analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

OpenDiscordHaxx-master.zip

Full analysis: https://app.any.run/tasks/ba3aa8f0-52bf-44f7-ad80-6139d78a318d
Verdict: Malicious activity
Analysis date: October 19, 2020, 22:46:09
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract
MD5:

793E61BCCD714F11D74F663A1BB5A518

SHA1:

A50F08D451EA31301CC5D25DEE27EA8D9B009097

SHA256:

3A1CD8CFE27099E144C0A63E24649E1377E7F7A747D2DEA25F3B43C8772C61DB

SSDEEP:

196608:x292JFP5D52JFuP7RAiU7tOSs8+A+2JFH+uHCmMmw669vkniNDq:xA2vL2OP9DlA+2Ximy1/Dq

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 996)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3288)

  • INFO

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 1924)

    • Application launched itself

      • iexplore.exe (PID: 1924)

    • Manual execution by user

      • iexplore.exe (PID: 1924)

    • Changes internet zones settings

      • iexplore.exe (PID: 1924)

    • Reads settings of System Certificates

      • iexplore.exe (PID: 1752)
      • iexplore.exe (PID: 1924)

    • Reads internet explorer settings

      • iexplore.exe (PID: 1752)

    • Changes settings of System certificates

      • iexplore.exe (PID: 1924)
      • iexplore.exe (PID: 1752)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 1924)
      • iexplore.exe (PID: 1752)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (36.3)

EXIF

ZIP

ZipFileName: OpenDiscordHaxx-master/
ZipUncompressedSize: -
ZipCompressedSize: -
ZipCRC: 0x00000000
ZipModifyDate: 2019:09:09 22:06:16
ZipCompression: None
ZipBitFlag: -
ZipRequiredVersion: 10
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
39
Monitored processes
4
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe searchprotocolhost.exe no specs iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
3288"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\OpenDiscordHaxx-master.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
996"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Version:
7.00.7600.16385 (win7_rtm.090713-1255)
1924"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\Desktop\OpenDiscordHaxx-master\OpenDiscordHaxxUI\Tools\Checker.htmlC:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
1752"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1924 CREDAT:144385 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
2 207
Read events
2 065
Write events
0
Delete events
0

Modification events

No data
Executable files
24
Suspicious files
24
Text files
143
Unknown types
24

Dropped files

PID
Process
Filename
Type
3288WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3288.42566\OpenDiscordHaxx-master\OpenDiscordHaxx\BotList\Requests\List\List.cstext
MD5:AF6FDA63B07F5A476ADC6B96E93274C4
SHA256:4F7F451CD4F4141B08D604DC04A03D012F4EEB8A5970D8230E8203BACE06C6BA
3288WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3288.42566\OpenDiscordHaxx-master\OpenDiscordHaxx\BotList\Endpoint.cstext
MD5:14F88671E1085DB1D7BA27AC09600416
SHA256:A83DD4BFB9B83A8B43EAF5F2A14DAC4344DF2BF13F91DED0292FC0B2B2421BB0
3288WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3288.42566\OpenDiscordHaxx-master\OpenDiscordHaxx.slntext
MD5:2B39EE3EE7D31BBDCDEC7013974963C1
SHA256:4935092A8C0267CF8305B593FC7B5E638ECB7C93FE02CD06D3E5E7BA1107CB79
3288WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3288.42566\OpenDiscordHaxx-master\OpenDiscordHaxx\BotList\Requests\Profile\BotInfo.cstext
MD5:058039A8435BB87F17CA13D7F2713CC4
SHA256:817F9744F0473532164417D437728422ACDB5D470DCA49C34B113C19D50B2B89
3288WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3288.42566\OpenDiscordHaxx-master\OpenDiscordHaxx\BotList\Requests\DiscordImage.cstext
MD5:81C6074B7F485E2252C99C5FDB6E16A5
SHA256:F0F5CEC77AA7E37A7A274B058FCA4F1F3ADEEB02E57F1A6A504BA1BC20EEDF28
3288WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3288.42566\OpenDiscordHaxx-master\OpenDiscordHaxx\BotList\Requests\BotRequest.cstext
MD5:562EA8FBAB57D7C97A11D45C30557A49
SHA256:2565F3BB91AAEE238B5AB75F5BCAE9E843AF796A21FECAF7A8CBEB4A3DFC6B3D
3288WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3288.42566\OpenDiscordHaxx-master\OpenDiscordHaxx\BotList\Requests\List\ListAction.cstext
MD5:764CF6ECC3EDAAB2F0861B088310FB24
SHA256:4A6B2C99885A7BA23DC936140E4DF74CFF9A5CF53AC048B26E3A5FC1210829F4
3288WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3288.42566\OpenDiscordHaxx-master\OpenDiscordHaxx\BotList\Requests\Profile\FriendInfo.cstext
MD5:6F7615AA74DF89A821E6F20A6A36986C
SHA256:E1D9498200D56F218EA7015E9D39BA1E39AC41333EC5265D9578D83BBF93F026
3288WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3288.42566\OpenDiscordHaxx-master\OpenDiscordHaxx\BotList\Requests\Opcode.cstext
MD5:71000A38F4CE8D2DF8F231C124FEC466
SHA256:082848BE7E97B47DD396A63EE9ECC73D94C6D94E685D188DFBAE8DE2ECFFEF9B
3288WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3288.42566\OpenDiscordHaxx-master\OpenDiscordHaxx\BotList\Requests\List\BasicBotInfo.cstext
MD5:4EDDD64857A221149254BC357E178568
SHA256:91292C858D4CDBAAC38416B98EA291B83E7B34585C013DCE36F667763334106C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
20
DNS requests
14
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1752
iexplore.exe
GET
200
172.217.22.67:80
http://ocsp.pki.goog/gts1o1core/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEFdRKRguoh2MCAAAAABdwf0%3D
US
der
471 b
whitelisted
1752
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
US
der
471 b
whitelisted
1752
iexplore.exe
GET
200
172.217.22.67:80
http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQCOUTy4wn8XWggAAAAAWy8I
US
der
472 b
whitelisted
1752
iexplore.exe
GET
200
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D
US
der
1.47 Kb
whitelisted
1752
iexplore.exe
GET
200
172.217.22.67:80
http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQD6dnW313dJuggAAAAAXcH8
US
der
472 b
whitelisted
1752
iexplore.exe
GET
200
151.139.128.14:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D
US
der
727 b
whitelisted
1752
iexplore.exe
GET
200
172.217.22.67:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
1752
iexplore.exe
GET
200
172.217.22.67:80
http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQD6dnW313dJuggAAAAAXcH8
US
der
472 b
whitelisted
1752
iexplore.exe
GET
200
172.217.22.67:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
der
468 b
whitelisted
1924
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1752
iexplore.exe
216.58.205.234:443
ajax.googleapis.com
Google Inc.
US
whitelisted
1752
iexplore.exe
209.197.3.15:443
maxcdn.bootstrapcdn.com
Highwinds Network Group, Inc.
US
whitelisted
1752
iexplore.exe
172.217.22.67:80
ocsp.pki.goog
Google Inc.
US
whitelisted
151.139.128.14:80
ocsp.comodoca.com
Highwinds Network Group, Inc.
US
suspicious
1752
iexplore.exe
151.139.128.14:80
ocsp.comodoca.com
Highwinds Network Group, Inc.
US
suspicious
1752
iexplore.exe
216.58.210.10:443
fonts.googleapis.com
Google Inc.
US
whitelisted
1752
iexplore.exe
216.58.210.3:443
fonts.gstatic.com
Google Inc.
US
whitelisted
1924
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
1752
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted
1924
iexplore.exe
152.199.19.161:443
iecvlist.microsoft.com
MCI Communications Services, Inc. d/b/a Verizon Business
US
whitelisted

DNS requests

Domain
IP
Reputation
fonts.googleapis.com
  • 216.58.210.10
whitelisted
maxcdn.bootstrapcdn.com
  • 209.197.3.15
whitelisted
ajax.googleapis.com
  • 216.58.205.234
whitelisted
ocsp.comodoca.com
  • 151.139.128.14
whitelisted
ocsp.pki.goog
  • 172.217.22.67
whitelisted
ocsp.usertrust.com
  • 151.139.128.14
whitelisted
fonts.gstatic.com
  • 216.58.210.3
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted
iecvlist.microsoft.com
  • 152.199.19.161
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
OpenDiscordHaxx-master.zip