analyze malware
- Huge database of samples and IOCs
- Custom VM setup
- Unlimited submissions
- Interactive approach
| download: | SpotifyChecker2.0.rar |
| Full analysis: | https://app.any.run/tasks/89c08b2f-a8f1-469b-8667-95c90cea51b6 |
| Verdict: | Malicious activity |
| Analysis date: | March 31, 2020, 12:04:13 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | application/x-rar |
| File info: | RAR archive data, v5 |
| MD5: | 5B4EE3C4B07C67A7D81FD825F0E45D84 |
| SHA1: | 3AB1D15E668C987880DD80C20A68E6467CC21CEA |
| SHA256: | 4438B0D9C46D54F2AAAB7C1B3572F879E25FB9EEBA52623FB2572F49AF09D61B |
| SSDEEP: | 12288:l+7DlyOT1XIqTPgEo9uQ3fp3jCuOAs2DYyRkWkwJ1x:QflyOpXI+IEodPp32R2DYWkWkuT |
MALICIOUS
Application was dropped or rewritten from another process
- SpotifyCheckerProtected2.0.exe (PID: 3112)
- SpotifyCheckerProtected2.0.exe (PID: 2300)
Loads dropped or rewritten executable
- SpotifyCheckerProtected2.0.exe (PID: 2300)
SUSPICIOUS
Reads Environment values
- SpotifyCheckerProtected2.0.exe (PID: 2300)
Application launched itself
- SpotifyCheckerProtected2.0.exe (PID: 3112)
Executable content was dropped or overwritten
- WinRAR.exe (PID: 3172)
INFO
No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .rar | | | RAR compressed archive (v5.0) (61.5) |
|---|---|---|
| .rar | | | RAR compressed archive (gen) (38.4) |
Total processes
38
Monitored processes
3
Malicious processes
1
Suspicious processes
1
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process |
|---|---|---|---|---|
| 3172 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\SpotifyChecker2.0.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
| 3112 | "C:\Users\admin\AppData\Local\Temp\Rar$EXb3172.10532\SpotifyCheckerProtected2.0.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXb3172.10532\SpotifyCheckerProtected2.0.exe | — | WinRAR.exe |
User: admin Company: Microsofrt Integrity Level: MEDIUM Description: conhost Exit code: 0 Version: 1.00.00.00 | ||||
| 2300 | C:\Users\admin\AppData\Local\Temp\Rar$EXb3172.10532\SpotifyCheckerProtected2.0.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb3172.10532\SpotifyCheckerProtected2.0.exe | SpotifyCheckerProtected2.0.exe | |
User: admin Company: Microsofrt Integrity Level: MEDIUM Description: conhost Version: 1.00.00.00 | ||||
Total events
475
Read events
451
Write events
0
Delete events
0
Modification events
Executable files
4
Suspicious files
0
Text files
61
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 3172 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb3172.10532\hits\02 56 47\mailpass.txt | text | |
MD5:F7585A6AD92B833B309957A482C8D81E | SHA256:E98FC17E4C305401BED720BAB5D8B2DB22A8EDE2D0781053A8FB403F2F5889D4 | |||
| 3172 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb3172.10532\hits\02 57 23\mailpass.txt | text | |
MD5:EE086FAEF06380ED267B5DF86ABCD24E | SHA256:409D31B775C2CC146EAD41C34DE101EF7E628980AAB5B51F71993B00573DA81B | |||
| 3172 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb3172.10532\hits\02 57 23\Spotify Free\GB.txt | text | |
MD5:A504F789FB8C5C0259E9A82FBDA8A923 | SHA256:08C56AFD363D2DAD00459583AE596649B6622D85F7C5BF0333EA84BC4D603CEC | |||
| 3172 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb3172.10532\CheckerLib.dll | executable | |
MD5:02F3CA01AF4FBC8940B57E141A200BA3 | SHA256:C3D7D14CEF6E2477741D38FA4A561B4547A26312D8603F08E23F450550723D04 | |||
| 3172 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb3172.10532\hits\02 57 23\Spotify Free\AR.txt | text | |
MD5:B2908B8B9E904ABD71081F5E89A5F25E | SHA256:FB77BD1983CF79A6EBC1E0BB2F8AF2168DB8E2FBCD93F3A347503D9BCCBAFA80 | |||
| 3172 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb3172.10532\hits\02 57 23\Spotify Free\ES.txt | text | |
MD5:E094AF061822973F056A82DAA9D33E3C | SHA256:3212F7B53FE841C66F2DEA3E20FF26F8D86CD56618D5B774546E40354850C10B | |||
| 3172 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb3172.10532\hits\02 57 23\Spotify Free\CO.txt | text | |
MD5:CBC7F96E41D0F87C0A9B118BDFA4B1A4 | SHA256:49EC19011E1F20D89D93AA65C46449DD93C62A637FD7289C38B80BF24E2074C5 | |||
| 3172 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb3172.10532\hits\02 56 47\Spotify Free\BR.txt | text | |
MD5:96A4D0FBA3BE359657BFB34DAC270254 | SHA256:A4F16B38826EBDE61104337CA23F13D1A3DCEA0F76A0103AA9B4158E5CFCD78D | |||
| 3172 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb3172.10532\hits\02 57 23\Spotify Free\AU.txt | text | |
MD5:AA8C5F866111F53420BE59692DF88E27 | SHA256:265AE47B3655C6931A897A18471AF8CD5EB1BB1087FFE4218FA5369C4ED58C66 | |||
| 3172 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb3172.10532\hits\02 57 23\Spotify Free\AT.txt | text | |
MD5:FB82F8075A2129B31AAFEB97DACC877D | SHA256:86254887C313435106E504702FCA533785388B074E1575F006B336DA9824ED12 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
1
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
2300 | SpotifyCheckerProtected2.0.exe | 104.26.6.55:443 | cracked.to | Cloudflare Inc | US | suspicious |
DNS requests
Domain | IP | Reputation |
|---|---|---|
cracked.to |
| whitelisted |
Threats
PID | Process | Class | Message |
|---|---|---|---|
— | — | Potentially Bad Traffic | ET DNS Query for .to TLD |