File name:

HTTPDebuggerPro.rar

Full analysis: https://app.any.run/tasks/7f17d2fe-131b-4944-8575-81774e960da8
Verdict: Malicious activity
Analysis date: October 30, 2023, 02:55:04
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

DBDFC7F852FBDC79740BAC8124CD8D35

SHA1:

B150DDCF283E2862FDF31BE98321F9E6A5380A36

SHA256:

2188635865F1F9FD514B1A65689CE0A4EDB6064C8C62CCDC6B6C792B57D06AA1

SSDEEP:

98304:CJ3pV63zvSWJWg6gBGN569V/kaEFFa/o8Ncck/PJMnEjU+YcP+mOLI5OScGRr3lA:C3gsGR1QfWtJngd81wbM6y

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • HTTPDebuggerUI.exe (PID: 4016)
      • HTTPDebuggerSvc.exe (PID: 3256)
      • HTTPDebuggerSvc.exe (PID: 2280)
      • HTTPDebuggerUI.exe (PID: 888)

    • Loads dropped or rewritten executable

      • HTTPDebuggerUI.exe (PID: 4016)
      • HTTPDebuggerUI.exe (PID: 888)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • WinRAR.exe (PID: 1824)

    • Drops a system driver (possible attempt to evade defenses)

      • WinRAR.exe (PID: 1824)

  • INFO

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 1824)

    • Manual execution by a user

      • HTTPDebuggerUI.exe (PID: 4016)
      • HTTPDebuggerSvc.exe (PID: 3256)
      • HTTPDebuggerSvc.exe (PID: 2280)
      • HTTPDebuggerUI.exe (PID: 888)

    • Checks supported languages

      • HTTPDebuggerUI.exe (PID: 4016)
      • HTTPDebuggerSvc.exe (PID: 2280)
      • HTTPDebuggerUI.exe (PID: 888)

    • Reads Environment values

      • HTTPDebuggerSvc.exe (PID: 2280)

    • Reads product name

      • HTTPDebuggerSvc.exe (PID: 2280)

    • Reads the machine GUID from the registry

      • HTTPDebuggerSvc.exe (PID: 2280)

    • Reads the computer name

      • HTTPDebuggerSvc.exe (PID: 2280)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
45
Monitored processes
6
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe no specs searchprotocolhost.exe no specs httpdebuggerui.exe no specs httpdebuggersvc.exe no specs httpdebuggersvc.exe httpdebuggerui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
888"C:\Users\admin\Desktop\HTTPDebuggerPro\HTTPDebuggerUI.exe" C:\Users\admin\Desktop\HTTPDebuggerPro\HTTPDebuggerUI.exeexplorer.exe
User:
admin
Company:
HttpDebugger.com
Integrity Level:
MEDIUM
Description:
HTTP Debugger
Exit code:
0
Version:
9.0.0.12
Modules
Images
c:\users\admin\desktop\httpdebuggerpro\httpdebuggerui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
1036"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Exit code:
0
Version:
7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211)
Modules
Images
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1824"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\HTTPDebuggerPro.rar"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
2280"C:\Users\admin\Desktop\HTTPDebuggerPro\HTTPDebuggerSvc.exe" C:\Users\admin\Desktop\HTTPDebuggerPro\HTTPDebuggerSvc.exe
explorer.exe
User:
admin
Company:
HttpDebugger.com
Integrity Level:
HIGH
Description:
HTTP Debugger Windows Service
Exit code:
0
Version:
9.0.0.12
Modules
Images
c:\users\admin\desktop\httpdebuggerpro\httpdebuggersvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\rpcrt4.dll
3256"C:\Users\admin\Desktop\HTTPDebuggerPro\HTTPDebuggerSvc.exe" C:\Users\admin\Desktop\HTTPDebuggerPro\HTTPDebuggerSvc.exeexplorer.exe
User:
admin
Company:
HttpDebugger.com
Integrity Level:
MEDIUM
Description:
HTTP Debugger Windows Service
Exit code:
3221226540
Version:
9.0.0.12
Modules
Images
c:\users\admin\desktop\httpdebuggerpro\httpdebuggersvc.exe
c:\windows\system32\ntdll.dll
4016"C:\Users\admin\Desktop\HTTPDebuggerPro\HTTPDebuggerUI.exe" C:\Users\admin\Desktop\HTTPDebuggerPro\HTTPDebuggerUI.exeexplorer.exe
User:
admin
Company:
HttpDebugger.com
Integrity Level:
MEDIUM
Description:
HTTP Debugger
Exit code:
0
Version:
9.0.0.12
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\desktop\httpdebuggerpro\httpdebuggerui.exe
c:\windows\system32\kernel32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
Total events
1 747
Read events
1 738
Write events
9
Delete events
0

Modification events

(PID) Process:(1824) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1824) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(1824) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(1824) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(1824) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1824) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1824) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1824) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1036) SearchProtocolHost.exeKey:HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
21
Suspicious files
0
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
1824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1824.3165\HTTPDebuggerPro\drv\Win8\HttpDebuggerSdk64.sysexecutable
MD5:947C624C4BD48F8C66FCD00FC0F947D4
SHA256:2E89606775ED719B9D950AE9D37E819A2567426FBE5C3E0AAD8D86FEC693B67B
1824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1824.3165\HTTPDebuggerPro\drv\Win8\HttpDebuggerSdk32.sysexecutable
MD5:FC72F65A95C3109D31B0C7175000A8D8
SHA256:1F5DC9586EB951044F2A92CFF0AA30934582FE014F548B0AB61CEE10CF863934
1824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1824.3165\HTTPDebuggerPro\nss\certutil.exeexecutable
MD5:F1E70A6F0D7E18774FCBBAC2E6B719C4
SHA256:3BC353D23CAAD539FDD79AE721D9674B5FCFFAB0EE5D35F2E8F72F4C523719C3
1824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1824.3165\HTTPDebuggerPro\drv\Win7\HttpDebuggerSdk64.sysexecutable
MD5:A98A78E8A2752576B7EE30FE8ABF0616
SHA256:33CC9F14EFFFF513FC515322EF288FE9B7B622ECC477BB8DB0456A58D5134C8A
1824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1824.3165\HTTPDebuggerPro\HTTPDebuggerSvc.exeexecutable
MD5:5B3C641FD1B48108810CC12B1971FFC2
SHA256:F6C8009319B95D3D94C8858D831563B2568F98DDA478B6A784BA5A828374E7FB
1824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1824.3165\HTTPDebuggerPro\license.rtftext
MD5:E30DD37A2C6C0CA03EBEEA75C23B6A41
SHA256:7C3AE7672FFEECD2FBD64F2105470448B50BDA683D0FAC92619A14C621A54583
1824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1824.3165\HTTPDebuggerPro\nss\libnspr4.dllexecutable
MD5:CE75817C2BFA28F7FAE3DA3817278E5E
SHA256:552967E185EEA0548DDED47492858170EE8F07A2E6CEAA6835CBF91FF35A0045
1824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1824.3165\HTTPDebuggerPro\nss\libplc4.dllexecutable
MD5:4C579FDC84C02563B39D6EEFE124AC33
SHA256:CF7E003B36930664FB804EC9973FAEB2FE9125F75844737C9536697CB2952471
1824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1824.3165\HTTPDebuggerPro\drv\Win7\HttpDebuggerSdk32.sysexecutable
MD5:95345CEF021028B57BF85DB8A30AD2C6
SHA256:243C14B5E1C49750FD3B4C64E59E0A27A8FFE56B0D7C010BA0661A1EF9E1CD96
1824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1824.3165\HTTPDebuggerPro\cximagecrt.dllexecutable
MD5:A2FE19B6B766A12017C8BE442AD0CEF2
SHA256:35B71D192854EDC95248F77DEB824F034E903447319459AAF454269650FD51D3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2656
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
HTTPDebuggerPro.rar