analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

Heart-Sender-V1.2_1.zip

Full analysis: https://app.any.run/tasks/8a3b91c6-3181-442c-9b1d-132313f8764c
Verdict: Malicious activity
Analysis date: February 22, 2020, 14:34:04
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract
MD5:

483F2CA873DEA94669CE1707335D84EE

SHA1:

4D8C52F9C4C0C5F30795994D292A48D2B58B635D

SHA256:

E1AC482B2273160DB19FA01F800F1358B49C22998B829E87B1F460EB5B86B543

SSDEEP:

12288:/KkGX3wLOhAi8csBbucu5laA+ehdXSfNDtZbxuKOs2GkI93FEZx:/5GX3wA6cebgyA+e7XSFlu5sddS7

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Heart-Sender-V1.2.exe (PID: 3424)
      • Heart-Sender-V1.2.exe (PID: 4084)
      • setup.exe (PID: 1916)
      • setup.exe (PID: 3508)
      • Windows Network.exe (PID: 2760)
      • setup.exe (PID: 3132)
      • setup.exe (PID: 4020)
      • Windows Network.exe (PID: 2828)

    • Writes to a start menu file

      • Windows Network.exe (PID: 2760)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1500)
      • setup.exe (PID: 3508)

    • Starts itself from another location

      • setup.exe (PID: 3508)

    • Creates files in the user directory

      • setup.exe (PID: 3508)
      • Windows Network.exe (PID: 2760)
      • Windows Network.exe (PID: 2828)

    • Application launched itself

      • Windows Network.exe (PID: 2760)

  • INFO

    • Manual execution by user

      • Heart-Sender-V1.2.exe (PID: 4084)
      • setup.exe (PID: 1916)
      • setup.exe (PID: 3508)
      • setup.exe (PID: 3132)
      • setup.exe (PID: 4020)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2020:02:20 13:17:15
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: logs/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
50
Monitored processes
9
Malicious processes
4
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start start drop and start winrar.exe heart-sender-v1.2.exe no specs heart-sender-v1.2.exe no specs setup.exe no specs setup.exe windows network.exe setup.exe no specs setup.exe windows network.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1500"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Heart-Sender-V1.2_1.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
3424"C:\Users\admin\AppData\Local\Temp\Rar$EXa1500.6696\Heart-Sender-V1.2.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa1500.6696\Heart-Sender-V1.2.exeWinRAR.exe
User:
admin
Company:
HeartFamily
Integrity Level:
MEDIUM
Description:
Heart Sender V1
Exit code:
0
Version:
1.0.0.0
4084"C:\Users\admin\Desktop\Heart-Sender-V1.2.exe" C:\Users\admin\Desktop\Heart-Sender-V1.2.exeexplorer.exe
User:
admin
Company:
HeartFamily
Integrity Level:
MEDIUM
Description:
Heart Sender V1
Exit code:
0
Version:
1.0.0.0
1916"C:\Users\admin\Desktop\setup.exe" C:\Users\admin\Desktop\setup.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
3508"C:\Users\admin\Desktop\setup.exe" C:\Users\admin\Desktop\setup.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
2760"C:\Users\admin\AppData\Roaming\Windows Network\Windows Network.exe"C:\Users\admin\AppData\Roaming\Windows Network\Windows Network.exe
setup.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
3132"C:\Users\admin\Desktop\setup.exe" C:\Users\admin\Desktop\setup.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
4020"C:\Users\admin\Desktop\setup.exe" C:\Users\admin\Desktop\setup.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
2828"C:\Users\admin\AppData\Roaming\Windows Network\Windows Network.exe"C:\Users\admin\AppData\Roaming\Windows Network\Windows Network.exeWindows Network.exe
User:
admin
Integrity Level:
HIGH
Total events
565
Read events
540
Write events
0
Delete events
0

Modification events

No data
Executable files
4
Suspicious files
0
Text files
12
Unknown types
0

Dropped files

PID
Process
Filename
Type
1500WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1500.8267\Heart-Sender-V1.2.exe
MD5:
SHA256:
1500WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1500.8553\setup.exe
MD5:
SHA256:
3508setup.exeC:\Users\admin\AppData\Roaming\Windows Network\Windows Network.exe:ZoneIdentifier
MD5:
SHA256:
1500WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1500.6696\Settings.initext
MD5:41679E215270290E80D2264E5335AA18
SHA256:A2D5E22F98B7E97D90D7F2BBB0FB514B3951D0FFA9F4E87537BF1BAAFB5311E7
2760Windows Network.exeC:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Network.vbstext
MD5:63E83CAC146354F1B2660FB3C533B22C
SHA256:E295DFCD2A515D4631A86E132996E0929DAA03EAA6863C798806C5DC1491231F
1500WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1500.6696\setup.exeexecutable
MD5:A323D08293166506A9BA81A953ECD156
SHA256:93A044F25C84FE757C1ED0AD5D7D75AB42BF6BBAC393AE3CCD78649A1183DA89
2828Windows Network.exeC:\Users\admin\AppData\Local\Temp\FransescoPast.txttext
MD5:999B8E36DD8728EFB1C5846A50106F59
SHA256:CF8273FE85EF2985623E89A0DAD31A75527139C89C77D3D4308CC6A8A3698783
3508setup.exeC:\Users\admin\AppData\Roaming\Windows Network\Windows Network.exeexecutable
MD5:A323D08293166506A9BA81A953ECD156
SHA256:93A044F25C84FE757C1ED0AD5D7D75AB42BF6BBAC393AE3CCD78649A1183DA89
4084Heart-Sender-V1.2.exeC:\Users\admin\Desktop\Settings.initext
MD5:C264554E8E058A904B349426E9D55106
SHA256:6F19282087AE76E463085C178CEB3866908AD76D775CDAE52DCDFA54208FCD6F
4084Heart-Sender-V1.2.exeC:\Users\admin\Desktop\license.txttext
MD5:B28BA1C42E3F7AC4A232F995DB96F8E6
SHA256:F9598EBA595AAB0895F5804807EAD4546E9C1770F10028D0FA843707A11F2897
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Heart-Sender-V1.2_1.zip