| File name: | IPTV_Tools_1.1.6_Premium__ed__hacklabb_.7z |
| Full analysis: | https://app.any.run/tasks/2231dfd5-f19e-4a4e-afa4-36891baf15dd |
| Verdict: | Malicious activity |
| Analysis date: | January 28, 2021, 22:09:26 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | application/x-7z-compressed |
| File info: | 7-zip archive data, version 0.4 |
| MD5: | 466620B3E82EF3303B52B217E37FD3F1 |
| SHA1: | CDC7FCBAA057843B77E58D788601315B70451895 |
| SHA256: | 051DE91134F4DFCD5A10355F6F74B89C46042F5A71DCAB7CB30F59EA2A5DD756 |
| SSDEEP: | 24576:ehnVKvT4L9N07IkQWEVU2AK+1AYfwVDdpcTc:ehnVKL4L9KWWEVU28uYfuhSc |
MALICIOUS
Loads dropped or rewritten executable
- SearchProtocolHost.exe (PID: 3352)
- IPTV Tools 1.1.6 Premium_Cracked[@hacklabb].exe (PID: 2188)
Application was dropped or rewritten from another process
- IPTV Tools 1.1.6 Premium_Cracked[@hacklabb].exe (PID: 2188)
SUSPICIOUS
No suspicious indicators.INFO
Manual execution by user
- IPTV Tools 1.1.6 Premium_Cracked[@hacklabb].exe (PID: 2188)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .7z | | | 7-Zip compressed archive (v0.4) (57.1) |
|---|---|---|
| .7z | | | 7-Zip compressed archive (gen) (42.8) |
Total processes
36
Monitored processes
3
Malicious processes
2
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 892 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\IPTV_Tools_1.1.6_Premium__ed__hacklabb_.7z" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe | |||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 Modules
| |||||||||||||||
| 2188 | "C:\Users\admin\Desktop\IPTV Tools 1.1.6 Premium_Cracked[@hacklabb].exe" | C:\Users\admin\Desktop\IPTV Tools 1.1.6 Premium_Cracked[@hacklabb].exe | explorer.exe | ||||||||||||
User: admin Company: Daniel Simons Studios Integrity Level: MEDIUM Description: IPTV Tools by Daniel Exit code: 0 Version: 1.1.6.0 Modules
| |||||||||||||||
| 3352 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe | |||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
Total events
789
Read events
770
Write events
19
Delete events
0
Modification events
| (PID) Process: | (892) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
| Operation: | write | Name: | ShellExtBMP |
Value: | |||
| (PID) Process: | (892) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
| Operation: | write | Name: | ShellExtIcon |
Value: | |||
| (PID) Process: | (892) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\13B\52C64B7E |
| Operation: | write | Name: | LanguageList |
Value: en-US | |||
| (PID) Process: | (892) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\IPTV_Tools_1.1.6_Premium__ed__hacklabb_.7z | |||
| (PID) Process: | (892) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | name |
Value: 120 | |||
| (PID) Process: | (892) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | size |
Value: 80 | |||
| (PID) Process: | (892) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | type |
Value: 120 | |||
| (PID) Process: | (892) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | mtime |
Value: 100 | |||
| (PID) Process: | (892) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin |
| Operation: | write | Name: | Placement |
Value: 2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000 | |||
| (PID) Process: | (892) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\General |
| Operation: | write | Name: | LastFolder |
Value: C:\Users\admin\AppData\Local\Temp | |||
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 892 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa892.11698\images\pause.png | — | |
MD5:— | SHA256:— | |||
| 892 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa892.11698\images\play.png | — | |
MD5:— | SHA256:— | |||
| 892 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa892.11698\IPTV Tools 1.1.6 Premium.exe.config | — | |
MD5:— | SHA256:— | |||
| 892 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa892.11698\Alert.wav | — | |
MD5:— | SHA256:— | |||
| 892 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa892.11698\AxInterop.AXVLC.dll | — | |
MD5:— | SHA256:— | |||
| 892 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa892.11698\Interop.AXVLC.dll | — | |
MD5:— | SHA256:— | |||
| 892 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa892.11698\IPTV Tools 1.1.6 Premium_Cracked[@hacklabb].exe | — | |
MD5:— | SHA256:— | |||
| 892 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa892.11698\MetroFramework.Design.dll | — | |
MD5:— | SHA256:— | |||
| 892 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa892.11698\MetroFramework.dll | — | |
MD5:— | SHA256:— | |||
| 892 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa892.11698\MetroFramework.Fonts.dll | — | |
MD5:— | SHA256:— | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
DNS requests
Threats
Process | Message |
|---|---|
IPTV Tools 1.1.6 Premium_Cracked[@hacklabb].exe | core libvlc debug: VLC media player - 2.2.6 Umbrella
|
IPTV Tools 1.1.6 Premium_Cracked[@hacklabb].exe | core libvlc debug: Copyright © 1996-2017 the VideoLAN team
|
IPTV Tools 1.1.6 Premium_Cracked[@hacklabb].exe | core libvlc debug: revision 2.2.6-0-g1aae789
|
IPTV Tools 1.1.6 Premium_Cracked[@hacklabb].exe | core libvlc debug: configured with ../extras/package/win32/../../../configure '--enable-update-check' '--enable-lua' '--enable-faad' '--enable-flac' '--enable-theora' '--enable-twolame' '--enable-quicktime' '--enable-avcodec' '--enable-merge-ffmpeg' '--enable-dca' '--enable-mpc' '--enable-libass' '--enable-x264' '--enable-schroedinger' '--enable-realrtsp' '--enable-live555' '--enable-dvdread' '--enable-shout' '--enable-goom' '--enable-caca' '--disable-sdl' '--enable-qt' '--enable-skins2' '--enable-sse' '--enable-mmx' '--enable-libcddb' '--enable-zvbi' '--disable-telx' '--enable-nls' '--host=i686-w64-mingw32' 'host_alias=i686-w64-mingw32'
|
IPTV Tools 1.1.6 Premium_Cracked[@hacklabb].exe | core libvlc debug: using multimedia timers as clock source
|
IPTV Tools 1.1.6 Premium_Cracked[@hacklabb].exe | core libvlc debug: min period: 1 ms, max period: 1000000 ms
|
IPTV Tools 1.1.6 Premium_Cracked[@hacklabb].exe | core libvlc debug: searching plug-in modules
|
IPTV Tools 1.1.6 Premium_Cracked[@hacklabb].exe | core libvlc debug: loading plugins cache file C:\Program Files\VideoLAN\VLC\plugins\plugins.dat
|
IPTV Tools 1.1.6 Premium_Cracked[@hacklabb].exe | core libvlc debug: recursively browsing `C:\Program Files\VideoLAN\VLC\plugins'
|
IPTV Tools 1.1.6 Premium_Cracked[@hacklabb].exe | core libvlc debug: saving plugins cache C:\Program Files\VideoLAN\VLC\plugins\plugins.dat
|