analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

scanner.rar

Full analysis: https://app.any.run/tasks/cc1ef243-f040-4d50-b870-d235fd82d07a
Verdict: Malicious activity
Analysis date: March 30, 2020, 16:30:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

567D8286FDA1218C9EF19FFFF0EFFD47

SHA1:

95AEC28F9730C679A87AB6F100DAC7D3335531D6

SHA256:

EF1A2FFD39844B03BDE79B1EE8F51A7FFEAE2FF1CA320141E4EF4E3833CBD7E5

SSDEEP:

196608:GVi+XpTf7IxZru+JZtcTKXbrY1K0Gk8E7gJYckKPOIT4I1P:GViGJcxZru2DLmJsYoWo9

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • avz.exe (PID: 3764)
      • avz.exe (PID: 1520)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3504)
      • avz.exe (PID: 3764)

    • Creates or modifies windows services

      • avz.exe (PID: 3764)

    • Creates files in the driver directory

      • avz.exe (PID: 3764)

    • Creates files in the Windows directory

      • avz.exe (PID: 3764)

  • INFO

    • Manual execution by user

      • avz.exe (PID: 3764)
      • avz.exe (PID: 1520)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

CompressedSize: 920
UncompressedSize: 884
OperatingSystem: Win32
ModifyDate: 2014:02:23 10:01:07
PackingMethod: Stored
ArchivedFileName: Base\backup.avz
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe avz.exe no specs avz.exe

Process information

PID
CMD
Path
Indicators
Parent process
3504"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\scanner.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.60.0
1520"C:\Users\admin\Desktop\scanner\avz.exe" C:\Users\admin\Desktop\scanner\avz.exeexplorer.exe
User:
admin
Company:
Лаборатория Касперского, 2007-2013
Integrity Level:
MEDIUM
Description:
Антивирусная утилита AVZ
Exit code:
3221226540
Version:
4.43.0.0
3764"C:\Users\admin\Desktop\scanner\avz.exe" C:\Users\admin\Desktop\scanner\avz.exe
explorer.exe
User:
admin
Company:
Лаборатория Касперского, 2007-2013
Integrity Level:
HIGH
Description:
Антивирусная утилита AVZ
Version:
4.43.0.0
Total events
563
Read events
532
Write events
0
Delete events
0

Modification events

No data
Executable files
2
Suspicious files
0
Text files
0
Unknown types
69

Dropped files

PID
Process
Filename
Type
3504WinRAR.exeC:\Users\admin\Desktop\scanner\Base\backup.avzpva
MD5:A02C0F71D0724F87A332841C5E713542
SHA256:BA3DDD7DCCE4E1A981FBF8C731D71E62F59520BA73DEA6B556D06C3582728392
3504WinRAR.exeC:\Users\admin\Desktop\scanner\Base\lang_ru.avzpva
MD5:13CACB1C6177FD8887137C826FF4A26E
SHA256:B222E7C6FA290390DCC93AF2D4766456C7AE4E5F5B457C0118CB5B7814A0C175
3504WinRAR.exeC:\Users\admin\Desktop\scanner\Base\krnldrv.avzpva
MD5:3455426B907C247C0F7C24536919040A
SHA256:DF8289BDB25D99DFECD37A6F83819AC5D860EF25735C95522710441B097D63E7
3504WinRAR.exeC:\Users\admin\Desktop\scanner\Base\esc.avzpva
MD5:53B05B0B0804844D1CDFB8BC17195449
SHA256:6A4AF62FE094075C60E569A16501EE85AB7E6D26D80D26FEE83426AFF801A017
3504WinRAR.exeC:\Users\admin\Desktop\scanner\Base\main.avzpva
MD5:C0B6386155A11C8829F1FE2CD957BDCE
SHA256:725CF1744828524D3094ADF2C7FD6A655314FE97411D97DA44A18CA6B9373E06
3504WinRAR.exeC:\Users\admin\Desktop\scanner\Base\main001.avzpva
MD5:9D7A1994024D6E6DA6FF453938640C38
SHA256:56182D19C70C936E82E7A155966743494783D844C315BA99F6B6FDB34F83485A
3504WinRAR.exeC:\Users\admin\Desktop\scanner\Base\main005.avzpva
MD5:57C57D3B8896083B71131E6B3EE1E032
SHA256:49132BEE55D0D37E016457494B772ACF1E57AC32E74AEABB45807AAE6D9E9C32
3504WinRAR.exeC:\Users\admin\Desktop\scanner\Base\keylogger.avzpva
MD5:3F6E67FC443B53FC27A5E563CA90C531
SHA256:54B5683A941576EED9E5AF91A2F3B80FA8B1E6A08B52A6C0F2702FC8DD3497F9
3504WinRAR.exeC:\Users\admin\Desktop\scanner\Base\main009.avzpva
MD5:89A954C1B0E2DF34C3C926C526C90913
SHA256:3FDA3C92AC8EE838215B56C9718D68E24FD31D64FE52594EB090E1737EEB2057
3504WinRAR.exeC:\Users\admin\Desktop\scanner\Base\extract.avzpva
MD5:A9849F62A037A67A376F57EEABF805A1
SHA256:39861D3F8E0ADFEC5B4E934BDEB863870BD3389CF5793AE2512105CF2814F915
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
scanner.rar