File name:

MilfyCity.exe.txt

Full analysis: https://app.any.run/tasks/e0562dbd-f316-491b-bfd6-c9bcbc77b366
Verdict: Malicious activity
Analysis date: January 28, 2024, 13:48:55
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/plain
File info: ASCII text, with no line terminators
MD5:

35C0F3BADE49F23E3503264AB29C03A4

SHA1:

8AFC7253582E5FC646A787EAB050AC1C4C486021

SHA256:

5BA44116F65DFDF153B2E3885592D5F15B6F435CF1CB41685D2E26777F085170

SSDEEP:

3:RJDcVcLACn:vD1Nn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 2724)

    • Start notepad (likely ransomware note)

      • MilfyCity-32.exe (PID: 3784)
      • MilfyCity-32.exe (PID: 3904)
      • MilfyCity-32.exe (PID: 2360)

  • INFO

    • Manual execution by a user

      • WinRAR.exe (PID: 2724)
      • MilfyCity-32.exe (PID: 2360)
      • MilfyCity-32.exe (PID: 3904)
      • MilfyCity-32.exe (PID: 3784)
      • notepad.exe (PID: 2796)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2724)

    • Checks supported languages

      • MilfyCity-32.exe (PID: 2360)
      • MilfyCity-32.exe (PID: 3904)
      • MilfyCity-32.exe (PID: 3784)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 2724)

    • Reads the machine GUID from the registry

      • MilfyCity-32.exe (PID: 2360)
      • MilfyCity-32.exe (PID: 3784)
      • MilfyCity-32.exe (PID: 3904)

    • Reads the computer name

      • MilfyCity-32.exe (PID: 2360)
      • MilfyCity-32.exe (PID: 3904)
      • MilfyCity-32.exe (PID: 3784)

    • Create files in a temporary directory

      • MilfyCity-32.exe (PID: 3784)
      • MilfyCity-32.exe (PID: 3904)
      • MilfyCity-32.exe (PID: 2360)

    • Creates files or folders in the user directory

      • MilfyCity-32.exe (PID: 3904)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
59
Monitored processes
9
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start notepad.exe no specs winrar.exe milfycity-32.exe no specs notepad.exe no specs notepad.exe no specs milfycity-32.exe no specs notepad.exe no specs milfycity-32.exe notepad.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
984"C:\Windows\system32\NOTEPAD.EXE" "C:\Users\admin\Desktop\MilfyCity.exe.txt"C:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2360"C:\Users\admin\Desktop\Milfy City-1.0e-pc\MilfyCity-32.exe" C:\Users\admin\Desktop\Milfy City-1.0e-pc\MilfyCity-32.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\desktop\milfy city-1.0e-pc\milfycity-32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2724"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Desktop\Milfy City-1.0e-pc.rar" "C:\Users\admin\Desktop\Milfy City-1.0e-pc\"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2796"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\Milfy City-1.0e-pc\log.txtC:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3024"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\Milfy City-1.0e-pc\traceback.txtC:\Windows\System32\notepad.exeMilfyCity-32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3784"C:\Users\admin\Desktop\Milfy City-1.0e-pc\MilfyCity-32.exe" C:\Users\admin\Desktop\Milfy City-1.0e-pc\MilfyCity-32.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\desktop\milfy city-1.0e-pc\milfycity-32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
3836"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\Milfy City-1.0e-pc\traceback.txtC:\Windows\System32\notepad.exeMilfyCity-32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3904"C:\Users\admin\Desktop\Milfy City-1.0e-pc\MilfyCity-32.exe" C:\Users\admin\Desktop\Milfy City-1.0e-pc\MilfyCity-32.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\desktop\milfy city-1.0e-pc\milfycity-32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
4008"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\Milfy City-1.0e-pc\traceback.txtC:\Windows\System32\notepad.exeMilfyCity-32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
1 009
Read events
1 005
Write events
4
Delete events
0

Modification events

(PID) Process:(2724) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2724) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2724) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2724) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
28
Suspicious files
103
Text files
1 046
Unknown types
0

Dropped files

PID
Process
Filename
Type
2724WinRAR.exeC:\Users\admin\Desktop\Milfy City-1.0e-pc\game\cache\bytecode.rpyb
MD5:
SHA256:
2724WinRAR.exeC:\Users\admin\Desktop\Milfy City-1.0e-pc\game\scripts.rpa
MD5:
SHA256:
2724WinRAR.exeC:\Users\admin\Desktop\Milfy City-1.0e-pc\lib\linux-i686\librenpython.so
MD5:
SHA256:
2724WinRAR.exeC:\Users\admin\Desktop\Milfy City-1.0e-pc\lib\linux-x86_64\librenpython.so
MD5:
SHA256:
2724WinRAR.exeC:\Users\admin\Desktop\Milfy City-1.0e-pc\game\cache\screens.rpybbinary
MD5:121367F1BC6CA891386224EBD5C9DAE8
SHA256:837D42B12C337BBFDF5B87CCF8CC5D4A34F44D9E1D68B68F7A80BD50F8241731
2724WinRAR.exeC:\Users\admin\Desktop\Milfy City-1.0e-pc\lib\linux-i686\MilfyCitybinary
MD5:5A63007BA3322D7399B1BCD2B44C69D7
SHA256:DEC7CC379B2689F3A87F64658B5280AD9EFAD45982DDDA02BBA021E0851F23E0
2724WinRAR.exeC:\Users\admin\Desktop\Milfy City-1.0e-pc\game\cache\bytecode-39.rpybbinary
MD5:9F4DD8EF0A9034F9BD2ED11CE5F488EE
SHA256:13D067A190587BFE65341E26CF1216F10E2C88D8EA4F52471006C944662B41EA
2724WinRAR.exeC:\Users\admin\Desktop\Milfy City-1.0e-pc\game\cache\pyanalysis.rpybbinary
MD5:0BD88E7120BE17A0A85AD112EA854B54
SHA256:0632A0939AD0D8E0330447C7C9BE77678F31D99A04554D2FBB7BC34C3DAAF8EF
2724WinRAR.exeC:\Users\admin\Desktop\Milfy City-1.0e-pc\game\tl\None\common.rpymcbinary
MD5:346758FA7598AF2D263307FDC69260CE
SHA256:5B870A09E0220E94562DB7507D115AE314343A938D38C5E0D54493D189BE276B
2724WinRAR.exeC:\Users\admin\Desktop\Milfy City-1.0e-pc\MilfyCity-32.exeexecutable
MD5:B858B908E70479A2ABFE0E6C7B21A7DF
SHA256:7D6B0EED6B53F41A4E4BC8B443B1B4C66CBA171447A5C1B00004916A1B896385
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
Process
Message
MilfyCity-32.exe
[S_API] SteamAPI_Init(): SteamAPI_IsSteamRunning() did not locate a running instance of Steam.
MilfyCity-32.exe
[S_API] SteamAPI_Init(): Sys_LoadModule failed to load: C:\Program Files\Steam\steamclient.dll
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
MilfyCity.exe.txt