analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

8058afd75c5680f6eac2fa33df98e40265479a52b6dba271ed7e9546439a46ac.bin.gz

Full analysis: https://app.any.run/tasks/d51cd43e-30a7-422e-9854-0f43566b6f4a
Verdict: Malicious activity
Analysis date: February 11, 2019, 09:58:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/gzip
File info: gzip compressed data, max compression, from Unix
MD5:

A45D8D1D23779EC3656229D2201D2E93

SHA1:

46A01A915245DFB60F5886C36CE9F079B275BCA1

SHA256:

FBF50C9C76FA19A665F4C422897D6C4EDFCDB6BFF3C4BB0BBF07637E438A4EEF

SSDEEP:

192:Xf1RuaDZtpvDBQZyQyZY9n9rxLmjcxbXFp/F/eh8SOdT+688MsPbqnXyor:PLtmMQyynrvLFGhp6N8lsPbqnior

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Starts Internet Explorer

      • AcroRd32.exe (PID: 3836)

    • Reads internet explorer settings

      • AcroRd32.exe (PID: 3836)

  • INFO

    • Application launched itself

      • iexplore.exe (PID: 2736)
      • RdrCEF.exe (PID: 2792)
      • iexplore.exe (PID: 2704)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 3452)
      • iexplore.exe (PID: 2816)

    • Reads internet explorer settings

      • iexplore.exe (PID: 3452)
      • iexplore.exe (PID: 2816)

    • Changes internet zones settings

      • iexplore.exe (PID: 2736)
      • iexplore.exe (PID: 2704)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 2704)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.z/gz/gzip | GZipped data (100)

EXIF

ZIP

OperatingSystem: Unix
ExtraFlags: Maximum Compression
ModifyDate: 0000:00:00 00:00:00
Flags: (none)
Compression: Deflated
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
43
Monitored processes
11
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs winrar.exe no specs acrord32.exe acrord32.exe no specs rdrcef.exe rdrcef.exe no specs rdrcef.exe no specs iexplore.exe iexplore.exe iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2868"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\8058afd75c5680f6eac2fa33df98e40265479a52b6dba271ed7e9546439a46ac.bin.gz.z"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.60.0
2696"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\8058afd75c5680f6eac2fa33df98e40265479a52b6dba271ed7e9546439a46ac.bin.gz"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
1
Version:
5.60.0
3836"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\admin\Desktop\Chase Instructions XBH 47953560.pdf"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
explorer.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe Acrobat Reader DC
Version:
15.23.20070.215641
2980"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer "C:\Users\admin\Desktop\Chase Instructions XBH 47953560.pdf"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exeAcroRd32.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe Acrobat Reader DC
Version:
15.23.20070.215641
2792"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16448250C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
AcroRd32.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
MEDIUM
Description:
Adobe RdrCEF
Version:
15.23.20053.211670
2360"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-3d-apis --disable-databases --disable-direct-npapi-requests --disable-file-system --disable-notifications --disable-shared-workers --disable-direct-write --lang=en-US --lang=en-US --log-severity=disable --product-version="ReaderServices/15.23.20053 Chrome/45.0.2454.85" --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="2792.0.177050738\1430013589" --allow-no-sandbox-job /prefetch:673131151C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Version:
15.23.20053.211670
3072"C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-3d-apis --disable-databases --disable-direct-npapi-requests --disable-file-system --disable-notifications --disable-shared-workers --disable-direct-write --lang=en-US --lang=en-US --log-severity=disable --product-version="ReaderServices/15.23.20053 Chrome/45.0.2454.85" --device-scale-factor=1 --enable-delegated-renderer --num-raster-threads=2 --gpu-rasterization-msaa-sample-count=8 --content-image-texture-target=3553 --video-image-texture-target=3553 --disable-accelerated-video-decode --disable-webrtc-hw-encoding --disable-gpu-compositing --channel="2792.1.1341698012\743003806" --allow-no-sandbox-job /prefetch:673131151C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exeRdrCEF.exe
User:
admin
Company:
Adobe Systems Incorporated
Integrity Level:
LOW
Description:
Adobe RdrCEF
Version:
15.23.20053.211670
2736"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
AcroRd32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
1
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
3452"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2736 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
2704"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
AcroRd32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
1 625
Read events
1 461
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
2
Text files
32
Unknown types
27

Dropped files

PID
Process
Filename
Type
2868WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2868.10832\8058afd75c5680f6eac2fa33df98e40265479a52b6dba271ed7e9546439a46ac.bin.gz
MD5:
SHA256:
2980AcroRd32.exeC:\Users\admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
MD5:
SHA256:
2736iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\favicon[1].ico
MD5:
SHA256:
2736iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
2980AcroRd32.exeC:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9Rb6f8c4_v9rku4_2as.tmp
MD5:
SHA256:
2980AcroRd32.exeC:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9R1objhdh_v9rku5_2as.tmp
MD5:
SHA256:
2980AcroRd32.exeC:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9R8twccr_v9rku6_2as.tmp
MD5:
SHA256:
2980AcroRd32.exeC:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9Riui9wb_v9rku7_2as.tmp
MD5:
SHA256:
2980AcroRd32.exeC:\Users\admin\AppData\Local\Temp\acrord32_sbx\A9R1pk9w9e_v9rku8_2as.tmp
MD5:
SHA256:
2736iexplore.exeC:\Users\admin\AppData\Local\Temp\~DF83896BFECBB1E1B0.TMP
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
9
TCP/UDP connections
38
DNS requests
19
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3836
AcroRd32.exe
GET
304
2.16.186.32:80
http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/278_15_23_20070.zip
unknown
whitelisted
3836
AcroRd32.exe
GET
304
2.16.186.32:80
http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/281_15_23_20070.zip
unknown
whitelisted
3836
AcroRd32.exe
GET
304
2.16.186.32:80
http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/277_15_23_20070.zip
unknown
whitelisted
3836
AcroRd32.exe
GET
304
2.16.186.32:80
http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/message.zip
unknown
whitelisted
3836
AcroRd32.exe
GET
304
2.16.186.32:80
http://acroipm2.adobe.com/15/rdr/ENU/win/nooem/none/consumer/280_15_23_20070.zip
unknown
whitelisted
3452
iexplore.exe
GET
404
172.82.152.105:80
http://nathandale.com/En_us/document/DONvs-PKtoe_jcuS-LC
US
html
232 b
malicious
2704
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
2736
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
2816
iexplore.exe
GET
301
23.45.98.239:80
http://www.adobe.com/go/epdfrhprdr1_12_0_0?DTProd=Reader&DTServLvl=SignedOut
NL
html
289 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2704
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3452
iexplore.exe
172.82.152.105:80
nathandale.com
QuickPacket, LLC
US
malicious
3836
AcroRd32.exe
2.16.186.32:80
acroipm2.adobe.com
Akamai International B.V.
whitelisted
3836
AcroRd32.exe
34.251.237.80:443
ims-na1.adobelogin.com
Amazon.com, Inc.
IE
unknown
2792
RdrCEF.exe
34.205.56.3:443
createpdf.acrobat.com
Amazon.com, Inc.
US
unknown
2736
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
2792
RdrCEF.exe
34.234.11.37:443
cloud.acrobat.com
Amazon.com, Inc.
US
unknown
2792
RdrCEF.exe
3.93.123.251:443
files.acrobat.com
US
unknown
3836
AcroRd32.exe
52.210.235.126:443
adobeid-na1.services.adobe.com
Amazon.com, Inc.
IE
unknown
3836
AcroRd32.exe
2.18.233.74:443
armmf.adobe.com
Akamai International B.V.
whitelisted

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
nathandale.com
  • 172.82.152.105
malicious
acroipm2.adobe.com
  • 2.16.186.32
  • 2.16.186.33
whitelisted
armmf.adobe.com
  • 2.18.233.74
whitelisted
files.acrobat.com
  • 3.93.123.251
  • 34.200.50.192
  • 54.164.27.141
  • 52.71.163.227
whitelisted
cloud.acrobat.com
  • 34.234.11.37
  • 52.7.140.93
whitelisted
ims-na1.adobelogin.com
  • 34.251.237.80
  • 52.18.169.37
  • 34.248.248.235
  • 34.250.46.61
  • 34.240.244.49
  • 34.241.141.91
  • 52.19.17.41
  • 52.214.246.143
whitelisted
adobeid-na1.services.adobe.com
  • 52.210.235.126
  • 52.211.197.106
  • 52.215.210.10
  • 52.212.56.253
  • 52.209.79.203
  • 18.202.3.16
  • 52.50.132.237
  • 54.171.31.198
whitelisted
createpdf.acrobat.com
  • 34.205.56.3
  • 34.205.176.239
  • 52.73.150.238
  • 52.5.178.236
whitelisted
www.adobe.com
  • 23.45.98.239
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
8058afd75c5680f6eac2fa33df98e40265479a52b6dba271ed7e9546439a46ac.bin.gz