File name: | 1.rar |
Full analysis: | https://app.any.run/tasks/34418fc8-8c5b-43e9-a1e3-377c5b262cb0 |
Verdict: | Malicious activity |
Analysis date: | January 18, 2020, 11:24:30 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 30EDD123DC12367712A5C4EE6CA68635 |
SHA1: | 75543031C63C5CD1145AD429056726E8E3528C97 |
SHA256: | 36E345A37B718088538C4C4A84FFF940DBB7A0B94F243D60072666D88356E9F9 |
SSDEEP: | 393216:lLKjgS3HY3hlZxncawyHXQA9aFYZrW5sjfviS:Jq7XY3rXcqXQA9EOjniS |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
996 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\1.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3544 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
1096 | "C:\Users\admin\Desktop\Amazon GC Checker & Generator\Amazon GC Checker & Generator\BlackBullet2.exe" | C:\Users\admin\Desktop\Amazon GC Checker & Generator\Amazon GC Checker & Generator\BlackBullet2.exe | explorer.exe | |
User: admin Integrity Level: HIGH Description: BlackBullet2 Exit code: 0 Version: 1.0.0.0 | ||||
2444 | "C:\Users\admin\Desktop\Amazon GC Checker & Generator\Amazon GC Checker & Generator\Launcher(u can try if other not work).exe" | C:\Users\admin\Desktop\Amazon GC Checker & Generator\Amazon GC Checker & Generator\Launcher(u can try if other not work).exe | explorer.exe | |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
1292 | "C:\Windows\system32\cmd.exe" /c "C:\Users\admin\AppData\Local\Temp\7EF9.tmp\7EFA.tmp\7EFB.bat "C:\Users\admin\Desktop\Amazon GC Checker & Generator\Amazon GC Checker & Generator\Launcher(u can try if other not work).exe"" | C:\Windows\system32\cmd.exe | — | Launcher(u can try if other not work).exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
4040 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | cmd.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2136 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4040 CREDAT:79873 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3652 | BlackBullet2.exe FL | C:\Users\admin\Desktop\Amazon GC Checker & Generator\Amazon GC Checker & Generator\BlackBullet2.exe | cmd.exe | |
User: admin Integrity Level: HIGH Description: BlackBullet2 Exit code: 3221225477 Version: 1.0.0.0 | ||||
3772 | "C:\Users\admin\Desktop\Amazon GC Checker & Generator\Amazon GC Checker & Generator\Launcher(updated).exe" | C:\Users\admin\Desktop\Amazon GC Checker & Generator\Amazon GC Checker & Generator\Launcher(updated).exe | explorer.exe | |
User: admin Company: CPUID Hardware Monitor Integrity Level: HIGH Description: CPUID Hardware Monitor Version: 1.3.4.0 | ||||
3096 | "C:\Users\admin\Desktop\Amazon GC Checker & Generator\Amazon GC Checker & Generator\Launcher(updated).exe" | C:\Users\admin\Desktop\Amazon GC Checker & Generator\Amazon GC Checker & Generator\Launcher(updated).exe | — | explorer.exe |
User: admin Company: CPUID Hardware Monitor Integrity Level: MEDIUM Description: CPUID Hardware Monitor Version: 1.3.4.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
996 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa996.23199\Amazon GC Checker & Generator\Amazon GC Checker & Generator\903fb8d8.bin | html | |
MD5:6625F647DFFC6DD25628207E75DC9922 | SHA256:1E25FF5F760B5AAB3AA896CC8B74F71B89FE92E94FA5A463BA893D26A11696C2 | |||
996 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa996.23199\Amazon GC Checker & Generator\Amazon GC Checker & Generator\bin\chromedriver.exe | executable | |
MD5:2FBE8348A03B7440EB5B025ABAE7F7D1 | SHA256:C68BB9B97E36B5DAAB3D100F427A7977A535D9B4EA20890FBB755F39D0421E94 | |||
996 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa996.23199\Amazon GC Checker & Generator\Amazon GC Checker & Generator\Amazon GC.bbc | text | |
MD5:3846F9AF887004477D066C670725AC20 | SHA256:84FAD65A3C47B6F340112D69E27AB597BCC32EEB6ACD841604FFD718CA5D5413 | |||
996 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa996.23199\Amazon GC Checker & Generator\Amazon GC Checker & Generator\bin\geckodriver.exe | executable | |
MD5:45965D4D64ACC06FD669E8A509E5E546 | SHA256:A56397E98C52370FA370FEEF31814105EE8B41933D51DDE3403252C5D4ED6471 | |||
996 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa996.23199\Amazon GC Checker & Generator\Amazon GC Checker & Generator\bin\Extreme.Net.xml | xml | |
MD5:21F2F9F50744B877DCC99903F56CA488 | SHA256:E2524EE13D55BF81D1F8B4405A8BB517C7E3834957DF160A49A0E6A67022E824 | |||
996 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa996.23199\Amazon GC Checker & Generator\Amazon GC Checker & Generator\bin\AngleSharp.xml | xml | |
MD5:68A0CADB92BA0866013B625B7B1A86EC | SHA256:5F83F50EF9241A4FA4D049FF587B2AA6C2F33939842703145140DCC0853EBA95 | |||
996 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa996.23199\Amazon GC Checker & Generator\Amazon GC Checker & Generator\bin\DeathByCaptcha.pdb | pdb | |
MD5:1C127B5964FE54CA87E72D4E0F27DDBB | SHA256:B880BF64DCB57E490BB05B13F8CC3C0059C80987EE8B8C9D2E113293669309CF | |||
996 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa996.23199\Amazon GC Checker & Generator\Amazon GC Checker & Generator\bin\DeathByCaptcha.dll | executable | |
MD5:3495203999B4A2C1A91A6C2E7903E0DB | SHA256:FDD3C336E835F01FA052CF23C1B5A8070D510FFA3C8EE12187C1EA46A08287D1 | |||
996 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa996.23199\Amazon GC Checker & Generator\Amazon GC Checker & Generator\bin\Extreme.Net.pdb | pdb | |
MD5:14DDBAC1E701EC38412C77170D26595D | SHA256:9BEA8D66B0FFE1E89633682B870E2CF49D31C496838EF5174F50959BF812B586 | |||
996 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa996.23199\Amazon GC Checker & Generator\Amazon GC Checker & Generator\bin\DeCaptcherLibrary.pdb | pdb | |
MD5:3504A330E2782EF3E549B438946578BF | SHA256:408C07A85B04949CE0900E4545EE9790D93BF1EFDAA51DE7EBAA37BD03BDB62A |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2136 | iexplore.exe | GET | 301 | 104.27.160.126:80 | http://crackingcentral.com/ | US | — | — | malicious |
4040 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2136 | iexplore.exe | 172.217.18.170:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
2136 | iexplore.exe | 104.27.11.92:443 | cracked.to | Cloudflare Inc | US | suspicious |
2136 | iexplore.exe | 104.27.160.126:80 | crackingcentral.com | Cloudflare Inc | US | shared |
4040 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2136 | iexplore.exe | 104.27.10.92:443 | cracked.to | Cloudflare Inc | US | suspicious |
2136 | iexplore.exe | 104.17.64.4:443 | cdnjs.cloudflare.com | Cloudflare Inc | US | unknown |
2136 | iexplore.exe | 209.197.3.15:443 | maxcdn.bootstrapcdn.com | Highwinds Network Group, Inc. | US | whitelisted |
2136 | iexplore.exe | 172.217.22.2:443 | www.googleadservices.com | Google Inc. | US | whitelisted |
2136 | iexplore.exe | 151.101.2.109:443 | cdn.jsdelivr.net | Fastly | US | suspicious |
2136 | iexplore.exe | 172.217.23.100:443 | www.google.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
crackingcentral.com |
| malicious |
www.bing.com |
| whitelisted |
cracked.to |
| whitelisted |
static.cracked.to |
| suspicious |
fonts.googleapis.com |
| whitelisted |
maxcdn.bootstrapcdn.com |
| whitelisted |
cdnjs.cloudflare.com |
| whitelisted |
cdn.jsdelivr.net |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET DNS Query for .to TLD |
— | — | Potentially Bad Traffic | ET DNS Query for .to TLD |