File name:

HTTPDebuggerPro.rar

Full analysis: https://app.any.run/tasks/7f17d2fe-131b-4944-8575-81774e960da8
Verdict: Malicious activity
Analysis date: October 30, 2023, 02:55:04
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

DBDFC7F852FBDC79740BAC8124CD8D35

SHA1:

B150DDCF283E2862FDF31BE98321F9E6A5380A36

SHA256:

2188635865F1F9FD514B1A65689CE0A4EDB6064C8C62CCDC6B6C792B57D06AA1

SSDEEP:

98304:CJ3pV63zvSWJWg6gBGN569V/kaEFFa/o8Ncck/PJMnEjU+YcP+mOLI5OScGRr3lA:C3gsGR1QfWtJngd81wbM6y

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • HTTPDebuggerUI.exe (PID: 4016)
      • HTTPDebuggerUI.exe (PID: 888)

    • Application was dropped or rewritten from another process

      • HTTPDebuggerSvc.exe (PID: 3256)
      • HTTPDebuggerSvc.exe (PID: 2280)
      • HTTPDebuggerUI.exe (PID: 4016)
      • HTTPDebuggerUI.exe (PID: 888)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • WinRAR.exe (PID: 1824)

    • Drops a system driver (possible attempt to evade defenses)

      • WinRAR.exe (PID: 1824)

  • INFO

    • Manual execution by a user

      • HTTPDebuggerUI.exe (PID: 4016)
      • HTTPDebuggerSvc.exe (PID: 3256)
      • HTTPDebuggerSvc.exe (PID: 2280)
      • HTTPDebuggerUI.exe (PID: 888)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 1824)

    • Checks supported languages

      • HTTPDebuggerUI.exe (PID: 4016)
      • HTTPDebuggerUI.exe (PID: 888)
      • HTTPDebuggerSvc.exe (PID: 2280)

    • Reads Environment values

      • HTTPDebuggerSvc.exe (PID: 2280)

    • Reads product name

      • HTTPDebuggerSvc.exe (PID: 2280)

    • Reads the computer name

      • HTTPDebuggerSvc.exe (PID: 2280)

    • Reads the machine GUID from the registry

      • HTTPDebuggerSvc.exe (PID: 2280)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
45
Monitored processes
6
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe no specs searchprotocolhost.exe no specs httpdebuggerui.exe no specs httpdebuggersvc.exe no specs httpdebuggersvc.exe httpdebuggerui.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
888"C:\Users\admin\Desktop\HTTPDebuggerPro\HTTPDebuggerUI.exe" C:\Users\admin\Desktop\HTTPDebuggerPro\HTTPDebuggerUI.exeexplorer.exe
User:
admin
Company:
HttpDebugger.com
Integrity Level:
MEDIUM
Description:
HTTP Debugger
Exit code:
0
Version:
9.0.0.12
Modules
Images
c:\users\admin\desktop\httpdebuggerpro\httpdebuggerui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
1036"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Exit code:
0
Version:
7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211)
Modules
Images
c:\windows\system32\searchprotocolhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
1824"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\HTTPDebuggerPro.rar"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\comdlg32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
2280"C:\Users\admin\Desktop\HTTPDebuggerPro\HTTPDebuggerSvc.exe" C:\Users\admin\Desktop\HTTPDebuggerPro\HTTPDebuggerSvc.exe
explorer.exe
User:
admin
Company:
HttpDebugger.com
Integrity Level:
HIGH
Description:
HTTP Debugger Windows Service
Exit code:
0
Version:
9.0.0.12
Modules
Images
c:\users\admin\desktop\httpdebuggerpro\httpdebuggersvc.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ws2_32.dll
c:\windows\system32\nsi.dll
c:\windows\system32\psapi.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\rpcrt4.dll
3256"C:\Users\admin\Desktop\HTTPDebuggerPro\HTTPDebuggerSvc.exe" C:\Users\admin\Desktop\HTTPDebuggerPro\HTTPDebuggerSvc.exeexplorer.exe
User:
admin
Company:
HttpDebugger.com
Integrity Level:
MEDIUM
Description:
HTTP Debugger Windows Service
Exit code:
3221226540
Version:
9.0.0.12
Modules
Images
c:\users\admin\desktop\httpdebuggerpro\httpdebuggersvc.exe
c:\windows\system32\ntdll.dll
4016"C:\Users\admin\Desktop\HTTPDebuggerPro\HTTPDebuggerUI.exe" C:\Users\admin\Desktop\HTTPDebuggerPro\HTTPDebuggerUI.exeexplorer.exe
User:
admin
Company:
HttpDebugger.com
Integrity Level:
MEDIUM
Description:
HTTP Debugger
Exit code:
0
Version:
9.0.0.12
Modules
Images
c:\windows\system32\ntdll.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\kernelbase.dll
c:\users\admin\desktop\httpdebuggerpro\httpdebuggerui.exe
c:\windows\system32\kernel32.dll
c:\windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24542_none_5c0717c7a00ddc6d\gdiplus.dll
c:\windows\system32\version.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\usp10.dll
Total events
1 747
Read events
1 738
Write events
9
Delete events
0

Modification events

(PID) Process:(1824) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1824) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(1824) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(1824) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(1824) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1824) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1824) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1824) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1036) SearchProtocolHost.exeKey:HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\178\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
Executable files
21
Suspicious files
0
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
1824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1824.3165\HTTPDebuggerPro\nss\freebl3.dllexecutable
MD5:2602A05B9866F4B35AA83A4A2B341901
SHA256:B04650AF1350231849B5511B8BAA275D1767FA07B0A8A2283AA5D07F093355F2
1824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1824.3165\HTTPDebuggerPro\drv\Win7\HttpDebuggerSdk32.sysexecutable
MD5:95345CEF021028B57BF85DB8A30AD2C6
SHA256:243C14B5E1C49750FD3B4C64E59E0A27A8FFE56B0D7C010BA0661A1EF9E1CD96
1824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1824.3165\HTTPDebuggerPro\HTTPDebuggerBrowser.dllexecutable
MD5:4FACBAAB17F633D153A7B53FB483B22F
SHA256:C557B766A00FD4BA6950C08C6133C20E4DD800139A19D271D46D6FEB31EBF870
1824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1824.3165\HTTPDebuggerPro\drv\Win7\HttpDebuggerSdk64.sysexecutable
MD5:A98A78E8A2752576B7EE30FE8ABF0616
SHA256:33CC9F14EFFFF513FC515322EF288FE9B7B622ECC477BB8DB0456A58D5134C8A
1824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1824.3165\HTTPDebuggerPro\drv\Win8\HttpDebuggerSdk64.sysexecutable
MD5:947C624C4BD48F8C66FCD00FC0F947D4
SHA256:2E89606775ED719B9D950AE9D37E819A2567426FBE5C3E0AAD8D86FEC693B67B
1824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1824.3165\HTTPDebuggerPro\HTTPDebuggerSvc.exeexecutable
MD5:5B3C641FD1B48108810CC12B1971FFC2
SHA256:F6C8009319B95D3D94C8858D831563B2568F98DDA478B6A784BA5A828374E7FB
1824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1824.3165\HTTPDebuggerPro\HTTPDebuggerUI.exeexecutable
MD5:D6AB0E25B4F76CA11ACB71EB290938D5
SHA256:555B66EABF40CA228D6A285862E622B662A528FFB68AA01A3BB27B4132188DE0
1824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1824.3165\HTTPDebuggerPro\license.rtftext
MD5:E30DD37A2C6C0CA03EBEEA75C23B6A41
SHA256:7C3AE7672FFEECD2FBD64F2105470448B50BDA683D0FAC92619A14C621A54583
1824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1824.3165\HTTPDebuggerPro\nss\certutil.exeexecutable
MD5:F1E70A6F0D7E18774FCBBAC2E6B719C4
SHA256:3BC353D23CAAD539FDD79AE721D9674B5FCFFAB0EE5D35F2E8F72F4C523719C3
1824WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1824.3165\HTTPDebuggerPro\nss\libnspr4.dllexecutable
MD5:CE75817C2BFA28F7FAE3DA3817278E5E
SHA256:552967E185EEA0548DDED47492858170EE8F07A2E6CEAA6835CBF91FF35A0045
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2656
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
HTTPDebuggerPro.rar