File name: | Archive-ff4f.zip |
Full analysis: | https://app.any.run/tasks/ea2fef6e-c6ca-4a59-abad-26650808211a |
Verdict: | Malicious activity |
Threats: | njRAT is a remote access trojan. It is one of the most widely accessible RATs on the market that features an abundance of educational information. Interested attackers can even find tutorials on YouTube. This allows it to become one of the most popular RATs in the world. |
Analysis date: | October 20, 2020, 03:25:09 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 74261928907B7D780B8E61112D367D05 |
SHA1: | 1927A73A3645C72C72DD25859F172ED628B3B2A8 |
SHA256: | 17DBD865D9D346FD8FC2855309D88CD638CE3669A01759E90F611DD0490AA555 |
SSDEEP: | 3072:1/tgZDDja2Smhp0acbccHvD3RI3bJr6YDxd4Uo/9gZDDjaG/pglDDjHn9:1/qDDj/V8KxDxd4Uo/aDDjP/CDDjd |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | 0x0808 |
ZipCompression: | None |
ZipModifyDate: | 2020:10:18 21:45:20 |
ZipCRC: | 0x8a7bbefb |
ZipCompressedSize: | 459881 |
ZipUncompressedSize: | 459881 |
ZipFileName: | Synapse Cracked.exe |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2192 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Archive-ff4f.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
584 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2192.16258\Synapse Cracked.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2192.16258\Synapse Cracked.exe | — | WinRAR.exe |
User: admin Company: Java@Registred Integrity Level: MEDIUM Description: JavaUpadate.exe Exit code: 3221226540 Version: 7.02.0012 | ||||
2108 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2192.16258\Synapse Cracked.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2192.16258\Synapse Cracked.exe | WinRAR.exe | |
User: admin Company: Java@Registred Integrity Level: HIGH Description: JavaUpadate.exe Exit code: 0 Version: 7.02.0012 | ||||
924 | "C:\Users\admin\AppData\Local\Temp\Lammer.exe" | C:\Users\admin\AppData\Local\Temp\Lammer.exe | Synapse Cracked.exe | |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
2132 | "C:\Users\admin\AppData\Local\Temp\Synapse X Remake Beta Release.exe" | C:\Users\admin\AppData\Local\Temp\Synapse X Remake Beta Release.exe | Synapse Cracked.exe | |
User: admin Integrity Level: HIGH Description: SynapseXRemakeBeta Version: 1.0.0.0 | ||||
3700 | "C:\Users\admin\AppData\Local\Temp\System.exe" | C:\Users\admin\AppData\Local\Temp\System.exe | Lammer.exe | |
User: admin Integrity Level: HIGH | ||||
824 | netsh firewall add allowedprogram "C:\Users\admin\AppData\Local\Temp\System.exe" "System.exe" ENABLE | C:\Windows\system32\netsh.exe | — | System.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Network Command Shell Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2108 | Synapse Cracked.exe | C:\Users\admin\AppData\Local\Temp\Synapse X Remake Beta Release.exe | executable | |
MD5:549E7BC2E36A1909A8AE93B7F38258DF | SHA256:7EADD87BA4499E5E98E2EC7943BBCFEE82FECEA1AD7BC444CABBB14D7D788FEB | |||
3700 | System.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\25ebd109baaec904782c5682bf345888.exe | executable | |
MD5:725C56D0472A61F5F97487CB4E14DD87 | SHA256:942F83526B58772EF85CA35FC373B3B95AD388D1DA08AC37B10517C9F258BDBC | |||
2192 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2192.16258\Synapse Cracked.exe | executable | |
MD5:CFE38140D975F53F11FFA097725D2ED7 | SHA256:CE769F177129C881EC8310B9ADB4807B636235C490F7CED17FD197711FD5DA58 | |||
924 | Lammer.exe | C:\Users\admin\AppData\Local\Temp\System.exe | executable | |
MD5:725C56D0472A61F5F97487CB4E14DD87 | SHA256:942F83526B58772EF85CA35FC373B3B95AD388D1DA08AC37B10517C9F258BDBC | |||
2108 | Synapse Cracked.exe | C:\Users\admin\AppData\Local\Temp\Lammer.exe | executable | |
MD5:725C56D0472A61F5F97487CB4E14DD87 | SHA256:942F83526B58772EF85CA35FC373B3B95AD388D1DA08AC37B10517C9F258BDBC |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 173.225.115.192:1177 | iguilhermetiquem.duckdns.org | Webair Internet Development Company Inc. | US | unknown |
2132 | Synapse X Remake Beta Release.exe | 104.23.99.190:443 | pastebin.com | Cloudflare Inc | US | malicious |
Domain | IP | Reputation |
---|---|---|
pastebin.com |
| shared |
iguilhermetiquem.duckdns.org |
| unknown |
PID | Process | Class | Message |
---|---|---|---|
— | — | Misc activity | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain |