analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

TSP Dork generator v8.0.rar

Full analysis: https://app.any.run/tasks/d13ba563-9c3d-471e-bdf7-282f1963fc58
Verdict: Malicious activity
Analysis date: January 02, 2024, 16:05:59
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

FD6F4E94278D5A6778B7B2AD491A81B6

SHA1:

E77116C37A43345D1932E045AB0C82F3BC9C69F7

SHA256:

42EA276F57E0C94ACCEEBB3073B5A04F377530BF5C4EFF6C4D65435253C6FFD1

SSDEEP:

6144:MNRd8qsNMyCA6Wm5CQSW9Iy5/gfZZ99uUGu:MVI5QSW9p/ghZ995

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads settings of System Certificates

      • TSP Dork generator hot edition.exe (PID: 2032)

    • Reads the Internet Settings

      • TSP Dork generator hot edition.exe (PID: 2032)

  • INFO

    • Reads Environment values

      • TSP Dork generator hot edition.exe (PID: 2032)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 124)

    • Dropped object may contain TOR URL's

      • WinRAR.exe (PID: 124)

    • Checks supported languages

      • TSP Dork generator hot edition.exe (PID: 2032)

    • Create files in a temporary directory

      • TSP Dork generator hot edition.exe (PID: 2032)

    • Reads the computer name

      • TSP Dork generator hot edition.exe (PID: 2032)

    • Reads the machine GUID from the registry

      • TSP Dork generator hot edition.exe (PID: 2032)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
2
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe no specs tsp dork generator hot edition.exe

Process information

PID
CMD
Path
Indicators
Parent process
124"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2032"C:\Users\admin\AppData\Local\Temp\Rar$EXa124.6108\TSP Dork generator v8.0\TSP Dork generator hot edition.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa124.6108\TSP Dork generator v8.0\TSP Dork generator hot edition.exe
WinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
TSP Dork generator hot edition
Version:
8.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa124.6108\tsp dork generator v8.0\tsp dork generator hot edition.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
4 114
Read events
4 083
Write events
31
Delete events
0

Modification events

(PID) Process:(124) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(124) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(124) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(124) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(124) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(124) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(124) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(124) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(124) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(124) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
1
Suspicious files
0
Text files
22
Unknown types
0

Dropped files

PID
Process
Filename
Type
124WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa124.6108\TSP Dork generator v8.0\presets\domainextentions\preset1.txttext
MD5:67815BB37D3B3D1BF9CD8D247DF71921
SHA256:AB11A70EEF7BA2A8F146864EC8A4E675C0834A71E02087B86815EEF7F3B1F4AD
124WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa124.6108\TSP Dork generator v8.0\presets\searchfunctions\preset2.txttext
MD5:0D1C471E849110783E72C30E42739D84
SHA256:65660887CD06E72CF738FCF4BAFB40F27D1A444DBBBA82881038ABB9E7A42E62
124WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa124.6108\TSP Dork generator v8.0\presets\pageformats\preset3.txttext
MD5:87F4C2439DDD025A233BD5AAF3656168
SHA256:516BF2DA52790E61DF36EB8AD74FF5A458D44312E0CCE3D08CA6FD5CD4619835
124WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa124.6108\TSP Dork generator v8.0\presets\pagetypes\preset1.txttext
MD5:BAB63182B97F9E5678786AECEA52700F
SHA256:F5F82368C882677ED966753CFA4371DE6EF5214CCFC3EBAEE050E3AFDDFFBC5D
124WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa124.6108\TSP Dork generator v8.0\presets\pageformats\preset1.txttext
MD5:2B5731A9F0CE7D2F2A072722CBE79B0E
SHA256:581D58A3C96630D424548CF351407F0BB391C4626FFA688B9B11AB76E9877F1D
124WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa124.6108\TSP Dork generator v8.0\presets\pageformats\preset2.txttext
MD5:C8630823238A94802DAC85F7E44161FB
SHA256:3836540F46CEC7DA1593DBDB58F24D5775D1F0C4D67AACDD91ECEBAA41F7F13D
124WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa124.6108\TSP Dork generator v8.0\presets\searchfunctions\preset3.txttext
MD5:3090BE520902B8C025561C8CF6E836ED
SHA256:248C07947AD2B6D9E99F9CA4F950965735ACD0F70B34069C3615E863F02F40A1
124WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa124.6108\TSP Dork generator v8.0\presets\domainextentions\preset3.txttext
MD5:561B8CC2A5E145D78E61EF62B4D15D30
SHA256:0F37CE78BE139CB3161C45F93FD2E7D502124EF349D9E9DC95386E46350B7A89
124WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa124.6108\TSP Dork generator v8.0\presets\pagetypes\preset2.txttext
MD5:5429B5BED87190B6A82E57A4701D7256
SHA256:85E3265A68C922BFAF3E0435DADCD2D511B7B4E605E31E28FFD54A4D70CFF9E9
124WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa124.6108\TSP Dork generator v8.0\presets\pageformats\preset4.txttext
MD5:6C7FC3EB438D36797CD28BB6FC12D41F
SHA256:61D2085D7FFB226B76A13E885E9FEF6CB3B77B6D1E54943E9FF3282C17526E1C
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
2
Threats
3

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2032
TSP Dork generator hot edition.exe
162.125.66.15:443
dl.dropbox.com
DROPBOX
DE
malicious

DNS requests

Domain
IP
Reputation
dl.dropbox.com
  • 162.125.66.15
shared
dl.dropboxusercontent.com
  • 162.125.66.15
shared

Threats

PID
Process
Class
Message
Misc activity
ET INFO DropBox User Content Download Access over SSL M2
Misc activity
ET INFO DropBox User Content Domain (dl .dropboxusercontent .com in TLS SNI)
Misc activity
ET INFO DropBox User Content Download Access over SSL M2
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
TSP Dork generator v8.0.rar