File name:

psn- [Cracked By Badboy] - [C-Cracking.org].rar

Full analysis: https://app.any.run/tasks/b499746a-acc6-4f58-b1cc-6b337627de12
Verdict: Malicious activity
Analysis date: February 18, 2020, 10:48:03
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

3C72A6F8F901DF3117ECCB6205B98FA5

SHA1:

E858CA9ACCAB2F058060E78E127B11F32B08A681

SHA256:

28B9620A26ECE61F942FFF1F42623A33B699008ACB547B99CB6596240DFAD960

SSDEEP:

393216:W2mKNSHTC6vX3u5EZ6eSbl2jXC3JKJEYthXQXfVPi4La:rmWP6/+WUe42jEJyEEhXwf2

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • PlayStation Checker - [Cracked By Badboy].exe (PID: 2864)

    • Application was dropped or rewritten from another process

      • PlayStation Checker - [Cracked By Badboy].exe (PID: 2864)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1928)
      • PlayStation Checker - [Cracked By Badboy].exe (PID: 2864)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
2
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start start winrar.exe playstation checker - [cracked by badboy].exe

Process information

PID
CMD
Path
Indicators
Parent process
1928"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\psn- [Cracked By Badboy] - [C-Cracking.org].rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\usp10.dll
c:\windows\system32\comdlg32.dll
2864"C:\Users\admin\AppData\Local\Temp\Rar$EXa1928.41325\PlayStation Checker - [Cracked By Badboy].exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa1928.41325\PlayStation Checker - [Cracked By Badboy].exe
WinRAR.exe
User:
admin
Company:
jokerTM
Integrity Level:
MEDIUM
Description:
PlayStation Checker by BLJ
Exit code:
0
Version:
4.2.0.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa1928.41325\playstation checker - [cracked by badboy].exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sechost.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
481
Read events
455
Write events
26
Delete events
0

Modification events

(PID) Process:(1928) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(1928) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(1928) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1928) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\psn- [Cracked By Badboy] - [C-Cracking.org].rar
(PID) Process:(1928) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1928) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1928) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1928) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1928) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
0
(PID) Process:(1928) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
1
Executable files
23
Suspicious files
8
Text files
43
Unknown types
1

Dropped files

PID
Process
Filename
Type
1928WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1928.41325\LOG.txttext
MD5:
SHA256:
1928WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1928.41325\PlayStation Checker - [Cracked By Badboy].exeexecutable
MD5:
SHA256:
1928WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1928.41325\Data\CookiesDB.dbsqlite
MD5:
SHA256:
1928WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1928.41325\LastSession.xmlxml
MD5:
SHA256:
1928WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1928.41325\SkinSoft.VisualStyler.dllexecutable
MD5:D93366374B57B5A0FE3A1A8A1CA95F78
SHA256:14F231441DAD16EF046AB97415C33195056A61B0240D7D890971E5F626068925
1928WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1928.41325\Source\PlayStation Checker V4.2.0\PlayStation Checker V4.2.0.csprojxml
MD5:
SHA256:
1928WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1928.41325\Source\PlayStation Checker V4.2.0\PlayStation_Checker_by_Halo\Actions.cstext
MD5:
SHA256:
1928WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1928.41325\Source\PlayStation Checker V4.2.0\PlayStation_Checker_by_Halo\bmak.cstext
MD5:
SHA256:
1928WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1928.41325\Source\PlayStation Checker V4.2.0\PlayStation_Checker_by_Halo\fpcfCollection.cstext
MD5:
SHA256:
1928WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1928.41325\WebDriver.dllexecutable
MD5:9283CFA187616D4DB0E41BDAB6083D88
SHA256:0EE619B1786CF5971C0F9C6EE1859497AECBA93A4953CF92FEA998E8EEFADF3C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
1
DNS requests
1
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2864
PlayStation Checker - [Cracked By Badboy].exe
GET
404
195.201.88.195:80
http://masterproxy.salehsoftware.com/api/getproxy?apikey=70c3e54b69762cb06c42f3937494cf48&service=3&type=http
RU
text
19 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
195.201.88.195:80
masterproxy.salehsoftware.com
Awanti Ltd.
RU
unknown

DNS requests

Domain
IP
Reputation
masterproxy.salehsoftware.com
  • 195.201.88.195
unknown

Threats

No threats detected
Process
Message
PlayStation Checker - [Cracked By Badboy].exe
Native library pre-loader is trying to load native SQLite library "C:\Users\admin\AppData\Local\Temp\Rar$EXa1928.41325\x86\SQLite.Interop.dll"...
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
psn- [Cracked By Badboy] - [C-Cracking.org].rar