download: | 887Rat-main.rar |
Full analysis: | https://app.any.run/tasks/9c6c3e0b-bd06-42c3-b229-42739d5f1fee |
Verdict: | Malicious activity |
Analysis date: | August 12, 2022, 15:36:39 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32, flags: RecoveryRecordPresent |
MD5: | D7D11FB25A956C2DFC55B46A3B91940A |
SHA1: | 56A2C72BC1C0A38E3AD15FC34CF360BF93A76659 |
SHA256: | E27CC65C2A28268E8124719D88075AC9E22DB2A99120EDA1D700DB2519AF3C85 |
SSDEEP: | 1572864:Sw2BUF2RxxB2B3EWbR2PG3yVqUSMglchm9yXnNEoNafYH1QChZ0/n6J:8B82RxbyELPGyaRLsXnNnNP1h2n6J |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
CompressedSize: | 100450225 |
---|---|
UncompressedSize: | 100450172 |
OperatingSystem: | Win32 |
ModifyDate: | 2022:06:10 20:38:26 |
PackingMethod: | Stored |
ArchivedFileName: | 887Rat-main\887Rat-main.exe |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3532 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\887Rat-main.rar" | C:\Program Files\WinRAR\WinRAR.exe | — | Explorer.EXE |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.91.0 | ||||
3132 | "C:\Users\admin\Desktop\887Rat-main\887Rat-main.exe" | C:\Users\admin\Desktop\887Rat-main\887Rat-main.exe | Explorer.EXE | |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
1760 | "C:\Users\admin\Desktop\887Rat-main\crack.exe" | C:\Users\admin\Desktop\887Rat-main\crack.exe | 887Rat-main.exe | |
User: admin Integrity Level: MEDIUM | ||||
3116 | "C:\Users\admin\Desktop\887Rat-main\887Rat.exe" | C:\Users\admin\Desktop\887Rat-main\887Rat.exe | Explorer.EXE | |
User: admin Integrity Level: MEDIUM | ||||
2248 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\887Rat-main\887Rat-main.exe" | C:\Program Files\WinRAR\WinRAR.exe | — | Explorer.EXE |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
3428 | "C:\Users\admin\AppData\Local\Temp\flagx.exe" | C:\Users\admin\AppData\Local\Temp\flagx.exe | — | 887Rat.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
2600 | C:\Users\admin\AppData\Local\Temp\Aut2exe.exe /in C:\Users\admin\AppData\Local\Temp/QDZPLS /out C:\Users\admin\AppData\Local\Temp/AQACVJ.exe /icon C:\Users\admin\AppData\Local\Temp\ssc.ico /comp 2 /nopack /Unicode | C:\Users\admin\AppData\Local\Temp\Aut2exe.exe | 887Rat.exe | |
User: admin Company: AutoIt Team Integrity Level: MEDIUM Description: Aut2Exe Exit code: 0 Version: 3, 3, 8, 1 | ||||
372 | "C:\Users\admin\Desktop\887Rat-main\AQACVJ.exe" | C:\Users\admin\Desktop\887Rat-main\AQACVJ.exe | Explorer.EXE | |
User: admin Integrity Level: MEDIUM Version: 3, 3, 8, 1 | ||||
2572 | "C:\Users\admin\AppData\Local\Temp\exe2msi.exe" | C:\Users\admin\AppData\Local\Temp\exe2msi.exe | — | 887Rat.exe |
User: admin Company: APREL Technologies Integrity Level: MEDIUM Description: Exe to MSI Conveter Exit code: 0 Version: 2.0 | ||||
1864 | C:\Users\admin\AppData\Local\Temp\Aut2exe.exe /in C:\Users\admin\AppData\Local\Temp/AVNLUS /out C:\Users\admin\AppData\Local\Temp/PNCOMD.exe /icon C:\Users\admin\AppData\Local\Temp\ssc.ico /comp 2 /nopack /Unicode | C:\Users\admin\AppData\Local\Temp\Aut2exe.exe | 887Rat.exe | |
User: admin Company: AutoIt Team Integrity Level: MEDIUM Description: Aut2Exe Exit code: 0 Version: 3, 3, 8, 1 |
(PID) Process: | (3532) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (3532) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (3532) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (3532) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
(PID) Process: | (3532) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
(PID) Process: | (3532) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\887Rat-main.rar | |||
(PID) Process: | (3532) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (3532) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (3532) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (3532) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3532 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3532.33003\887Rat-main\887Rat-main.exe | — | |
MD5:— | SHA256:— | |||
3132 | 887Rat-main.exe | C:\Users\admin\Desktop\887Rat-main\887Rat.exe | — | |
MD5:— | SHA256:— | |||
3116 | 887Rat.exe | C:\Users\admin\AppData\Local\Temp\aut8E32.tmp | — | |
MD5:— | SHA256:— | |||
3116 | 887Rat.exe | C:\Users\admin\AppData\Local\Temp\ziwbnfi | — | |
MD5:— | SHA256:— | |||
3132 | 887Rat-main.exe | C:\Users\admin\Desktop\887Rat-main\learn all kind of hacking.url | url | |
MD5:7ADE4A739CBD8F44D0EF52A2F1BC6E7B | SHA256:CC7649ED53C65E4851ACE414529564FE16801BB2BED4CB15588BFD6B4AC13616 | |||
3132 | 887Rat-main.exe | C:\Users\admin\Desktop\887Rat-main\crack.exe | executable | |
MD5:A0A22BA1E62B67B91905665B86DF33B3 | SHA256:E3CB33466BED760B23A24BD723B68CCB5DA82EE350793F4CDE7AA5AD53541B94 | |||
1760 | crack.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crack.exe | executable | |
MD5:A0A22BA1E62B67B91905665B86DF33B3 | SHA256:E3CB33466BED760B23A24BD723B68CCB5DA82EE350793F4CDE7AA5AD53541B94 | |||
3116 | 887Rat.exe | C:\Users\admin\AppData\Local\Temp\skin.888All.msstyles | executable | |
MD5:060779CE2FDB52BFB9E7463704852D29 | SHA256:1BD90D1C7FF94B4EC5369A9F94E446F96566A6286ADEDE460584FD247B7BD540 | |||
3116 | 887Rat.exe | C:\Users\admin\AppData\Local\Temp\autA8E2.tmp | binary | |
MD5:D2A0137EE5358F3C358E5B5BB1B6684A | SHA256:D916475C069333FD191310CBDEE5AAA48C0EAAFE1827560BE54829953F8B58E3 | |||
3116 | 887Rat.exe | C:\Users\admin\AppData\Local\Temp\autA806.tmp | binary | |
MD5:6EEC45C48DE3F0E556D4728AB92BA277 | SHA256:45333F3C290C0423B7B2D7DCF14D0EA3B93443322D96879AD61A5BBB0C0D3F69 |