File name:

10000000_404281230234480_7465939973920571314_n.mp4.download.zip

Full analysis: https://app.any.run/tasks/625cae7b-daa0-4174-804c-96cdfc6c7b5b
Verdict: Malicious activity
Analysis date: February 11, 2020, 21:14:13
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
opendir
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract
MD5:

F432733B41289C1531C0168E751BF651

SHA1:

73694553581F8BC7C6EFE9EA98744350FBFFE609

SHA256:

305A37A07D5B433111979EB030A55696CB15387755DBF426F79337807065B733

SSDEEP:

393216:egrTY/5RKADSNjTb/110Jl1bbz1JTNfm8u4tato:emU/5RKADaTbdiJl13zJInto

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Creates files in the user directory

      • vlc.exe (PID: 3384)
      • vlc.exe (PID: 3844)
      • vlc.exe (PID: 3464)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 10
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2020:02:02 20:04:17
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: 10000000_404281230234480_7465939973920571314_n.mp4.download/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
4
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs vlc.exe vlc.exe vlc.exe

Process information

PID
CMD
Path
Indicators
Parent process
3164"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\10000000_404281230234480_7465939973920571314_n.mp4.download.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3384"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\admin\AppData\Local\Temp\Rar$DIa3164.25288\._10000000_404281230234480_7465939973920571314_n.mp4"C:\Program Files\VideoLAN\VLC\vlc.exe
WinRAR.exe
User:
admin
Company:
VideoLAN
Integrity Level:
MEDIUM
Description:
VLC media player
Exit code:
0
Version:
2.2.6
Modules
Images
c:\program files\videolan\vlc\vlc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\videolan\vlc\libvlc.dll
c:\program files\videolan\vlc\libvlccore.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3464"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\admin\AppData\Local\Temp\Rar$DIa3164.20454\10000000_404281230234480_7465939973920571314_n.mp4"C:\Program Files\VideoLAN\VLC\vlc.exe
WinRAR.exe
User:
admin
Company:
VideoLAN
Integrity Level:
MEDIUM
Description:
VLC media player
Exit code:
0
Version:
2.2.6
Modules
Images
c:\program files\videolan\vlc\vlc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\videolan\vlc\libvlc.dll
c:\program files\videolan\vlc\libvlccore.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3844"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\admin\AppData\Local\Temp\Rar$DIa3164.27554\._10000000_404281230234480_7465939973920571314_n.mp4"C:\Program Files\VideoLAN\VLC\vlc.exe
WinRAR.exe
User:
admin
Company:
VideoLAN
Integrity Level:
MEDIUM
Description:
VLC media player
Exit code:
0
Version:
2.2.6
Modules
Images
c:\program files\videolan\vlc\vlc.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\videolan\vlc\libvlc.dll
c:\program files\videolan\vlc\libvlccore.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
1 492
Read events
1 483
Write events
9
Delete events
0

Modification events

(PID) Process:(3164) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3164) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3164) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3164) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\10000000_404281230234480_7465939973920571314_n.mp4.download.zip
(PID) Process:(3164) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3164) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3164) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3164) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3464) vlc.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Direct3D\MostRecentApplication
Operation:writeName:Name
Value:
vlc.exe
Executable files
0
Suspicious files
0
Text files
15
Unknown types
2

Dropped files

PID
Process
Filename
Type
3164WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa3164.20454\10000000_404281230234480_7465939973920571314_n.mp4
MD5:
SHA256:
3464vlc.exeC:\Users\admin\AppData\Local\Temp\VLCEF98.tmp
MD5:
SHA256:
3464vlc.exeC:\Users\admin\AppData\Local\Temp\VLCF0B2.tmp
MD5:
SHA256:
3464vlc.exeC:\Users\admin\AppData\Local\Temp\VLCF0B3.tmp
MD5:
SHA256:
3464vlc.exeC:\Users\admin\AppData\Local\Temp\VLCF0B4.tmp
MD5:
SHA256:
3464vlc.exeC:\Users\admin\AppData\Local\Temp\VLCF0B5.tmp
MD5:
SHA256:
3464vlc.exeC:\Users\admin\AppData\Local\Temp\VLCF0B6.tmp
MD5:
SHA256:
3464vlc.exeC:\Users\admin\AppData\Local\Temp\VLCF0C7.tmp
MD5:
SHA256:
3464vlc.exeC:\Users\admin\AppData\Local\Temp\VLCF0C8.tmp
MD5:
SHA256:
3464vlc.exeC:\Users\admin\AppData\Local\Temp\VLCF0C9.tmp
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
6
DNS requests
3
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3384
vlc.exe
GET
62.210.246.226:80
http://get.videolan.org/vlc/3.0.8/win32/vlc-3.0.8-win32.exe
FR
malicious
3384
vlc.exe
GET
206
88.191.250.2:80
http://update.videolan.org/vlc/status-win-x86.asc
FR
asc
195 b
malicious
3384
vlc.exe
GET
500
62.210.246.226:80
http://get.videolan.org/vlc/3.0.8/win32/vlc-3.0.8-win32.exe
FR
text
116 b
malicious
3384
vlc.exe
GET
206
88.191.250.2:80
http://update.videolan.org/vlc/status-win-x86
FR
text
287 b
malicious
3384
vlc.exe
GET
404
41.79.68.156:80
http://mirror.aptus.co.tz:80/pub/videolan/vlc/3.0.8/win32/vlc-3.0.8-win32.exe
TZ
html
162 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3384
vlc.exe
88.191.250.2:80
update.videolan.org
Free SAS
FR
malicious
3384
vlc.exe
62.210.246.226:80
get.videolan.org
Online S.a.s.
FR
malicious
3384
vlc.exe
41.79.68.156:443
mirror.aptus.co.tz
Aptus
TZ
unknown
3384
vlc.exe
41.79.68.156:80
mirror.aptus.co.tz
Aptus
TZ
unknown

DNS requests

Domain
IP
Reputation
update.videolan.org
  • 88.191.250.2
unknown
get.videolan.org
  • 62.210.246.226
unknown
mirror.aptus.co.tz
  • 41.79.68.156
unknown

Threats

No threats detected
Process
Message
vlc.exe
core libvlc: one instance mode ENABLED
vlc.exe
core libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface.
vlc.exe
direct3d vout display error: Direct3D could not be initialized
vlc.exe
direct3d vout display error: Could not read adapter capabilities. (hr=0x8876086A)
vlc.exe
core libvlc: one instance mode ENABLED
vlc.exe
core libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface.
vlc.exe
ts demux error: cannot peek
vlc.exe
avcodec demux error: Could not open C:\Users\admin\AppData\Local\Temp\Rar$DIa3164.25288\._10000000_404281230234480_7465939973920571314_n.mp4: Unknown error
vlc.exe
core input error: no suitable demux module for `file/any:///C:/Users/admin/AppData/Local/Temp/Rar%24DIa3164.25288/._10000000_404281230234480_7465939973920571314_n.mp4'
vlc.exe
ps demux error: cannot peek
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
10000000_404281230234480_7465939973920571314_n.mp4.download.zip