File name: | FatalityWin Crack.rar |
Full analysis: | https://app.any.run/tasks/c495da88-4131-4112-9aab-dace39c319f4 |
Verdict: | Malicious activity |
Threats: | Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns. |
Analysis date: | November 16, 2019, 13:25:18 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | E5A0E16F0A81ED7ED51F888E15F4ECE3 |
SHA1: | 8B3AC9DC70E2FEFC0F80C444B5FF340BB24E55CE |
SHA256: | 31943CC119C9AEB5C0B23B329FA33CABEEAB10E5E9D845441D7CD5CF24719513 |
SSDEEP: | 24576:yiPBhsv1ohPnfdTVO5I2Qm/S0jsUC0zweObR2qgU0wTEpIuiN:yiPE1oXQINprUC0n0R2qgJPpIuiN |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
640 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\FatalityWin Crack.rar" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2368 | "C:\Users\admin\Desktop\Fatality Crack\fatalityLauncher.exe" | C:\Users\admin\Desktop\Fatality Crack\fatalityLauncher.exe | — | explorer.exe |
User: admin Company: 5pp1Zs5xUzqK1sすBLこBzHかBrLpW9JoBuRKo2Ys元tvvs91s気OWoHvvWB5SR4tKtYBQK Integrity Level: MEDIUM Description: 1v3SDvx68K9K7tXnで47o2H8YntAoに2OかQXZYsOHKで92CQ4YS5K6urは2tzWXVDzzHP8 Exit code: 0 Version: 5.1.5.2 | ||||
332 | "C:\Users\admin\Desktop\Fatality Crack\fatalityLauncher.exe" | C:\Users\admin\Desktop\Fatality Crack\fatalityLauncher.exe | fatalityLauncher.exe | |
User: admin Company: 5pp1Zs5xUzqK1sすBLこBzHかBrLpW9JoBuRKo2Ys元tvvs91s気OWoHvvWB5SR4tKtYBQK Integrity Level: MEDIUM Description: 1v3SDvx68K9K7tXnで47o2H8YntAoに2OかQXZYsOHKで92CQ4YS5K6urは2tzWXVDzzHP8 Exit code: 0 Version: 5.1.5.2 | ||||
3080 | "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T & Del "fatalityLauncher.exe" | C:\Windows\System32\cmd.exe | — | fatalityLauncher.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2912 | choice /C Y /N /D Y /T | C:\Windows\system32\choice.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Offers the user a choice Exit code: 255 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3876 | "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT | C:\Windows\system32\rundll32.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
(PID) Process: | (640) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (640) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (640) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (640) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\FatalityWin Crack.rar | |||
(PID) Process: | (640) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (640) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (640) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (640) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (332) fatalityLauncher.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fatalityLauncher_RASAPI32 |
Operation: | write | Name: | EnableFileTracing |
Value: 0 | |||
(PID) Process: | (332) fatalityLauncher.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\fatalityLauncher_RASAPI32 |
Operation: | write | Name: | EnableConsoleTracing |
Value: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
640 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa640.25963\Fatality Crack\fatalityLauncher.exe | — | |
MD5:— | SHA256:— | |||
640 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa640.25963\Fatality Crack\gui-57.dll | — | |
MD5:— | SHA256:— | |||
640 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa640.25963\Fatality Crack\icuuc.dll | — | |
MD5:— | SHA256:— | |||
640 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa640.25963\Fatality Crack\ReadMe.txt | — | |
MD5:— | SHA256:— | |||
332 | fatalityLauncher.exe | C:\Users\admin\AppData\Local\Temp\s4dgdtadpgu.fv | — | |
MD5:— | SHA256:— | |||
332 | fatalityLauncher.exe | C:\Users\admin\AppData\Local\Temp\v5y1puhfa5j.fv | — | |
MD5:— | SHA256:— | |||
332 | fatalityLauncher.exe | C:\Users\admin\AppData\Local\U3LZDGVTLKNOYXJBXQ\FuckTheWorld\Misc\ReadMe.txt | — | |
MD5:— | SHA256:— | |||
332 | fatalityLauncher.exe | C:\Users\admin\AppData\Local\Temp\zewnvphm5zr.fv | sqlite | |
MD5:DD9640AF5F03807CF2E3921CBA16AF0D | SHA256:ECF72C454FEF08C5948A565464839A554567E499F995483D6C8B54B32EA2C5F0 | |||
332 | fatalityLauncher.exe | C:\Users\admin\AppData\Local\U3LZDGVTLKNOYXJBXQ\[GB]185.92.25.17_U3LZDGVTLKNOYXJBXQ.zip | compressed | |
MD5:71AF9FB28A60C61950A90C2A8CBB474E | SHA256:75C2B75E005CFDDC573291A86B626586DF2D291259A7053463FE06B32E01B53F | |||
332 | fatalityLauncher.exe | C:\ProgramData\debug.txt | text | |
MD5:86F9C0DC4B80F1D0F9121A67470C0A69 | SHA256:2ABA1A3878BD14F45448F10C0BB0E48D40E58AA981DF4465BA9ED213114C22A6 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
332 | fatalityLauncher.exe | GET | 200 | 31.131.30.43:80 | http://hokage.ru/antivirus.php | US | text | 31 b | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
332 | fatalityLauncher.exe | 31.131.30.43:80 | hokage.ru | PE Skurykhin Mukola Volodumurovuch | US | malicious |
332 | fatalityLauncher.exe | 176.10.124.134:443 | soranoproject.com | SOFTplus Entwicklungen GmbH | CH | suspicious |
Domain | IP | Reputation |
---|---|---|
hokage.ru |
| malicious |
soranoproject.com |
| suspicious |