| File name: | IObit_Unlocker.7z |
| Full analysis: | https://app.any.run/tasks/63baa9d7-f21e-4657-93eb-0637429ffa66 |
| Verdict: | Malicious activity |
| Analysis date: | January 04, 2024, 02:33:48 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | application/x-7z-compressed |
| File info: | 7-zip archive data, version 0.4 |
| MD5: | 9B3020BA87CE893DD39E44A4874ABDE8 |
| SHA1: | 76277AF1ECDCCBEE7E278B06E8B8B10A931B9637 |
| SHA256: | E992C074A51867EDB5F08DC3A3A00559988ECE8D9FBBEAEB2A6DB5ED1AF9D4DA |
| SSDEEP: | 49152:8jjjoiF2r7uu9+WKSr7hYPRJCdms646RtFi7DGX4ndj61Opc/f2PX1Via9I2A6gz:8jjM6Q/+WhlYJQN64371ndlpafIl9IpX |
MALICIOUS
No malicious indicators.SUSPICIOUS
Drops a system driver (possible attempt to evade defenses)
- WinRAR.exe (PID: 120)
Checks Windows Trust Settings
- IObitUnlocker.exe (PID: 1584)
Reads security settings of Internet Explorer
- IObitUnlocker.exe (PID: 1584)
Reads settings of System Certificates
- IObitUnlocker.exe (PID: 1584)
Adds/modifies Windows certificates
- IObitUnlocker.exe (PID: 1584)
INFO
Manual execution by a user
- IObitUnlocker.exe (PID: 2420)
- IObitUnlocker.exe (PID: 1584)
Checks supported languages
- IObitUnlocker.exe (PID: 1584)
Drops the executable file immediately after the start
- WinRAR.exe (PID: 120)
Creates files in the program directory
- IObitUnlocker.exe (PID: 1584)
Reads the machine GUID from the registry
- IObitUnlocker.exe (PID: 1584)
Reads the computer name
- IObitUnlocker.exe (PID: 1584)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .7z | | | 7-Zip compressed archive (v0.4) (57.1) |
|---|---|---|
| .7z | | | 7-Zip compressed archive (gen) (42.8) |
Total processes
39
Monitored processes
3
Malicious processes
1
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 120 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\IObit_Unlocker.7z" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe | |||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 Modules
| |||||||||||||||
| 1584 | "C:\Users\admin\Desktop\IObit Unlocker\IObitUnlocker.exe" | C:\Users\admin\Desktop\IObit Unlocker\IObitUnlocker.exe | explorer.exe | ||||||||||||
User: admin Company: IObit Information Technology Integrity Level: HIGH Description: Unlocker Exit code: 0 Version: 1.6.0.16 Modules
| |||||||||||||||
| 2420 | "C:\Users\admin\Desktop\IObit Unlocker\IObitUnlocker.exe" | C:\Users\admin\Desktop\IObit Unlocker\IObitUnlocker.exe | — | explorer.exe | |||||||||||
User: admin Company: IObit Information Technology Integrity Level: MEDIUM Description: Unlocker Exit code: 3221226540 Version: 1.6.0.16 Modules
| |||||||||||||||
Total events
5 374
Read events
5 349
Write events
25
Delete events
0
Modification events
| (PID) Process: | (120) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E |
| Operation: | write | Name: | LanguageList |
Value: en-US | |||
| (PID) Process: | (120) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 3 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
| (PID) Process: | (120) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\phacker.zip | |||
| (PID) Process: | (120) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
| (PID) Process: | (120) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip | |||
| (PID) Process: | (120) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | name |
Value: 120 | |||
| (PID) Process: | (120) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | size |
Value: 80 | |||
| (PID) Process: | (120) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | type |
Value: 120 | |||
| (PID) Process: | (120) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | mtime |
Value: 100 | |||
| (PID) Process: | (1584) IObitUnlocker.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E |
| Operation: | write | Name: | LanguageList |
Value: en-US | |||
Executable files
4
Suspicious files
0
Text files
4
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 1584 | IObitUnlocker.exe | C:\Users\admin\Desktop\IObit Unlocker\update.ini | text | |
MD5:EDE302E808402E5B86069D44A46747CB | SHA256:25D357C15C4BFE2DBC89A9449E8438F3B82B7105BC04360EFEB6EED479EA6343 | |||
| 120 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa120.12484\IObit Unlocker\IObitUnlocker.dll | executable | |
MD5:2C6233C8DBC560027EE1427F5413E4B1 | SHA256:37D2A1626DC205D60F0BEC8746AB256569267E4EF2F8F84DFF4D9D792AA3AF30 | |||
| 1584 | IObitUnlocker.exe | C:\ProgramData\IObit\IObit Unlocker\IObitUnlocker.ini | text | |
MD5:4FEB4FF9E704D6B62895BFB76566E6E0 | SHA256:4BC87ECF46AFCE746475E5FCAEF0D7E8C98A05C79E9B6C7276BC80175132D311 | |||
| 120 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa120.12484\IObit Unlocker\IObitUnlocker.sys | executable | |
MD5:AC055B6C011B2E015DE44154E2D46ADB | SHA256:1845FE8545B6708E64250B8807F26D095F1875CC1F6159B24C2D0589FEB74F0C | |||
| 120 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa120.12484\IObit Unlocker\IObitUnlockerExtension.dll | executable | |
MD5:1EC2724BE59F64F05F7107728B51624F | SHA256:01FE66A8AAEA0FAA04B12127CAA3B76EE11BE9ED0B1BFCD1EEEF71AA5489FAAA | |||
| 1584 | IObitUnlocker.exe | C:\ProgramData\IObit\IObit Unlocker\Main.ini | text | |
MD5:1DBB59E7E8ED8B59DC7E7A5985924FE7 | SHA256:A6AB5FC3C3BE4F24CC8F80DF619E3597771547ADA5DEBF86681B44B20E2F1290 | |||
| 120 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa120.12484\IObit Unlocker\IObitUnlocker.exe | executable | |
MD5:2541290195FFE29716EBBC7AAC76D82F | SHA256:EAA9DC1C9DC8620549FEE54D81399488292349D2C8767B58B7D0396564FB43E7 | |||
| 1584 | IObitUnlocker.exe | C:\Users\admin\Desktop\IObit Unlocker\IObitUnlocker.log | text | |
MD5:8100ECD24D4FB35BE75E6625B1398CF1 | SHA256:A84DCA94051BE2A04171DEF1203135763E94C6E83417F46625110F283304665B | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
5
DNS requests
1
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
1584 | IObitUnlocker.exe | POST | 200 | 152.199.20.140:80 | http://update.iobit.com/infofiles/iobitunlocker.upt | unknown | text | 141 b | unknown |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
1080 | svchost.exe | 224.0.0.252:5355 | — | — | — | unknown |
1584 | IObitUnlocker.exe | 152.199.20.140:80 | update.iobit.com | EDGECAST | US | unknown |
DNS requests
Domain | IP | Reputation |
|---|---|---|
update.iobit.com |
| whitelisted |
Threats
Process | Message |
|---|---|
IObitUnlocker.exe | ParamStr(1): |
IObitUnlocker.exe | C:\ProgramData\IObit\IObit Unlocker\temp.cds |