File name:

HW32.Packed.(1).7z

Full analysis: https://app.any.run/tasks/8485e3ec-7b53-4305-ad75-a2c5ed06be30
Verdict: Malicious activity
Threats:

Ransomware is a type of malicious software that locks users out of their system or data using different methods to force them to pay a ransom. Most often, such programs encrypt files on an infected machine and demand a fee to be paid in exchange for the decryption key. Additionally, such programs can be used to steal sensitive information from the compromised computer and even conduct DDoS attacks against affected organizations to pressure them into paying.

Malware Trends Tracker     >>>
Analysis date: June 10, 2024, 11:44:29
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
locky
ransomware
Indicators:
MIME: application/x-7z-compressed
File info: 7-zip archive data, version 0.4
MD5:

3948EC7C273BB48286BA45821BBD8591

SHA1:

DB8DEB43E3A2E3508893CE72652B4063BF673A12

SHA256:

3E2E147ADECCFA47F45BBE5533E82F914309CEC062C531C6035C3293214FC958

SSDEEP:

24576:LeHq4AI+M7tRka2mgTLVOevuE2Q7XbhV5p0w6WYHTsodLAqv0TI4jFNCzaJ:LeHq4AI+etRka2mgTLVOevuE2Q7XbH5j

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3988)
      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)

    • Connects to the CnC server

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)
      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 736)

    • Actions looks like stealing of personal data

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)

    • LOCKY has been detected (SURICATA)

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 736)
      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)

  • SUSPICIOUS

    • Contacting a server suspected of hosting an CnC

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)
      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 736)

    • Reads the Internet Settings

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 736)
      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)

    • Creates file in the systems drive root

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)

    • Connects to the server without a host name

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 736)
      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)

    • Executable content was dropped or overwritten

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)

    • Starts CMD.EXE for commands execution

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)

  • INFO

    • Manual execution by a user

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)
      • wmpnscfg.exe (PID: 1552)
      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 736)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3988)

    • Checks supported languages

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)
      • wmpnscfg.exe (PID: 1552)
      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 736)

    • Reads the computer name

      • wmpnscfg.exe (PID: 1552)
      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 736)
      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)

    • Reads the machine GUID from the registry

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 736)
      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)

    • Checks proxy server information

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 736)
      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)

    • Application launched itself

      • msedge.exe (PID: 2640)

    • Creates files in the program directory

      • 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe (PID: 752)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.7z | 7-Zip compressed archive (v0.4) (57.1)
.7z | 7-Zip compressed archive (gen) (42.8)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
63
Monitored processes
21
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe #LOCKY 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe wmpnscfg.exe no specs #LOCKY 3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe msedge.exe PhotoViewer.dll no specs msedge.exe no specs cmd.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
736"C:\Users\admin\Desktop\3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe" C:\Users\admin\Desktop\3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Modules
Images
c:\users\admin\desktop\3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
752"C:\Users\admin\Desktop\3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe" C:\Users\admin\Desktop\3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Modules
Images
c:\users\admin\desktop\3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\clbcatq.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
916"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1228 --field-trial-handle=1172,i,13855363617696653974,13529898359528043617,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1552"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1568C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}C:\Windows\System32\dllhost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
COM Surrogate
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\dllhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2588"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x6afaf598,0x6afaf5a8,0x6afaf5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2616cmd.exe /C del /Q /F "C:\Users\admin\AppData\Local\Temp\sys6D4F.tmp"C:\Windows\System32\cmd.exe3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2640"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\admin\Desktop\lukitus.htmC:\Program Files\Microsoft\Edge\Application\msedge.exe
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2724"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1416 --field-trial-handle=1172,i,13855363617696653974,13529898359528043617,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2748"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1408 --field-trial-handle=1172,i,13855363617696653974,13529898359528043617,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
9 043
Read events
8 961
Write events
68
Delete events
14

Modification events

(PID) Process:(3988) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3988) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3988) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3988) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3988) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3988) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3988) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\HW32.Packed.(1).7z
(PID) Process:(3988) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3988) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3988) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
3
Suspicious files
417
Text files
406
Unknown types
3

Dropped files

PID
Process
Filename
Type
7523329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exeC:\Users\admin\Documents\OneNote Notebooks\Personal\lukitus-4336.htmhtml
MD5:326B8E7C113150A2C741F1A5133290B4
SHA256:44CC1EE730425012DF846B962626A4A160A86BBC963BC9459CBF30667A4DABB4
3988WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3988.20597\HW32.Packed.(1)\3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe.bakexecutable
MD5:1720B1748AD7B8AC0BFC1C3636FEAD95
SHA256:3329641A171508FA6B1AD7674B31431093D46BE190D1A51ACD77E486F42D9C8E
7523329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exeC:\Users\admin\Documents\Outlook Files\NIFPEAST-MZ56-R3JZ-5E05FCD6-061C093A7DFF.lukituspst
MD5:BE3DAB17B8FCA7566FFB0A9E3EF0BC8D
SHA256:718578ECB833C4526630488CB9C7F41108F66BBA0C54E63B636CC9911339CA63
7523329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exeC:\Users\admin\Documents\OneNote Notebooks\Personal\NIFPEAST-MZ56-R3JZ-5F4C5CD1-174C37B6B8F7.lukitusonetoc2
MD5:204ADD72E85EE70C7FBD055E39A1D205
SHA256:486674F32EC6DBF09EB7F26F7C3C10B6C5ABB3A769D5E344A9D589B161D68862
7523329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exeC:\Users\admin\Documents\Outlook Files\NIFPEAST-MZ56-R3JZ-F81D64F3-7CE620D35100.lukitusbinary
MD5:21CC8FF20FE6574731A46D01B7A91C9B
SHA256:D9DD4E0DD6E550118E5C8EEDD0409AAD7081FFD66DA41B34A48C4C9A28416845
7523329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exeC:\Users\admin\Documents\Outlook Files\NIFPEAST-MZ56-R3JZ-CF794A1D-9A9DD2295980.lukituspst
MD5:D7CD05936982A9C69A54C33AEF497D80
SHA256:A51A31C01AAAE4E496F4C0D2BEE4A4D29ED96A77D92BEA6B0D28D16BEC2C01BC
7523329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exeC:\Users\admin\Documents\Outlook Files\lukitus-43c3.htmhtml
MD5:326B8E7C113150A2C741F1A5133290B4
SHA256:44CC1EE730425012DF846B962626A4A160A86BBC963BC9459CBF30667A4DABB4
7523329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exeC:\Users\admin\Desktop\lukitus-13d7.htmhtml
MD5:326B8E7C113150A2C741F1A5133290B4
SHA256:44CC1EE730425012DF846B962626A4A160A86BBC963BC9459CBF30667A4DABB4
7523329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exeC:\Users\admin\Desktop\NIFPEAST-MZ56-R3JZ-614347BF-D3B4B003EED5.lukitustext
MD5:0ED9CC634D160D50FFDB6C159413DE98
SHA256:46B60E7E0D6E25171585812164D0205690FB002259A5751159BA4A8554681B25
7523329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exeC:\Users\admin\Desktop\NIFPEAST-MZ56-R3JZ-D5E2B4F7-B7BB41E31832.lukitustext
MD5:0C794F00D0CF31B31BE64549431CE184
SHA256:40EBEAD1076E9EEAFEE6CD91DDF22C33EE4A8BB8FB9FF6E198DA8D617498E939
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
3
TCP/UDP connections
26
DNS requests
12
Threats
10

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
752
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
POST
403
37.143.9.154:80
http://37.143.9.154/imageload.cgi
unknown
unknown
736
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
POST
403
37.143.9.154:80
http://37.143.9.154/imageload.cgi
unknown
unknown
752
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
POST
403
37.143.9.154:80
http://37.143.9.154/imageload.cgi
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
752
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
46.17.44.153:80
LLC Baxet
RU
unknown
752
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
185.179.190.31:80
Webhost LLC
RU
unknown
752
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
37.143.9.154:80
EuroByte LLC
RU
unknown
752
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
46.183.165.45:80
Domain names registrar REG.RU, Ltd
RU
unknown
736
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
185.179.190.31:80
Webhost LLC
RU
unknown
736
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
46.17.44.153:80
LLC Baxet
RU
unknown
736
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
46.183.165.45:80
Domain names registrar REG.RU, Ltd
RU
unknown
736
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
37.143.9.154:80
EuroByte LLC
RU
unknown

DNS requests

Domain
IP
Reputation
dns.msftncsi.com
  • 131.107.255.255
shared
config.edge.skype.com
  • 13.107.42.16
whitelisted
edge.microsoft.com
  • 13.107.21.239
  • 204.79.197.239
whitelisted
www.bing.com
  • 2.19.193.65
  • 2.19.193.74
  • 2.19.193.88
  • 2.19.193.89
  • 2.19.193.80
  • 2.19.193.73
  • 2.19.193.75
  • 2.19.193.59
  • 2.19.193.58
whitelisted
msedgeextensions.sf.tlu.dl.delivery.mp.microsoft.com
  • 2.18.31.40
  • 93.186.134.34
whitelisted

Threats

PID
Process
Class
Message
752
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
Malware Command and Control Activity Detected
ET MALWARE Locky CnC checkin Nov 21
752
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
Malware Command and Control Activity Detected
ET MALWARE Locky CnC checkin Nov 21 M2
752
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
Malware Command and Control Activity Detected
ET MALWARE Locky CnC Checkin HTTP Pattern
752
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
Malware Command and Control Activity Detected
ET MALWARE Locky CnC checkin Nov 21
752
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
Malware Command and Control Activity Detected
ET MALWARE Locky CnC checkin Nov 21 M2
752
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
Malware Command and Control Activity Detected
ET MALWARE Locky CnC Checkin HTTP Pattern
736
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
Malware Command and Control Activity Detected
ET MALWARE Locky CnC checkin Nov 21
736
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
Malware Command and Control Activity Detected
ET MALWARE Locky CnC checkin Nov 21 M2
736
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
Malware Command and Control Activity Detected
ET MALWARE Locky CnC Checkin
736
3329641a171508fa6b1ad7674b31431093d46be190d1a51acd77e486f42d9c8e.exe
Malware Command and Control Activity Detected
ET MALWARE Locky CnC Checkin HTTP Pattern
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
HW32.Packed.(1).7z