File name:

sample.7z

Full analysis: https://app.any.run/tasks/9d8aff26-f93d-4957-958f-e18bcab21296
Verdict: Malicious activity
Threats:

Remote access trojans (RATs) are a type of malware that enables attackers to establish complete to partial control over infected computers. Such malicious programs often have a modular design, offering a wide range of functionalities for conducting illicit activities on compromised systems. Some of the most common features of RATs include access to the users’ data, webcam, and keystrokes. This malware is often distributed through phishing emails and links.

Malware Trends Tracker     >>>
Analysis date: June 11, 2024, 11:24:22
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
evasion
radx
rat
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

55768F437DB7DB44640A42FF6E5203BA

SHA1:

572685CCA2D629A5D58DA24DA405630D97AA602D

SHA256:

EE321D02D74D8A20D0BF68C22F2369C147B7C5AA294DFDDAB93BDEFF829A10C1

SSDEEP:

24576:UDpl8Qm/W9/oi0vvIQwWvTILulNQiarSLzkGjcrIzm+huGuTYaqnf5E7DqHI2Drw:Mpl8Qm/e/oi0vvIQwWvTILulNQiarSL8

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3976)

    • RADX has been detected (YARA)

      • sample.exe (PID: 2304)

  • SUSPICIOUS

    • Reads the Internet Settings

      • sample.exe (PID: 2304)

    • Connects to unusual port

      • sample.exe (PID: 2304)

    • Checks for external IP

      • sample.exe (PID: 2304)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3976)

    • Reads the computer name

      • sample.exe (PID: 2304)

    • Manual execution by a user

      • sample.exe (PID: 2304)

    • Reads Environment values

      • sample.exe (PID: 2304)

    • Reads the machine GUID from the registry

      • sample.exe (PID: 2304)

    • Disables trace logs

      • sample.exe (PID: 2304)

    • Checks supported languages

      • sample.exe (PID: 2304)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
2
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe #RADX sample.exe

Process information

PID
CMD
Path
Indicators
Parent process
2304"C:\Users\admin\Desktop\sample\sample.exe" C:\Users\admin\Desktop\sample\sample.exe
explorer.exe
User:
admin
Company:
Hewh245Htx
Integrity Level:
HIGH
Description:
Rf1KNxUcTs
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\sample\sample.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3976"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\sample.7zC:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
5 883
Read events
5 847
Write events
36
Delete events
0

Modification events

(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3976) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\sample.7z
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
1
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
3976WinRAR.exeC:\Users\admin\Desktop\sample\sampleexecutable
MD5:4B2AC98BB035941767661F52239FF4DE
SHA256:C2C1901D52B02BBA9EC081C64436C6002C6550EBF185C89AF79567381455DE1A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
12
DNS requests
1
Threats
8

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2304
sample.exe
GET
200
34.117.186.192:80
http://ipinfo.io/json
unknown
unknown
2304
sample.exe
GET
200
34.117.186.192:80
http://ipinfo.io/json
unknown
unknown
2304
sample.exe
GET
200
34.117.186.192:80
http://ipinfo.io/json
unknown
unknown
2304
sample.exe
GET
200
34.117.186.192:80
http://ipinfo.io/json
unknown
unknown
2304
sample.exe
GET
200
34.117.186.192:80
http://ipinfo.io/json
unknown
unknown
2304
sample.exe
GET
200
34.117.186.192:80
http://ipinfo.io/json
unknown
unknown
2304
sample.exe
GET
200
34.117.186.192:80
http://ipinfo.io/json
unknown
unknown
2304
sample.exe
GET
200
34.117.186.192:80
http://ipinfo.io/json
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
2304
sample.exe
34.117.186.192:80
ipinfo.io
GOOGLE-CLOUD-PLATFORM
US
unknown
2304
sample.exe
178.250.186.3:4321
Architecture Iq Data S.R.L.
RO
unknown

DNS requests

Domain
IP
Reputation
ipinfo.io
  • 34.117.186.192
shared

Threats

PID
Process
Class
Message
2304
sample.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ipinfo.io
2304
sample.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ipinfo.io
2304
sample.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ipinfo.io
2304
sample.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ipinfo.io
2304
sample.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ipinfo.io
2304
sample.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ipinfo.io
2304
sample.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ipinfo.io
2304
sample.exe
Device Retrieving External IP Address Detected
ET POLICY External IP Lookup ipinfo.io
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
sample.7z