File name:

NetLimiter.5.3.6.rar

Full analysis: https://app.any.run/tasks/001a91bb-e732-4428-a363-9987bc77a85d
Verdict: Malicious activity
Analysis date: December 02, 2023, 18:31:07
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

F29D9C83D7BC5CBC4B956D23F77330FD

SHA1:

56DC1A647DEBE024FD9494DDCB630A5A1C7498E9

SHA256:

1416E0B95FB79B5BAB4E3E07AAB2C5969FF23A7D90DCC46773B66C3810CDBFF6

SSDEEP:

98304:6djZ9lWXWbnMGhEaW+0Am9sZBd2s1oPkvo5wdQ6RvtLDVKk4sfIgtjNQOAxf1gSI:6mpZydn2rb8fJ2idkewQ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • netlimiter-5.3.6.0.exe (PID: 3676)

  • SUSPICIOUS

    • Checks Windows Trust Settings

      • netlimiter-5.3.6.0.exe (PID: 3676)
      • netlimiter-5.3.6.0.exe (PID: 3724)

    • Reads security settings of Internet Explorer

      • netlimiter-5.3.6.0.exe (PID: 3676)
      • netlimiter-5.3.6.0.exe (PID: 3724)

    • Reads settings of System Certificates

      • netlimiter-5.3.6.0.exe (PID: 3676)
      • netlimiter-5.3.6.0.exe (PID: 3724)

    • Reads the Internet Settings

      • netlimiter-5.3.6.0.exe (PID: 3676)
      • netlimiter-5.3.6.0.exe (PID: 3724)

    • Application launched itself

      • WinRAR.exe (PID: 3976)

    • Reads the Windows owner or organization settings

      • netlimiter-5.3.6.0.exe (PID: 3676)

    • Reads Internet Explorer settings

      • netlimiter-5.3.6.0.exe (PID: 3676)

  • INFO

    • Create files in a temporary directory

      • netlimiter-5.3.6.0.exe (PID: 3676)
      • netlimiter-5.3.6.0.exe (PID: 3724)

    • Checks supported languages

      • netlimiter-5.3.6.0.exe (PID: 3676)
      • msiexec.exe (PID: 3176)
      • msiexec.exe (PID: 3388)
      • netlimiter-5.3.6.0.exe (PID: 3556)
      • netlimiter-5.3.6.0.exe (PID: 3724)
      • netlimiter-5.3.6.0.exe (PID: 1436)

    • Reads the machine GUID from the registry

      • netlimiter-5.3.6.0.exe (PID: 3676)
      • msiexec.exe (PID: 3176)
      • msiexec.exe (PID: 3388)
      • netlimiter-5.3.6.0.exe (PID: 3724)

    • Reads the computer name

      • netlimiter-5.3.6.0.exe (PID: 3676)
      • msiexec.exe (PID: 3176)
      • msiexec.exe (PID: 3388)
      • netlimiter-5.3.6.0.exe (PID: 3556)
      • netlimiter-5.3.6.0.exe (PID: 3724)
      • netlimiter-5.3.6.0.exe (PID: 1436)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3976)
      • WinRAR.exe (PID: 3016)

    • Reads Environment values

      • netlimiter-5.3.6.0.exe (PID: 3676)
      • msiexec.exe (PID: 3388)
      • netlimiter-5.3.6.0.exe (PID: 3724)

    • Application launched itself

      • msiexec.exe (PID: 3176)

    • Manual execution by a user

      • WinRAR.exe (PID: 3016)
      • netlimiter-5.3.6.0.exe (PID: 3156)
      • netlimiter-5.3.6.0.exe (PID: 3556)
      • netlimiter-5.3.6.0.exe (PID: 3224)
      • netlimiter-5.3.6.0.exe (PID: 3724)
      • netlimiter-5.3.6.0.exe (PID: 1436)
      • netlimiter-5.3.6.0.exe (PID: 3740)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
64
Monitored processes
13
Malicious processes
3
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs netlimiter-5.3.6.0.exe no specs netlimiter-5.3.6.0.exe winrar.exe no specs msiexec.exe no specs msiexec.exe no specs winrar.exe no specs netlimiter-5.3.6.0.exe no specs netlimiter-5.3.6.0.exe netlimiter-5.3.6.0.exe no specs netlimiter-5.3.6.0.exe netlimiter-5.3.6.0.exe no specs netlimiter-5.3.6.0.exe

Process information

PID
CMD
Path
Indicators
Parent process
124"C:\Users\admin\AppData\Local\Temp\Rar$EXa3976.39991\netlimiter-5.3.6.0.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3976.39991\netlimiter-5.3.6.0.exeWinRAR.exe
User:
admin
Company:
Locktime Software
Integrity Level:
MEDIUM
Description:
NetLimiter Installer
Exit code:
3221226540
Version:
5.3.6.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa3976.39991\netlimiter-5.3.6.0.exe
c:\windows\system32\ntdll.dll
1436"C:\Users\admin\Desktop\netlimiter-5.3.6.0.exe" C:\Users\admin\Desktop\netlimiter-5.3.6.0.exe
explorer.exe
User:
admin
Company:
Locktime Software
Integrity Level:
HIGH
Description:
NetLimiter Installer
Exit code:
0
Version:
5.3.6.0
Modules
Images
c:\users\admin\desktop\netlimiter-5.3.6.0.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
2332"C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\Rar$DIa3976.42071\Keygen.zipC:\Program Files\WinRAR\WinRAR.exeWinRAR.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3016"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Desktop\NetLimiter.5.3.6.rar" C:\Users\admin\Desktop\C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3156"C:\Users\admin\Desktop\netlimiter-5.3.6.0.exe" C:\Users\admin\Desktop\netlimiter-5.3.6.0.exeexplorer.exe
User:
admin
Company:
Locktime Software
Integrity Level:
MEDIUM
Description:
NetLimiter Installer
Exit code:
3221226540
Version:
5.3.6.0
Modules
Images
c:\users\admin\desktop\netlimiter-5.3.6.0.exe
c:\windows\system32\ntdll.dll
3176C:\Windows\system32\msiexec.exe /VC:\Windows\System32\msiexec.exeservices.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3224"C:\Users\admin\Desktop\netlimiter-5.3.6.0.exe" C:\Users\admin\Desktop\netlimiter-5.3.6.0.exeexplorer.exe
User:
admin
Company:
Locktime Software
Integrity Level:
MEDIUM
Description:
NetLimiter Installer
Exit code:
3221226540
Version:
5.3.6.0
Modules
Images
c:\users\admin\desktop\netlimiter-5.3.6.0.exe
c:\windows\system32\ntdll.dll
3388C:\Windows\system32\MsiExec.exe -Embedding A15EA4575E035629D7E1B6ADF543207D CC:\Windows\System32\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
3556"C:\Users\admin\Desktop\netlimiter-5.3.6.0.exe" C:\Users\admin\Desktop\netlimiter-5.3.6.0.exe
explorer.exe
User:
admin
Company:
Locktime Software
Integrity Level:
HIGH
Description:
NetLimiter Installer
Exit code:
0
Version:
5.3.6.0
Modules
Images
c:\users\admin\desktop\netlimiter-5.3.6.0.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
3676"C:\Users\admin\AppData\Local\Temp\Rar$EXa3976.39991\netlimiter-5.3.6.0.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3976.39991\netlimiter-5.3.6.0.exe
WinRAR.exe
User:
admin
Company:
Locktime Software
Integrity Level:
HIGH
Description:
NetLimiter Installer
Exit code:
1602
Version:
5.3.6.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa3976.39991\netlimiter-5.3.6.0.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
Total events
9 104
Read events
9 026
Write events
76
Delete events
2

Modification events

(PID) Process:(3976) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
Executable files
18
Suspicious files
3
Text files
77
Unknown types
0

Dropped files

PID
Process
Filename
Type
3676netlimiter-5.3.6.0.exeC:\Users\admin\AppData\Local\Temp\{0A88B24E-778A-4D6C-AEEE-0406A8209E91}\holder0.aiph
MD5:
SHA256:
3676netlimiter-5.3.6.0.exeC:\Users\admin\AppData\Local\Temp\AI_EXTUI_BIN_3676\remove.pngimage
MD5:897B1844BCA99F42FA3D527FF2091133
SHA256:3A05E6DECEA8E68C1946E82AB0F9197715D579B6B199F3A69BD958B7327D0BFE
3676netlimiter-5.3.6.0.exeC:\Users\admin\AppData\Local\Temp\{0A88B24E-778A-4D6C-AEEE-0406A8209E91}\8209E91\netlimiter-5.3.6.0.x64.msiexecutable
MD5:52DC7CBAEBE73619A036DF2A28939996
SHA256:0C9EFB57D3CB8D6E8B22C0888824924BA89238096178D75ED5C915A6CB963B72
3676netlimiter-5.3.6.0.exeC:\Users\admin\AppData\Local\Temp\MSIC17B.tmpexecutable
MD5:DB7612F0FD6408D664185CFC81BEF0CB
SHA256:E9E426B679B3EFB233F03C696E997E2DA3402F16A321E954B54454317FCEB240
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3976.39991\Keygen.zipcompressed
MD5:8548CD03776ED2F39100DC173E8FB9A2
SHA256:4D8A0C6807234AD5A4BD361D71C90CB98BADCDEECA1F7859507C90BE7F60CEDA
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3976.39991\netlimiter-5.3.6.0.exeexecutable
MD5:E35EDBA51C51E4270045F13481505645
SHA256:F430F3C939AA88610B2EEA309A33D05EB2DF909B4CD526DFADD4E6F65B461DD7
3676netlimiter-5.3.6.0.exeC:\Users\admin\AppData\Local\Temp\AI_EXTUI_BIN_3676\backgroundimage
MD5:A0EFB0E7B9CEE25B09E09A1A64E96BA6
SHA256:F044F542BC46464054084C63596877F06C6E2C215C0E954C4ACE9787CED82787
3676netlimiter-5.3.6.0.exeC:\Users\admin\AppData\Local\Temp\MSIC12C.tmpexecutable
MD5:DB7612F0FD6408D664185CFC81BEF0CB
SHA256:E9E426B679B3EFB233F03C696E997E2DA3402F16A321E954B54454317FCEB240
3676netlimiter-5.3.6.0.exeC:\Users\admin\AppData\Local\Temp\AI_EXTUI_BIN_3676\frame_bottom_left.bmpimage
MD5:1FB3755FE9676FCA35B8D3C6A8E80B45
SHA256:384EBD5800BECADF3BD9014686E6CC09344F75CE426E966D788EB5473B28AA21
3676netlimiter-5.3.6.0.exeC:\Users\admin\AppData\Local\Temp\AI_EXTUI_BIN_3676\whitebackgroundimage
MD5:EB93C0ABAE8A7DE7AE6DC3755B12C802
SHA256:EDA260871BBA09273B71A165DC8B4F254B186046AB383722DC2D8803FA698725
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
12
DNS requests
5
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
3676
netlimiter-5.3.6.0.exe
151.101.2.133:80
secure.globalsign.com
FASTLY
US
unknown
3676
netlimiter-5.3.6.0.exe
93.184.221.240:80
ctldl.windowsupdate.com
EDGECAST
GB
whitelisted
3676
netlimiter-5.3.6.0.exe
151.101.66.133:80
secure.globalsign.com
FASTLY
US
unknown
3676
netlimiter-5.3.6.0.exe
151.101.130.133:80
secure.globalsign.com
FASTLY
US
unknown
3676
netlimiter-5.3.6.0.exe
151.101.194.133:80
secure.globalsign.com
FASTLY
US
unknown
3724
netlimiter-5.3.6.0.exe
151.101.130.133:80
secure.globalsign.com
FASTLY
US
unknown

DNS requests

Domain
IP
Reputation
secure.globalsign.com
  • 151.101.2.133
  • 151.101.66.133
  • 151.101.130.133
  • 151.101.194.133
whitelisted
ctldl.windowsupdate.com
  • 93.184.221.240
whitelisted
dns.msftncsi.com
  • 131.107.255.255
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
NetLimiter.5.3.6.rar