File name:

Welltec-Offset Outsanding-IMG_174724732747.iso

Full analysis: https://app.any.run/tasks/04f38dec-5327-4471-9653-f50d8e9e12e0
Verdict: Malicious activity
Analysis date: May 20, 2019, 14:44:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-iso9660-image
File info: ISO 9660 CD-ROM filesystem data 'Welltec-Offset Outsanding-IMG_17'
MD5:

49BA4C811E57CB6B8E6F5F0FF5DFBE4E

SHA1:

1D53E808CA7C568620BD9F6CD934349B73539D8F

SHA256:

E4F4E41CA950DBF3145D164737514C66747F64B5046B350AB19A8D1F4E23C599

SSDEEP:

3072:y+9Yu3DXFZb9wSXyOzeQ1LwiJV9PrKASWUjPT/JQJ4EGsnBs9:yarT9TiBQ1LwiJVJGA4vJQOEG

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Welltec-Offset Outsanding-IMG_174724732747.com (PID: 2436)
      • Welltec-Offset Outsanding-IMG_174724732747.com (PID: 2492)
      • Welltec-Offset Outsanding-IMG_174724732747.com (PID: 3944)
      • Welltec-Offset Outsanding-IMG_174724732747.com (PID: 2392)
      • Welltec-Offset Outsanding-IMG_174724732747.com (PID: 3580)
      • Welltec-Offset Outsanding-IMG_174724732747.com (PID: 3472)
      • Welltec-Offset Outsanding-IMG_174724732747.com (PID: 1520)
      • Welltec-Offset Outsanding-IMG_174724732747.com (PID: 2548)
      • Welltec-Offset Outsanding-IMG_174724732747.com (PID: 3560)
      • Welltec-Offset Outsanding-IMG_174724732747.com (PID: 3504)
      • Welltec-Offset Outsanding-IMG_174724732747.com (PID: 976)
      • Welltec-Offset Outsanding-IMG_174724732747.com (PID: 3956)
      • Welltec-Offset Outsanding-IMG_174724732747.com (PID: 1696)
      • Welltec-Offset Outsanding-IMG_174724732747.com (PID: 2608)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3800)

    • Starts application with an unusual extension

      • WinRAR.exe (PID: 3800)
      • Welltec-Offset Outsanding-IMG_174724732747.com (PID: 2436)

    • Application launched itself

      • Welltec-Offset Outsanding-IMG_174724732747.com (PID: 2436)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.iso | ISO 9660 CD image (27.6)
.atn | Photoshop Action (27.1)
.gmc | Game Music Creator Music (6.1)

EXIF

ISO

System: Win32
VolumeName: Welltec-Offset Outsanding-IMG_17
VolumeBlockCount: 592
VolumeBlockSize: 2048
RootDirectoryCreateDate: 2019:05:20 11:56:43+01:00
Software: PowerISO
VolumeCreateDate: 2019:05:20 11:56:43.00+01:00
VolumeModifyDate: 2019:05:20 11:56:43.00+01:00

Composite

VolumeSize: 1184 kB
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
47
Monitored processes
16
Malicious processes
2
Suspicious processes
5

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start rundll32.exe no specs winrar.exe welltec-offset outsanding-img_174724732747.com no specs welltec-offset outsanding-img_174724732747.com no specs welltec-offset outsanding-img_174724732747.com no specs welltec-offset outsanding-img_174724732747.com no specs welltec-offset outsanding-img_174724732747.com no specs welltec-offset outsanding-img_174724732747.com no specs welltec-offset outsanding-img_174724732747.com no specs welltec-offset outsanding-img_174724732747.com no specs welltec-offset outsanding-img_174724732747.com no specs welltec-offset outsanding-img_174724732747.com no specs welltec-offset outsanding-img_174724732747.com no specs welltec-offset outsanding-img_174724732747.com no specs welltec-offset outsanding-img_174724732747.com no specs welltec-offset outsanding-img_174724732747.com no specs

Process information

PID
CMD
Path
Indicators
Parent process
636"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\AppData\Local\Temp\Welltec-Offset Outsanding-IMG_174724732747.isoC:\Windows\system32\rundll32.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows host process (Rundll32)
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\rundll32.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\imagehlp.dll
976C:\Users\admin\AppData\Local\Temp\Rar$DIa3800.47229\Welltec-Offset Outsanding-IMG_174724732747.com" C:\Users\admin\AppData\Local\Temp\Rar$DIa3800.47229\Welltec-Offset Outsanding-IMG_174724732747.comWelltec-Offset Outsanding-IMG_174724732747.com
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Version:
7.02.0001
Modules
Images
c:\users\admin\appdata\local\temp\rar$dia3800.47229\welltec-offset outsanding-img_174724732747.com
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1520"C:\Users\admin\AppData\Local\Temp\Rar$DIa3800.48688\Welltec-Offset Outsanding-IMG_174724732747.com" C:\Users\admin\AppData\Local\Temp\Rar$DIa3800.48688\Welltec-Offset Outsanding-IMG_174724732747.comWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Version:
7.02.0001
Modules
Images
c:\users\admin\appdata\local\temp\rar$dia3800.48688\welltec-offset outsanding-img_174724732747.com
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
1696"C:\Users\admin\AppData\Local\Temp\Rar$DIa3800.271\Welltec-Offset Outsanding-IMG_174724732747.com" C:\Users\admin\AppData\Local\Temp\Rar$DIa3800.271\Welltec-Offset Outsanding-IMG_174724732747.comWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Version:
7.02.0001
2392"C:\Users\admin\AppData\Local\Temp\Rar$DIa3800.47924\Welltec-Offset Outsanding-IMG_174724732747.com" C:\Users\admin\AppData\Local\Temp\Rar$DIa3800.47924\Welltec-Offset Outsanding-IMG_174724732747.comWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Version:
7.02.0001
Modules
Images
c:\users\admin\appdata\local\temp\rar$dia3800.47924\welltec-offset outsanding-img_174724732747.com
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
2436"C:\Users\admin\AppData\Local\Temp\Rar$DIa3800.47229\Welltec-Offset Outsanding-IMG_174724732747.com" C:\Users\admin\AppData\Local\Temp\Rar$DIa3800.47229\Welltec-Offset Outsanding-IMG_174724732747.comWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Version:
7.02.0001
Modules
Images
c:\users\admin\appdata\local\temp\rar$dia3800.47229\welltec-offset outsanding-img_174724732747.com
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
2492"C:\Users\admin\AppData\Local\Temp\Rar$DIa3800.47579\Welltec-Offset Outsanding-IMG_174724732747.com" C:\Users\admin\AppData\Local\Temp\Rar$DIa3800.47579\Welltec-Offset Outsanding-IMG_174724732747.comWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Version:
7.02.0001
Modules
Images
c:\users\admin\appdata\local\temp\rar$dia3800.47579\welltec-offset outsanding-img_174724732747.com
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
2548"C:\Users\admin\AppData\Local\Temp\Rar$DIa3800.49027\Welltec-Offset Outsanding-IMG_174724732747.com" C:\Users\admin\AppData\Local\Temp\Rar$DIa3800.49027\Welltec-Offset Outsanding-IMG_174724732747.comWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Version:
7.02.0001
Modules
Images
c:\users\admin\appdata\local\temp\rar$dia3800.49027\welltec-offset outsanding-img_174724732747.com
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
2608"C:\Users\admin\AppData\Local\Temp\Rar$DIa3800.49618\Welltec-Offset Outsanding-IMG_174724732747.com" C:\Users\admin\AppData\Local\Temp\Rar$DIa3800.49618\Welltec-Offset Outsanding-IMG_174724732747.comWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Version:
7.02.0001
Modules
Images
c:\users\admin\appdata\local\temp\rar$dia3800.49618\welltec-offset outsanding-img_174724732747.com
c:\systemroot\system32\ntdll.dll
3472"C:\Users\admin\AppData\Local\Temp\Rar$DIa3800.48383\Welltec-Offset Outsanding-IMG_174724732747.com" C:\Users\admin\AppData\Local\Temp\Rar$DIa3800.48383\Welltec-Offset Outsanding-IMG_174724732747.comWinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Version:
7.02.0001
Modules
Images
c:\users\admin\appdata\local\temp\rar$dia3800.48383\welltec-offset outsanding-img_174724732747.com
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
Total events
905
Read events
814
Write events
91
Delete events
0

Modification events

(PID) Process:(636) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(636) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
Operation:writeName:@C:\Windows\System32\isoburn.exe,-350
Value:
Disc Image File
(PID) Process:(636) rundll32.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\OpenWithProgids
Operation:writeName:Windows.IsoFile
Value:
(PID) Process:(636) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:LangID
Value:
0904
(PID) Process:(636) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E
Operation:writeName:@%SystemRoot%\System32\isoburn.exe,-352
Value:
Windows Disc Image Burner
(PID) Process:(636) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\Windows\System32\isoburn.exe
Value:
Windows Disc Image Burner
(PID) Process:(636) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\Program Files\WinRAR\WinRAR.exe
Value:
WinRAR archiver
(PID) Process:(636) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
Value:
Adobe Acrobat Reader DC
(PID) Process:(636) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\Windows\eHome\ehshell.exe
Value:
Windows Media Center
(PID) Process:(636) rundll32.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\MuiCache
Operation:writeName:C:\Program Files\Internet Explorer\iexplore.exe
Value:
Internet Explorer
Executable files
13
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
3800WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa3800.47719\Welltec-Offset Outsanding-IMG_174724732747.comexecutable
MD5:
SHA256:
3800WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa3800.47579\Welltec-Offset Outsanding-IMG_174724732747.comexecutable
MD5:
SHA256:
3800WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa3800.47924\Welltec-Offset Outsanding-IMG_174724732747.comexecutable
MD5:
SHA256:
3800WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa3800.48383\Welltec-Offset Outsanding-IMG_174724732747.comexecutable
MD5:
SHA256:
3800WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa3800.49299\Welltec-Offset Outsanding-IMG_174724732747.comexecutable
MD5:
SHA256:
3800WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa3800.48688\Welltec-Offset Outsanding-IMG_174724732747.comexecutable
MD5:
SHA256:
3800WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa3800.271\Welltec-Offset Outsanding-IMG_174724732747.comexecutable
MD5:
SHA256:
3800WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa3800.49460\Welltec-Offset Outsanding-IMG_174724732747.comexecutable
MD5:
SHA256:
3800WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa3800.49618\Welltec-Offset Outsanding-IMG_174724732747.comexecutable
MD5:
SHA256:
3800WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa3800.47229\Welltec-Offset Outsanding-IMG_174724732747.comexecutable
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Welltec-Offset Outsanding-IMG_174724732747.iso