File name:

TSP Dork generator v8.0.rar

Full analysis: https://app.any.run/tasks/d13ba563-9c3d-471e-bdf7-282f1963fc58
Verdict: Malicious activity
Analysis date: January 02, 2024, 16:05:59
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

FD6F4E94278D5A6778B7B2AD491A81B6

SHA1:

E77116C37A43345D1932E045AB0C82F3BC9C69F7

SHA256:

42EA276F57E0C94ACCEEBB3073B5A04F377530BF5C4EFF6C4D65435253C6FFD1

SSDEEP:

6144:MNRd8qsNMyCA6Wm5CQSW9Iy5/gfZZ99uUGu:MVI5QSW9p/ghZ995

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads settings of System Certificates

      • TSP Dork generator hot edition.exe (PID: 2032)

    • Reads the Internet Settings

      • TSP Dork generator hot edition.exe (PID: 2032)

  • INFO

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 124)

    • Checks supported languages

      • TSP Dork generator hot edition.exe (PID: 2032)

    • Reads the computer name

      • TSP Dork generator hot edition.exe (PID: 2032)

    • Dropped object may contain TOR URL's

      • WinRAR.exe (PID: 124)

    • Reads Environment values

      • TSP Dork generator hot edition.exe (PID: 2032)

    • Reads the machine GUID from the registry

      • TSP Dork generator hot edition.exe (PID: 2032)

    • Create files in a temporary directory

      • TSP Dork generator hot edition.exe (PID: 2032)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
34
Monitored processes
2
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe no specs tsp dork generator hot edition.exe

Process information

PID
CMD
Path
Indicators
Parent process
124"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2032"C:\Users\admin\AppData\Local\Temp\Rar$EXa124.6108\TSP Dork generator v8.0\TSP Dork generator hot edition.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa124.6108\TSP Dork generator v8.0\TSP Dork generator hot edition.exe
WinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
TSP Dork generator hot edition
Exit code:
0
Version:
8.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa124.6108\tsp dork generator v8.0\tsp dork generator hot edition.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
4 114
Read events
4 083
Write events
31
Delete events
0

Modification events

(PID) Process:(124) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(124) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(124) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(124) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(124) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(124) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(124) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(124) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(124) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(124) WinRAR.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
1
Suspicious files
0
Text files
22
Unknown types
0

Dropped files

PID
Process
Filename
Type
124WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa124.6108\TSP Dork generator v8.0\presets\domainextentions\preset1.txttext
MD5:67815BB37D3B3D1BF9CD8D247DF71921
SHA256:AB11A70EEF7BA2A8F146864EC8A4E675C0834A71E02087B86815EEF7F3B1F4AD
124WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa124.6108\TSP Dork generator v8.0\presets\domainextentions\preset3.txttext
MD5:561B8CC2A5E145D78E61EF62B4D15D30
SHA256:0F37CE78BE139CB3161C45F93FD2E7D502124EF349D9E9DC95386E46350B7A89
124WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa124.6108\TSP Dork generator v8.0\presets\pageformats\preset2.txttext
MD5:C8630823238A94802DAC85F7E44161FB
SHA256:3836540F46CEC7DA1593DBDB58F24D5775D1F0C4D67AACDD91ECEBAA41F7F13D
124WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa124.6108\TSP Dork generator v8.0\presets\keywords\preset2.txttext
MD5:3B5F91B1BED803B285B6201E23C1DF93
SHA256:5579FE58E9B7ED2CC17C034DC08DF1CC5996094154F49AEE275B3593C53D5E45
124WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa124.6108\TSP Dork generator v8.0\presets\pageformats\preset3.txttext
MD5:87F4C2439DDD025A233BD5AAF3656168
SHA256:516BF2DA52790E61DF36EB8AD74FF5A458D44312E0CCE3D08CA6FD5CD4619835
124WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa124.6108\TSP Dork generator v8.0\presets\keywords\preset1.txttext
MD5:1CAC10EAA2C203DAC5AA4C230BF19FCE
SHA256:6F022B8F33BA04FC4F5421898415406601E3CD1750AEF978B1295429814C5C4B
124WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa124.6108\TSP Dork generator v8.0\presets\domainextentions\preset4.txttext
MD5:D226F5E0575E845DDB610E0DAB8654AA
SHA256:946666992DBD0B0F4FE9021F312C616AAD550091D1097524B4FF1DF738B64B7E
124WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa124.6108\TSP Dork generator v8.0\presets\pagetypes\preset1.txttext
MD5:BAB63182B97F9E5678786AECEA52700F
SHA256:F5F82368C882677ED966753CFA4371DE6EF5214CCFC3EBAEE050E3AFDDFFBC5D
124WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa124.6108\TSP Dork generator v8.0\presets\keywords\preset4.txttext
MD5:0F66E729C9AEC472641B571C2C0BAB26
SHA256:405F1E7D0F5ECEB5749886F690D1A915A08C7D9F357579E866BF1481B4200566
124WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa124.6108\TSP Dork generator v8.0\presets\pageformats\preset1.txttext
MD5:2B5731A9F0CE7D2F2A072722CBE79B0E
SHA256:581D58A3C96630D424548CF351407F0BB391C4626FFA688B9B11AB76E9877F1D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
2
Threats
3

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
2032
TSP Dork generator hot edition.exe
162.125.66.15:443
dl.dropbox.com
DROPBOX
DE
malicious

DNS requests

Domain
IP
Reputation
dl.dropbox.com
  • 162.125.66.15
shared
dl.dropboxusercontent.com
  • 162.125.66.15
shared

Threats

PID
Process
Class
Message
2032
TSP Dork generator hot edition.exe
Misc activity
ET INFO DropBox User Content Download Access over SSL M2
2032
TSP Dork generator hot edition.exe
Misc activity
ET INFO DropBox User Content Domain (dl .dropboxusercontent .com in TLS SNI)
2032
TSP Dork generator hot edition.exe
Misc activity
ET INFO DropBox User Content Download Access over SSL M2
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
TSP Dork generator v8.0.rar