File name:

MicTray.cab

Full analysis: https://app.any.run/tasks/4cf2138d-a8c0-4485-9391-44c5244636f2
Verdict: Malicious activity
Analysis date: November 19, 2019, 19:41:48
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/vnd.ms-cab-compressed
File info: Microsoft Cabinet archive data, 9224939 bytes, 7 files
MD5:

20D782CCAFC0492A0D1E41E5D6FEB694

SHA1:

F9EC70B866257C6A3DA8E0264E7DEE66A778E3AA

SHA256:

F00969B10037F3C19A4BCE435743615894DAB301AB6E3432AED96E663354C1D4

SSDEEP:

196608:d9DpZEbwamxjiOQ6ZkRiFlw5KhVvtuaqwmJzLhibazurfsbeD1l:zD3EcBQykelYaqHJPhyrfsCX

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Setup.exe (PID: 1096)
      • Setup.exe (PID: 2084)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2840)

    • Creates files in the Windows directory

      • Setup.exe (PID: 2084)

    • Creates files in the program directory

      • Setup.exe (PID: 2084)

    • Removes files from Windows directory

      • Setup.exe (PID: 2084)

  • INFO

    • Manual execution by user

      • Setup.exe (PID: 2084)
      • Setup.exe (PID: 1096)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.cab | Microsoft Cabinet Archive (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe setup.exe no specs setup.exe

Process information

PID
CMD
Path
Indicators
Parent process
1096"C:\Users\admin\Desktop\MicTray\Setup.exe" C:\Users\admin\Desktop\MicTray\Setup.exeexplorer.exe
User:
admin
Company:
Conexant Systems, Inc.
Integrity Level:
MEDIUM
Description:
Conexant Universal Device Install/Uninstall x86 Application
Exit code:
3221226540
Version:
7.152.0.2
Modules
Images
c:\users\admin\desktop\mictray\setup.exe
c:\systemroot\system32\ntdll.dll
2084"C:\Users\admin\Desktop\MicTray\Setup.exe" C:\Users\admin\Desktop\MicTray\Setup.exe
explorer.exe
User:
admin
Company:
Conexant Systems, Inc.
Integrity Level:
HIGH
Description:
Conexant Universal Device Install/Uninstall x86 Application
Exit code:
0
Version:
7.152.0.2
Modules
Images
c:\users\admin\desktop\mictray\setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\setupapi.dll
c:\windows\system32\cfgmgr32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
2840"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\MicTray.cab"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
522
Read events
493
Write events
27
Delete events
2

Modification events

(PID) Process:(2840) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(2840) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(2840) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2840) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\MicTray.cab
(PID) Process:(2840) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2840) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2840) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2840) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2840) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath
Operation:writeName:0
Value:
C:\Users\admin\Desktop
(PID) Process:(2840) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
Executable files
4
Suspicious files
0
Text files
24
Unknown types
0

Dropped files

PID
Process
Filename
Type
2840WinRAR.exeC:\Users\admin\Desktop\MicTray\MicTray.iniini
MD5:
SHA256:
2840WinRAR.exeC:\Users\admin\Desktop\MicTray\Setup.exeexecutable
MD5:EC187C15FF1B0C0DFA01162436C4D4F4
SHA256:16A0671B07DEB72951D662404F59A3FA94901673B51063DEE9D21CAACB258CEF
2084Setup.exeC:\ProgramData\UIU\InstallerLogs\UIU_INSTALL.LOGtext
MD5:
SHA256:
2084Setup.exeC:\Windows\TEMP\MicTray.iniini
MD5:
SHA256:
2084Setup.exeC:\Windows\SYSTEM32\LOGL2DI_COINST.DATtext
MD5:F4892F13662D3690A1AA34EFF5F2F1FE
SHA256:9BF2DE0F6F6507392E985F13BE9B501AAE1878C97A5738DAA3706009E21481AB
2084Setup.exeC:\Windows\INF\setupapi.app.logtext
MD5:
SHA256:
2840WinRAR.exeC:\Users\admin\Desktop\MicTray\MicTray\MicTray.exeexecutable
MD5:89F7A319607FB7D87B2512E7EF5CF7E1
SHA256:E882149C43976DFADB2746EB2D75A73F0BE5AA193623B18B50827F43CCE3ED84
2840WinRAR.exeC:\Users\admin\Desktop\MicTray\x64\Setup64.exeexecutable
MD5:BC9D62B926AA285243FE30D8FD06F5AB
SHA256:E446898E598680C0A31F69E81F81A41010703A3F48F5E9AE43F5F6B8C5E2D46E
2840WinRAR.exeC:\Users\admin\Desktop\MicTray\MicTray\MicTray.xmlxml
MD5:F42460C53E58B35A84BA52E9ADC5B35C
SHA256:DDABBD086B22E1057753133245D25206445CC438B6DDE86E4F0EEF87211C48F2
2840WinRAR.exeC:\Users\admin\Desktop\MicTray\MicTray\MicTray64.xmlxml
MD5:1D7C0B6A252665DC1607FBB6F8D6A6A9
SHA256:BA1BC46AE6A4A6ECCA08028022163E6BBA291C330B057C6235C33A7519E617B7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
MicTray.cab