File name:

RE_ Consultas proceso Networking para Data Center.zip

Full analysis: https://app.any.run/tasks/842748a7-df83-448b-a13b-45c0445bb1e4
Verdict: Suspicious activity
Analysis date: March 29, 2023, 22:22:01
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

200C3B14F2A1FD082095180CF01BD4BC

SHA1:

06A477F91443A60665ABB7AD163648D3ADE400BA

SHA256:

FBBE5E101693B3C9C7CA5BB5693B9B30C5FC982FE67AEE72AA47826FE2F9BE7F

SSDEEP:

1536:rKo58QFGwAHW3W9iYxeuDyPSNk6hhpChI2xmXytEpiTvbnKNZymb5dd5D1vHkd/n:m60wAHHAYxEak6hhQhI2xQIEwTvbnKNs

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    • The process checks LSA protection

      • dllhost.exe (PID: 784)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: image002.png
ZipUncompressedSize: 46973
ZipCompressedSize: 46973
ZipCRC: 0x529ae0b9
ZipModifyDate: 2023:03:29 22:17:52
ZipCompression: None
ZipBitFlag: 0x0800
ZipRequiredVersion: 20
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs PhotoViewer.dll no specs

Process information

PID
CMD
Path
Indicators
Parent process
784C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}C:\Windows\System32\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
COM Surrogate
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2368"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\RE_ Consultas proceso Networking para Data Center.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\lpk.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\comdlg32.dll
Total events
2 194
Read events
2 152
Write events
42
Delete events
0

Modification events

(PID) Process:(2368) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2368) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(2368) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(2368) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(2368) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2368) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2368) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2368) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2368) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
(PID) Process:(2368) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\General
Operation:writeName:LastFolder
Value:
C:\Users\admin\Desktop
Executable files
0
Suspicious files
0
Text files
14
Unknown types
0

Dropped files

PID
Process
Filename
Type
2368WinRAR.exeC:\Users\admin\Desktop\image016.jpgimage
MD5:
SHA256:
2368WinRAR.exeC:\Users\admin\Desktop\image002.pngimage
MD5:
SHA256:
2368WinRAR.exeC:\Users\admin\Desktop\image004.jpgimage
MD5:
SHA256:
2368WinRAR.exeC:\Users\admin\Desktop\image008.pngimage
MD5:
SHA256:
2368WinRAR.exeC:\Users\admin\Desktop\image010.jpgimage
MD5:
SHA256:
2368WinRAR.exeC:\Users\admin\Desktop\image013.jpgimage
MD5:
SHA256:
2368WinRAR.exeC:\Users\admin\Desktop\image005.pngimage
MD5:A5BBD42D8E75BB4CE2C3DB197084B676
SHA256:CBC0BE289F61E2123F79723A7E734AB6C7EA3C7BEDDAAB427B32389F3A1B8185
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
RE_ Consultas proceso Networking para Data Center.zip