator.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
2472"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\HDD Regenerator.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3584"C:\Users\admin\Desktop\HDD Regenerator\HDD Regenerator\HDD Regenerator.exe" C:\Users\admin\Desktop\HDD Regenerator\HDD Regenerator\HDD Regenerator.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\hdd regenerator\hdd regenerator\hdd regenerator.exe
c:\systemroot\system32\ntdll.dll
Total events
489
Read events
479
Write events
10
Delete events
0

Modification events

(PID) Process:(2472) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2472) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2472) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\139\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2472) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\139\52C64B7E
Operation:writeName:@C:\Windows\system32\NetworkExplorer.dll,-1
Value:
Network
(PID) Process:(2472) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\HDD Regenerator.zip
(PID) Process:(2472) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2472) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2472) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2472) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2472) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath
Operation:writeName:0
Value:
C:\Users\admin\Desktop\HDD Regenerator
Executable files
5
Suspicious files
0
Text files
3
Unknown types
1

Dropped files

PID
Process
Filename
Type
2472WinRAR.exeC:\Users\admin\Desktop\HDD Regenerator\HDD Regenerator\DSCK.TR
MD5:
SHA256:
2472WinRAR.exeC:\Users\admin\Desktop\HDD Regenerator\HDD Regenerator\HDDSTAT\5QE1CBWQ.SMARTmp3
MD5:
SHA256:
2472WinRAR.exeC:\Users\admin\Desktop\HDD Regenerator\HDD Regenerator\License.txttext
MD5:E8CB68ED28F292A00F395799CC489C8E
SHA256:5982FBFD79B45DB61DED940799AF9B9F3D06BD0FA9F1A56EAE0E771F69C44022
2472WinRAR.exeC:\Users\admin\Desktop\HDD Regenerator\HDD Regenerator\Readme.txttext
MD5:DF0BE0394610159EC0B591B8D0DAB4A7
SHA256:DE9F975F4A54E0EA9FEA52CA3D977F25C21708F1D60CD6D1414210B48B43C18E
2472WinRAR.exeC:\Users\admin\Desktop\HDD Regenerator\HDD Regenerator\hrsrv.exeexecutable
MD5:43A139D3274C0A4213965ACEF973691F
SHA256:0BDE75566F12F9875088CEEEB79B95F21D92B921C513EE163330CBB890F9D145
2472WinRAR.exeC:\Users\admin\Desktop\HDD Regenerator\HDD Regenerator\Purchase.exeexecutable
MD5:CDC57E8AD62C0782DC2FC63C940CBF34
SHA256:3D03D8CFA4D8B6C8C169A1811928867209FC3B92F66E27401D0C371130B04C01
2472WinRAR.exeC:\Users\admin\Desktop\HDD Regenerator\HDD Regenerator\License.rtftext
MD5:74B7AFFEB854C1CD5534B68E7F433C9A
SHA256:5204D4FD08E8781E6FCCA6B2328DECCA7A2496A9B2A4E224F1EFFBF03F1A75BF
2472WinRAR.exeC:\Users\admin\Desktop\HDD Regenerator\HDD Regenerator\Shell.exeexecutable
MD5:70829D518C20A533767FC053012C7F6A
SHA256:09628C5576D8B1261EBDCF1B789A81E78918EF576351BF5E37895DEE4DBE107D
2472WinRAR.exeC:\Users\admin\Desktop\HDD Regenerator\HDD Regenerator\HDD Regenerator.exeexecutable
MD5:1E3A00B0E80446EF495B499FD43379B0
SHA256:79CED6D8C45567923B13EF115A4523895B0226A6C9C208812EDB8CA6320F8D81
2472WinRAR.exeC:\Users\admin\Desktop\HDD Regenerator\HDD Regenerator\hddreg.exeexecutable
MD5:C3F91C3A2463629F8F80C9FAB811E92C
SHA256:EB7400A215B9D15730D60632800E5D80B6D8EE5B550D9325741F1B6488394163
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
HDD Regenerator.zip