File name:

HW32.Packed.(1).7z

Full analysis: https://app.any.run/tasks/8485e3ec-7b53-4305-ad75-a2c5ed06be30
Verdict: Malicious activity
Threats:

Ransomware is a type of malicious software that locks users out of their system or data using different methods to force them to pay a ransom. Most often, such programs encrypt files on an infected machine and demand a fee to be paid in exchange for the decryption key. Additionally, such programs can be used to steal sensitive information from the compromised computer and even conduct DDoS attacks against affected organizations to pressure them into paying.

Malware Trends Tracker     >>>
Analysis date: June 10, 2024, 11:44:29
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
locky
ransomware
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

3948EC7C273BB48286BA45821BBD8591

SHA1:

DB8DEB43E3A2E3508893CE72652B4063BF673A12

SHA256:

3E2E147ADECCFA47F45BBE5533E82F914309CEC062C531C6035C3293214FC958

SSDEEP:

24576:LeHq4AI+M7tRka2mgTLVOevuE2Q7XbhV5p0w6WYHTsodLAqv0TI4jFNCzaJ:LeHq4AI+etRka2mgTLVOevuE2Q7XbH5j

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3988)
      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)

    • Actions looks like stealing of personal data

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)

    • Connects to the CnC server

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 736)
      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)

    • LOCKY has been detected (SURICATA)

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 736)
      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)

  • SUSPICIOUS

    • Reads the Internet Settings

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)
      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 736)

    • Creates file in the systems drive root

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)

    • Contacting a server suspected of hosting an CnC

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 736)
      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)

    • Connects to the server without a host name

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 736)
      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)

    • Starts CMD.EXE for commands execution

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)

    • Executable content was dropped or overwritten

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)

  • INFO

    • Manual execution by a user

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)
      • wmpnscfg.exe (PID: 1552)
      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 736)

    • Checks supported languages

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)
      • wmpnscfg.exe (PID: 1552)
      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 736)

    • Reads the computer name

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)
      • wmpnscfg.exe (PID: 1552)
      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 736)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3988)

    • Checks proxy server information

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)
      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 736)

    • Reads the machine GUID from the registry

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)
      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 736)

    • Creates files in the program directory

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)

    • Application launched itself

      • msedge.exe (PID: 2640)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
63
Monitored processes
21
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe #LOCKY 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe wmpnscfg.exe no specs #LOCKY 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe msedge.exe PhotoViewer.dll no specs msedge.exe no specs cmd.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
736"C:\Users\admin\Desktop\3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe" C:\Users\admin\Desktop\3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\desktop\3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
752"C:\Users\admin\Desktop\3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe" C:\Users\admin\Desktop\3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
916"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1228 --field-trial-handle=1172,i,13855363617696653974,13529898359528043617,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1552"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1568C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}C:\Windows\System32\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
COM Surrogate
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2588"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6afaf598,0x6afaf5a8,0x6afaf5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2616cmd.exe /C del /Q /F "C:\Users\admin\AppData\Local\Temp\sys6D4F.tmp"C:\Windows\System32\cmd.exe3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2640"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\admin\Desktop\lukitus.htmC:\Program Files\Microsoft\Edge\Application\msedge.exe
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2724"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1416 --field-trial-handle=1172,i,13855363617696653974,13529898359528043617,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2748"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1408 --field-trial-handle=1172,i,13855363617696653974,13529898359528043617,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
9 043
Read events
8 961
Write events
68
Delete events
14

Modification events

(PID) Process:(3988) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3988) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3988) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3988) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3988) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3988) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3988) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\HW32.Packed.(1).7z
(PID) Process:(3988) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3988) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3988) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
3
Suspicious files
417
Text files
406
Unknown types
3

Dropped files

PID
Process
Filename
Type
7523329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exeC:\Users\admin\Documents\Outlook Files\NIFPEAST-MZ56-R3JZ-5E05FCD6-061C093A7DFF.lukituspst
MD5:BE3DAB17B8FCA7566FFB0A9E3EF0BC8D
SHA256:718578ECB833C4526630488CB9C7F41108F66BBA0C54E63B636CC9911339CA63
7523329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exeC:\Users\admin\Documents\NIFPEAST-MZ56-R3JZ-DF6E7247-8F4D9E681750.lukitustext
MD5:B94946755A6E6B5DA27AF2EE38CC6AB4
SHA256:B2006F7F9D2E154ECAFABC85FDF229B61FB416BB4ED9CD0CEC3AF2A88B3311E8
3988WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3988.20597\HW32.Packed.(1)\3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe.bakexecutable
MD5:1720B1748AD7B8AC0BFC1C3636FEAD95
SHA256:3329641A171508FA6B1AD7674B31431093D46BE190D1A51ACD77E486F42D9C8E
7523329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exeC:\Users\admin\Desktop\NIFPEAST-MZ56-R3JZ-5651A933-881541D27EDF.lukitustext
MD5:DDBFB7A41A34BD0854F93A985CDF8D91
SHA256:B65C5278AF73D8F3D1FB4165D2ACB84A21B16CBF19A97ABC9942E2A51EA47D72
7523329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exeC:\Users\admin\Documents\Outlook Files\NIFPEAST-MZ56-R3JZ-CF794A1D-9A9DD2295980.lukituspst
MD5:D7CD05936982A9C69A54C33AEF497D80
SHA256:A51A31C01AAAE4E496F4C0D2BEE4A4D29ED96A77D92BEA6B0D28D16BEC2C01BC
7523329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exeC:\Users\admin\Desktop\NIFPEAST-MZ56-R3JZ-D5E2B4F7-B7BB41E31832.lukitustext
MD5:0C794F00D0CF31B31BE64549431CE184
SHA256:40EBEAD1076E9EEAFEE6CD91DDF22C33EE4A8BB8FB9FF6E198DA8D617498E939
7523329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exeC:\Users\admin\Desktop\NIFPEAST-MZ56-R3JZ-96185AB5-E4A3653DEA91.lukitustext
MD5:91C28FE36F17A1AAC33A55FE6E8C92F9
SHA256:FDEC187018846B94EB42635816A9FB704479398B811E020342CB75AFEE1006A6
7523329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exeC:\Users\admin\Documents\OneNote Notebooks\Personal\lukitus-4336.htmhtml
MD5:326B8E7C113150A2C741F1A5133290B4
SHA256:44CC1EE730425012DF846B962626A4A160A86BBC963BC9459CBF30667A4DABB4
7523329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exeC:\Users\admin\Documents\Outlook Files\lukitus-43c3.htmhtml
MD5:326B8E7C113150A2C741F1A5133290B4
SHA256:44CC1EE730425012DF846B962626A4A160A86BBC963BC9459CBF30667A4DABB4
7523329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exeC:\MSOCache\All Users\{90140000-0015-0416-0000-0000000FF1CE}-C\NIFPEAST-MZ56-R3JZ-B2213882-F4A30C5FFCB9.lukitusxml
MD5:B6440FB7079652F8EFC6DDFAEC980E22
SHA256:82731199051596577E6C9A384463AA062CE22D5DCD8655535A857A8BC8412AD0
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
26
DNS requests
12
Threats
10

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
752
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
POST
403
37.143.9.154:80
http://37.143.9.154/imageload.cgi
unknown
unknown
736
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
POST
403
37.143.9.154:80
http://37.143.9.154/imageload.cgi
unknown
unknown
752
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
POST
403
37.143.9.154:80
http://37.143.9.154/imageload.cgi
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
752
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
46.17.44.153:80
LLC Baxet
RU
unknown
752
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
185.179.190.31:80
Webhost LLC
RU
unknown
752
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
37.143.9.154:80
EuroByte LLC
RU
unknown
752
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
46.183.165.45:80
Domain names registrar REG.RU, Ltd
RU
unknown
736
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
185.179.190.31:80
Webhost LLC
RU
unknown
736
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
46.17.44.153:80
LLC Baxet
RU
unknown
736
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
46.183.165.45:80
Domain names registrar REG.RU, Ltd
RU
unknown
736
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
37.143.9.154:80
EuroByte LLC
RU
unknown

DNS requests

Domain
IP
Reputation
dns.msftncsi.com
  • 131.107.255.255
shared
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
www.bing.com
  • 2.19.193.65
  • 2.19.193.74
  • 2.19.193.88
  • 2.19.193.89
  • 2.19.193.80
  • 2.19.193.73
  • 2.19.193.75
  • 2.19.193.59
  • 2.19.193.58
whitelisted
msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
  • 2.18.31.40
  • 93.186.134.34
whitelisted

Threats

PID
Process
Class
Message
752
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
Malware Command and Control Activity Detected
ET MALWARE Locky CnC checkin Nov 21
752
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
Malware Command and Control Activity Detected
ET MALWARE Locky CnC checkin Nov 21 M2
752
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
Malware Command and Control Activity Detected
ET MALWARE Locky CnC Checkin HTTP Pattern
752
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
Malware Command and Control Activity Detected
ET MALWARE Locky CnC checkin Nov 21
752
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
Malware Command and Control Activity Detected
ET MALWARE Locky CnC checkin Nov 21 M2
752
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
Malware Command and Control Activity Detected
ET MALWARE Locky CnC Checkin HTTP Pattern
736
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
Malware Command and Control Activity Detected
ET MALWARE Locky CnC checkin Nov 21
736
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
Malware Command and Control Activity Detected
ET MALWARE Locky CnC checkin Nov 21 M2
736
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
Malware Command and Control Activity Detected
ET MALWARE Locky CnC Checkin
736
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
Malware Command and Control Activity Detected
ET MALWARE Locky CnC Checkin HTTP Pattern
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
HW32.Packed.(1).7z