File name:

EZCrack v1.7 - Cracked by MusicDragon.rar

Full analysis: https://app.any.run/tasks/2344d3a2-86d0-4235-aecf-4f4b58cca9cc
Verdict: Malicious activity
Analysis date: October 19, 2023, 08:26:36
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

7CEE1A153F4E5DD5DAF3AC19C7316576

SHA1:

E367CF29D31A768831336C4C61AC3E5ECC28E0BC

SHA256:

00F05E0F5E22F15C82584F1256ED0F737FA306362EDE46F10BB9E8A36CA0F639

SSDEEP:

24576:JQ7VSgqVh+EcCPY7E6jsdbKnHREgEs7P23y6OF20Sf70nUDLgYQMU:Jw8xVhVPYA6jKbGHKgD7P23DCXG2UXg5

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • EZCrack v1.7 - Cracked by MusicDragon.exe (PID: 2556)
      • EZCrack v1.7 - Cracked by MusicDragon.exe (PID: 2960)
      • svchots.exe (PID: 2616)
      • EZCrack v1.7 - Cracked by MusicDragon.exe (PID: 1864)
      • svchots.exe (PID: 2416)
      • server.exe (PID: 3680)
      • server.exe (PID: 1648)

    • Drops the executable file immediately after the start

      • EZCrack v1.7 - Cracked by MusicDragon.exe (PID: 2556)
      • svchots.exe (PID: 2616)

  • SUSPICIOUS

    • Reads the Internet Settings

      • EZCrack v1.7 - Cracked by MusicDragon.exe (PID: 2556)
      • svchots.exe (PID: 2616)

    • Application launched itself

      • svchots.exe (PID: 2416)
      • server.exe (PID: 1648)

    • Starts itself from another location

      • svchots.exe (PID: 2616)

  • INFO

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 556)

    • Checks supported languages

      • EZCrack v1.7 - Cracked by MusicDragon.exe (PID: 2556)
      • svchots.exe (PID: 2416)
      • EZCrack v1.7 - Cracked by MusicDragon.exe (PID: 1864)
      • svchots.exe (PID: 2616)
      • server.exe (PID: 1648)
      • server.exe (PID: 3680)

    • Reads the computer name

      • EZCrack v1.7 - Cracked by MusicDragon.exe (PID: 2556)
      • EZCrack v1.7 - Cracked by MusicDragon.exe (PID: 1864)
      • svchots.exe (PID: 2616)
      • server.exe (PID: 3680)

    • Manual execution by a user

      • EZCrack v1.7 - Cracked by MusicDragon.exe (PID: 2960)
      • EZCrack v1.7 - Cracked by MusicDragon.exe (PID: 2556)

    • Create files in a temporary directory

      • EZCrack v1.7 - Cracked by MusicDragon.exe (PID: 2556)
      • svchots.exe (PID: 2616)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

ArchivedFileName: EZCrack v1.7 - Cracked by MusicDragon\EZCrack v1.7 - Cracked by MusicDragon.exe
PackingMethod: Normal
ModifyDate: 2015:07:04 02:47:08
OperatingSystem: Win32
UncompressedSize: 1114864
CompressedSize: 1018987
No data.
screenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
49
Monitored processes
10
Malicious processes
7
Suspicious processes
0

Behavior graph

Click at the process to see the details
start drop and start drop and start drop and start winrar.exe no specs searchprotocolhost.exe no specs ezcrack v1.7 - cracked by musicdragon.exe no specs ezcrack v1.7 - cracked by musicdragon.exe svchots.exe no specs ezcrack v1.7 - cracked by musicdragon.exe no specs svchots.exe no specs msedge.exe no specs server.exe no specs server.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
556"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\EZCrack v1.7 - Cracked by MusicDragon.rar"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
1648"C:\Windows\install\server.exe" C:\Windows\install\server.exesvchots.exe
User:
admin
Company:
TallApplications
Integrity Level:
HIGH
Description:
DeepSea Obfuscator
Exit code:
0
Version:
4.4.4.86
Modules
Images
c:\windows\install\server.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
1864"C:\Users\admin\AppData\Local\Temp\EZCrack v1.7 - Cracked by MusicDragon.exe" C:\Users\admin\AppData\Local\Temp\EZCrack v1.7 - Cracked by MusicDragon.exeEZCrack v1.7 - Cracked by MusicDragon.exe
User:
admin
Integrity Level:
HIGH
Description:
EZCrack
Exit code:
0
Version:
2.1.1
Modules
Images
c:\users\admin\appdata\local\temp\ezcrack v1.7 - cracked by musicdragon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\shlwapi.dll
2132"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Exit code:
0
Version:
7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211)
Modules
Images
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
2416"C:\Users\admin\AppData\Local\Temp\svchots.exe" C:\Users\admin\AppData\Local\Temp\svchots.exeEZCrack v1.7 - Cracked by MusicDragon.exe
User:
admin
Company:
TallApplications
Integrity Level:
HIGH
Description:
DeepSea Obfuscator
Exit code:
0
Version:
4.4.4.86
Modules
Images
c:\windows\system32\ntdll.dll
c:\users\admin\appdata\local\temp\svchots.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvbvm60.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
2556"C:\Users\admin\Desktop\EZCrack v1.7 - Cracked by MusicDragon\EZCrack v1.7 - Cracked by MusicDragon.exe" C:\Users\admin\Desktop\EZCrack v1.7 - Cracked by MusicDragon\EZCrack v1.7 - Cracked by MusicDragon.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\ezcrack v1.7 - cracked by musicdragon\ezcrack v1.7 - cracked by musicdragon.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\shell32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\advapi32.dll
2568"C:\Program Files\Microsoft\Edge\Application\msedge.exe"C:\Program Files\Microsoft\Edge\Application\msedge.exesvchots.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\acgenral.dll
c:\windows\system32\sechost.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
2616"C:\Users\admin\AppData\Local\Temp\svchots.EXE"C:\Users\admin\AppData\Local\Temp\svchots.exesvchots.exe
User:
admin
Company:
TallApplications
Integrity Level:
HIGH
Description:
DeepSea Obfuscator
Exit code:
0
Version:
4.4.4.86
Modules
Images
c:\users\admin\appdata\local\temp\svchots.exe
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ntdll.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
2960"C:\Users\admin\Desktop\EZCrack v1.7 - Cracked by MusicDragon\EZCrack v1.7 - Cracked by MusicDragon.exe" C:\Users\admin\Desktop\EZCrack v1.7 - Cracked by MusicDragon\EZCrack v1.7 - Cracked by MusicDragon.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
3221226540
Modules
Images
c:\users\admin\desktop\ezcrack v1.7 - cracked by musicdragon\ezcrack v1.7 - cracked by musicdragon.exe
c:\windows\system32\ntdll.dll
3680"C:\Windows\install\server.EXE"C:\Windows\install\server.exeserver.exe
User:
admin
Company:
TallApplications
Integrity Level:
HIGH
Description:
DeepSea Obfuscator
Exit code:
0
Version:
4.4.4.86
Modules
Images
c:\windows\install\server.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\user32.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
Total events
3 191
Read events
3 163
Write events
28
Delete events
0

Modification events

(PID) Process:(556) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(556) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2132) SearchProtocolHost.exeKey:HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2556) EZCrack v1.7 - Cracked by MusicDragon.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
5
Suspicious files
1
Text files
139
Unknown types
0

Dropped files

PID
Process
Filename
Type
556WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa556.509\EZCrack v1.7 - Cracked by MusicDragon\EZCrack v1.7 - Cracked by MusicDragon.exeexecutable
MD5:E619D0352ACBF7FB0C9134297169D267
SHA256:601D1012342ADBD3CFB45B6AD8F3AB56FA945EEBABD82CCBB7C525D539B77FC2
2616svchots.exeC:\Windows\install\server.exeexecutable
MD5:00FE468019B029DBF8E40C208AD68B92
SHA256:2C45C0B61CF15413C05330B1339429AD7579B08E42E91513CB51029D36314605
2556EZCrack v1.7 - Cracked by MusicDragon.exeC:\Users\admin\AppData\Local\Temp\EZCrack v1.7 - Cracked by MusicDragon.exeexecutable
MD5:C770FBE47107FFFD3FCCE84C97C5BC9D
SHA256:82FBDBE13A832CECC3C9EC38B973C12EB49DD8F8DAFBC09981EAFFBA3910888D
2556EZCrack v1.7 - Cracked by MusicDragon.exeC:\Users\admin\AppData\Local\Temp\svchots.exeexecutable
MD5:00FE468019B029DBF8E40C208AD68B92
SHA256:2C45C0B61CF15413C05330B1339429AD7579B08E42E91513CB51029D36314605
556WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa556.509\EZCrack v1.7 - Cracked by MusicDragon\List of modules.txttext
MD5:65C23CBF0740ECA507968A15D6861EE9
SHA256:593E6905937584E020EA454F9E44E7F1E482BF98F6C3FB0D50755D216A3D333F
2568msedge.exeC:\Users\admin\AppData\Roaming\C4BA3647\ak.tmptext
MD5:45263D5C870823C300B6CFC58D07121A
SHA256:5449B417E687E3AD7A4120FA8BA0828F0D6CE52F6E0183FA7484173249BE7104
2568msedge.exeC:\Users\admin\AppData\Roaming\admin-wchelper.dlltext
MD5:CF43D0F929AE3335692D014F4DF05E6D
SHA256:B3EE6953FF49705AE90CE8B2CAFBED7DF9674B227F4AED0279FDF44F358D3E8E
2568msedge.exeC:\Users\admin\AppData\Local\Temp\admin8text
MD5:A99F32519A5BE935B3C0DFF1A76636D3
SHA256:9C76EC4C380DD664F83903DBA4EE1F72ECC1317607F79FF76D4D41E732A0A4A2
2568msedge.exeC:\Users\admin\AppData\Local\Temp\admin7text
MD5:A99F32519A5BE935B3C0DFF1A76636D3
SHA256:9C76EC4C380DD664F83903DBA4EE1F72ECC1317607F79FF76D4D41E732A0A4A2
2616svchots.exeC:\Users\admin\AppData\Local\Temp\admin2.txtbinary
MD5:ECF9B43B3FCEC2A923A14CFCDB590FE7
SHA256:C5ABFD2C77A6DEB3477C8C3D8B22F1E8906E695A94506CA5BD4694F138F666A2
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
2
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
EZCrack v1.7 - Cracked by MusicDragon.rar