File name:

LANC Remastered (1).rar

Full analysis: https://app.any.run/tasks/f18676a9-31b4-4d8e-bbc8-17ceaca2f80f
Verdict: Malicious activity
Analysis date: May 07, 2021, 20:05:45
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

C35724BECEE43F778A015AC2143047E0

SHA1:

73F8322FAAF3BF9F153206BAA96DD0F3857A9451

SHA256:

ED641E0D246FFDBF70BDA3B27BC31E82A11BE73AF50430D66F92C39611C764D6

SSDEEP:

12288:dxUlUYW3Mf9FCa/FbLpYTV0xWFJHdboPt8kh9JH3MqkIbDBCSpUBTRLf4Ghxu:MUYW3MfbbtLSh0ibobh9lcqkIbdCSYRQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 2684)
      • LANC Remastered.exe (PID: 2400)

    • Application was dropped or rewritten from another process

      • LANC Remastered.exe (PID: 2400)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3536)

    • Drops a file that was compiled in debug mode

      • WinRAR.exe (PID: 3536)

  • INFO

    • Manual execution by user

      • LANC Remastered.exe (PID: 2400)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

ArchivedFileName: PcapDotNet.Packets.dll
PackingMethod: Normal
ModifyDate: 2010:06:04 21:14:01
OperatingSystem: Win32
UncompressedSize: 157184
CompressedSize: 54442
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
3
Malicious processes
1
Suspicious processes
2

Behavior graph

Click at the process to see the details
start winrar.exe searchprotocolhost.exe no specs lanc remastered.exe

Process information

PID
CMD
Path
Indicators
Parent process
2400"C:\Users\admin\Desktop\LANC Remastered.exe" C:\Users\admin\Desktop\LANC Remastered.exe
explorer.exe
User:
admin
Company:
Psycho Coding
Integrity Level:
MEDIUM
Description:
LANC Remastered
Exit code:
3762504530
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\lanc remastered.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2684"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Exit code:
0
Version:
7.00.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3536"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\LANC Remastered (1).rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
444
Read events
424
Write events
20
Delete events
0

Modification events

(PID) Process:(3536) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3536) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3536) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\13C\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3536) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\13C\52C64B7E
Operation:writeName:@C:\Windows\system32\NetworkExplorer.dll,-1
Value:
Network
(PID) Process:(3536) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\LANC Remastered (1).rar
(PID) Process:(3536) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3536) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3536) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3536) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3536) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
Executable files
7
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
3536WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3536.29539\LANC Remastered.exe
MD5:
SHA256:
3536WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3536.29539\PcapDotNet.Packets.dllexecutable
MD5:8CC42BD7D00F047ED71A5BAE500F4EC9
SHA256:C91619C54D3783DB57C6ED446049BEBBE04D42D90304A30B098DCA6E6E546BBF
3536WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3536.29539\PcapDotNet.Core.Extensions.dllexecutable
MD5:BD02851517BA8A2252AE5F6588E8886E
SHA256:925B370A65D5135D1425027E5087BE62D098D822B9F2CECD840CD7EFA5397380
3536WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3536.29539\PcapDotNet.Base.dllexecutable
MD5:6F2E6B9046E7ED3CE43A34A7B701FBF9
SHA256:39D850B2412D78580EA842730BB56F59474A8DE4C2D9218D7593CD5B96AC9BAF
3536WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3536.29539\PcapDotNet.Analysis.dllexecutable
MD5:894D0649D55E0813BF5D0F0FB96F3C99
SHA256:1F4F96A4DCED09133AEE3BD028CC35B5FBD3D642190ABF5611016920CD9CE260
3536WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3536.29539\ManagedWifi.dllexecutable
MD5:E05F0BC5B6CFBCCDB29F22F2A4B57DE9
SHA256:1F34E970ACB3AE1D7F84B20A2A64C7B8B5F23821DA74370CFB62CFBD99C8EE13
3536WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3536.29539\PsychoCoding Theme.dllexecutable
MD5:BDFD2B195BB55F1054251CB52ABB5DAD
SHA256:070583767D41D7913DF3C7C791800216EDF1329A64917B028D1F24E3A977E498
3536WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3536.29539\PcapDotNet.Core.dllexecutable
MD5:45FA4315C7631B828E2871DB89B3DF27
SHA256:E580CA9C0382A8663D6BDFF6E53802BD73FA8A71689D7F38521CA02269775A58
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
LANC Remastered (1).rar