File name: | CrackedTCM'sSkinChecker.zip |
Full analysis: | https://app.any.run/tasks/17d25fe7-88da-4ad6-875d-7a9a5a5fb75c |
Verdict: | Malicious activity |
Threats: | njRAT is a remote access trojan. It is one of the most widely accessible RATs on the market that features an abundance of educational information. Interested attackers can even find tutorials on YouTube. This allows it to become one of the most popular RATs in the world. |
Analysis date: | November 15, 2018, 09:01:31 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | A4B72D6F41F1EA7453FDBB1E76F99E5A |
SHA1: | B18BA65B8F4372A61E6BA146FB7CC278E2091430 |
SHA256: | 1DC7802CCD81403CB917DD2C7171AF270FF1283C893E1C09E6513FB16D5B3A9D |
SSDEEP: | 98304:xNHxvc1AozO3U3SV2JB0TKuJ1txNijqVKPJ:rHxU1AUiIUKuJ1tCGsJ |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | Deflated |
ZipModifyDate: | 2017:11:11 10:23:17 |
ZipCRC: | 0x8476a72a |
ZipCompressedSize: | 88317 |
ZipUncompressedSize: | 242176 |
ZipFileName: | CrackedTCM'sSkinChecker/Bunifu_UI_v1.5.3.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3608 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\CrackedTCM'sSkinChecker.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3956 | "C:\Users\admin\Desktop\CrackedTCM'sSkinChecker\TCM Fortnite Tool Cracked by Crank.exe" | C:\Users\admin\Desktop\CrackedTCM'sSkinChecker\TCM Fortnite Tool Cracked by Crank.exe | explorer.exe | |
User: admin Integrity Level: HIGH Exit code: 3221225547 | ||||
3268 | schtasks /create /f /sc ONLOGON /RL HIGHEST /tn LimeRAT-Admin /tr "'C:\Users\admin\AppData\LocalLow\TrynCatchMe\Deps\TCMDeps.exe'" | C:\Windows\system32\schtasks.exe | — | TCM Fortnite Tool Cracked by Crank.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Manages scheduled tasks Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3996 | "C:\Users\admin\AppData\LocalLow\TrynCatchMe\Deps\TCMDeps.exe" | C:\Users\admin\AppData\LocalLow\TrynCatchMe\Deps\TCMDeps.exe | TCM Fortnite Tool Cracked by Crank.exe | |
User: admin Integrity Level: HIGH |
PID | Process | Filename | Type | |
---|---|---|---|---|
3608 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3608.2852\CrackedTCM'sSkinChecker\Bunifu_UI_v1.5.3.dll | — | |
MD5:— | SHA256:— | |||
3608 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3608.2852\CrackedTCM'sSkinChecker\ElasticEmail.WebApiClient.dll | — | |
MD5:— | SHA256:— | |||
3608 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3608.2852\CrackedTCM'sSkinChecker\HazardEdit.Tools.dll | — | |
MD5:— | SHA256:— | |||
3608 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3608.2852\CrackedTCM'sSkinChecker\HtmlAgilityPack.dll | — | |
MD5:— | SHA256:— | |||
3608 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3608.2852\CrackedTCM'sSkinChecker\MailKit.dll | — | |
MD5:— | SHA256:— | |||
3608 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3608.2852\CrackedTCM'sSkinChecker\Newtonsoft.Json.dll | — | |
MD5:— | SHA256:— | |||
3608 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3608.2852\CrackedTCM'sSkinChecker\README.txt | — | |
MD5:— | SHA256:— | |||
3608 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3608.2852\CrackedTCM'sSkinChecker\TCM Fortnite Tool Cracked by Crank.exe | — | |
MD5:— | SHA256:— | |||
3608 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3608.2852\CrackedTCM'sSkinChecker\xNet.dll | — | |
MD5:— | SHA256:— | |||
3956 | TCM Fortnite Tool Cracked by Crank.exe | C:\Users\admin\AppData\LocalLow\TrynCatchMe\Deps\TCMDeps.exe | executable | |
MD5:6B80A69797D20D4D0B50E26127F756D0 | SHA256:75DE2A4A959F9723C7E5CCB27831D091D6024A63C515C51E2397B6B35ED9DECB |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3996 | TCMDeps.exe | 35.237.32.156:80 | — | — | US | malicious |
3996 | TCMDeps.exe | 104.24.101.6:443 | hastebin.com | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
hastebin.com |
| malicious |