File name:

sazinjector-free.zip

Full analysis: https://app.any.run/tasks/074f2b78-f196-4edc-8c95-3242996001fc
Verdict: Malicious activity
Analysis date: April 11, 2020, 22:35:59
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

8FF3B02A7F7D20B0543129E937A2EC0A

SHA1:

F49D8E98A9B3CDFCD63AD2DEB5F4D027841F37BA

SHA256:

F763F8E7519E640B5FE98D7546434156554666AD2E3BDE901494741993792EF2

SSDEEP:

49152:LQQLKJVoJxEL+TFYSkQSb410XXj/v8Q9bARVbk/8jpV46bIpmxP6bo:LQ+KJIeoFYSkB4uXz/vmRVI8pV2sSU

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • jdsnKDNFkd.exe (PID: 608)
      • jdsnKDNFkd.exe (PID: 3836)

    • Changes settings of System certificates

      • jdsnKDNFkd.exe (PID: 608)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3828)

    • Removes files from Windows directory

      • jdsnKDNFkd.exe (PID: 608)

    • Adds / modifies Windows certificates

      • jdsnKDNFkd.exe (PID: 608)

  • INFO

    • Reads settings of System Certificates

      • jdsnKDNFkd.exe (PID: 608)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: 0x0009
ZipCompression: Unknown (99)
ZipModifyDate: 2020:04:11 20:41:00
ZipCRC: 0x158f47b1
ZipCompressedSize: 2588230
ZipUncompressedSize: 2619392
ZipFileName: jdsnKDNFkd.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
40
Monitored processes
3
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start drop and start start winrar.exe jdsnkdnfkd.exe no specs jdsnkdnfkd.exe

Process information

PID
CMD
Path
Indicators
Parent process
608"C:\Users\admin\AppData\Local\Temp\Rar$EXb3828.41014\jdsnKDNFkd.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXb3828.41014\jdsnKDNFkd.exe
WinRAR.exe
User:
admin
Company:
Saz
Integrity Level:
HIGH
Description:
jdsnKDNFkd
Exit code:
0
Version:
3.0.2.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exb3828.41014\jdsnkdnfkd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3828"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\sazinjector-free.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3836"C:\Users\admin\AppData\Local\Temp\Rar$EXb3828.41014\jdsnKDNFkd.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXb3828.41014\jdsnKDNFkd.exeWinRAR.exe
User:
admin
Company:
Saz
Integrity Level:
MEDIUM
Description:
jdsnKDNFkd
Exit code:
3221226540
Version:
3.0.2.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exb3828.41014\jdsnkdnfkd.exe
c:\systemroot\system32\ntdll.dll
Total events
1 677
Read events
465
Write events
1 212
Delete events
0

Modification events

(PID) Process:(3828) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3828) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3828) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3828) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\sazinjector-free.zip
(PID) Process:(3828) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3828) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3828) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3828) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3828) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
(PID) Process:(3828) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
Executable files
1
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
608jdsnKDNFkd.exeC:\Users\admin\AppData\Local\Saz\jdsnKDNFkd.exe_Url_nuebukxlwkuknmkx4olynbpvhxp1h2py\3.0.2.0\innc4jq3.newcfg
MD5:
SHA256:
608jdsnKDNFkd.exeC:\Users\admin\AppData\Local\Saz\jdsnKDNFkd.exe_Url_nuebukxlwkuknmkx4olynbpvhxp1h2py\3.0.2.0\user.configxml
MD5:5F0E402E0F1D0502A4FF3F34EE259362
SHA256:F44DF52951DA7C6D27F64FAF50B9FE62303EAD54DEE73EEF30169D59514A5029
3828WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb3828.41014\jdsnKDNFkd.exeexecutable
MD5:48B3ED784EBB284BFF171DFD5C482430
SHA256:0807E7ABC8B8A15F7E8E9A2E69968BCBF1E572C39709C9935D6EB3445E12DB07
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
2
DNS requests
2
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
608
jdsnKDNFkd.exe
GET
200
172.217.22.68:80
http://www.google.com/
US
html
46.7 Kb
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
608
jdsnKDNFkd.exe
104.23.98.190:443
pastebin.com
Cloudflare Inc
US
malicious
608
jdsnKDNFkd.exe
172.217.22.68:80
www.google.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.google.com
  • 172.217.22.68
malicious
pastebin.com
  • 104.23.98.190
  • 104.23.99.190
malicious

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
sazinjector-free.zip