File name:

!@-FullVer_Pc$etUp_2024_PASSCODE$_.rar

Full analysis: https://app.any.run/tasks/cd2579b7-8734-47ce-80b7-e188542c6132
Verdict: Malicious activity
Analysis date: May 01, 2024, 18:20:54
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

C7EA39F98E09531EBE49DD4B94BE1A5E

SHA1:

693D6C331151E34EED4913FFA55A84DDAD256A4B

SHA256:

E8093A612EB355B8D6153CD8EBECC9F8090A51AC8B7009583C6B95F1D8761D02

SSDEEP:

98304:5+FQstZVmc9GzbaQAeoB4bjzkPLSnYqgjN3oA7uYONMhVBFGf92yx0taNv+ipYy4:0btliAMftu

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 3940)

    • The process creates files with name similar to system file names

      • WinRAR.exe (PID: 3940)

    • Application launched itself

      • taskmgr.exe (PID: 1116)

    • Reads the Internet Settings

      • taskmgr.exe (PID: 1116)

  • INFO

    • Reads security settings of Internet Explorer

      • taskmgr.exe (PID: 1116)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3940)

    • Manual execution by a user

      • taskmgr.exe (PID: 1116)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3940)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
44
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe taskmgr.exe no specs taskmgr.exe

Process information

PID
CMD
Path
Indicators
Parent process
304"C:\Windows\system32\taskmgr.exe" /1C:\Windows\System32\taskmgr.exe
taskmgr.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows Task Manager
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\taskmgr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1116"C:\Windows\system32\taskmgr.exe" /4C:\Windows\System32\taskmgr.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Task Manager
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\taskmgr.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3940"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\!@-FullVer_Pc$etUp_2024_PASSCODE$_.rarC:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
4 264
Read events
4 230
Write events
34
Delete events
0

Modification events

(PID) Process:(3940) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3940) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3940) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3940) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
(PID) Process:(3940) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3940) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3940) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3940) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\!@-FullVer_Pc$etUp_2024_PASSCODE$_.rar
(PID) Process:(3940) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3940) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
Executable files
135
Suspicious files
4
Text files
3
Unknown types
3

Dropped files

PID
Process
Filename
Type
3940WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb3940.49192\zlib.dllexecutable
MD5:7A7BB3B0E57E4FB32C57B74E78E657AD
SHA256:87048CFF2227D2901314760618D23917CFBC5CC15FC22DC355E803C5EE5FB211
3940WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb3940.49192\updater.iniexecutable
MD5:91E2D2AF70ED5E2ABDFA2DF50FBFAF35
SHA256:B2C04A568AC068F8BB2214307E5616468E2A53DBFCA9F57E2AB90D140BC29E1A
3940WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb3940.49192\TE.WinRT.dllexecutable
MD5:0093FA7BFE309B12F4E24CAEB598197D
SHA256:D871573A466CAADD1115C93F85CF095D80C400777AC234B8741145EEC0B8D0D7
3940WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb3940.49192\x64\api-ms-win-core-console-l1-2-0.dllexecutable
MD5:6B33E6F1D77CEC0901EA8E91473BC18B
SHA256:449631A3F5FADEF72ACC2C2F84765208D0CA014EC1FE93FB9AD805EEC1D40EAE
3940WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb3940.49192\Wex.Common.dllexecutable
MD5:2A58200BC71F4819FA958A93791479A8
SHA256:D309A0FF6BC22F534C5D26EC992DA21DCDACB93C595EF00E63CBAE4DEC315E7F
3940WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb3940.49192\TE.Loaders.dllexecutable
MD5:6D96B3FC5AB6968812297666C26B3468
SHA256:CC6B45ED1F71F8F6A6F89AE1F81D182457B036C53011208B833F6C3B96E6AD90
3940WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb3940.49192\x64\api-ms-win-core-debug-l1-1-0.dllexecutable
MD5:607703B245D9B4FC69A8B5363FF626FA
SHA256:F65B1B3EA2767F98F0C29118E85B06F4E61654BEC34B60B3ABB593B24EC29AF4
3940WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb3940.49192\Wex.Logger.dllexecutable
MD5:F2C1CC6843C2E0DFDA8B3E748E90DB80
SHA256:0B03908CA426FE2CDDD483F86795D3D05F6767547167AEC4082E1B7D8F936272
3940WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb3940.49192\x64\api-ms-win-core-console-l1-1-0.dllexecutable
MD5:0909E61C8C9C717976828F65C987E5F9
SHA256:03FFDB036329A25BEACF905D62611A13E3DFDDA6CBD2D13AF830258E8CF40EC0
3940WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb3940.49192\x64\api-ms-win-core-datetime-l1-1-0.dllexecutable
MD5:2B4A3A51E075AB9819C6D6BC40EFB4B5
SHA256:D718E1B6C352112C2F8E36B4BA5ED28E6179257FD2FE944C4A0D404B5C15B5AE
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
!@-FullVer_Pc$etUp_2024_PASSCODE$_.rar