File name:

MilfyCity.exe.txt

Full analysis: https://app.any.run/tasks/e0562dbd-f316-491b-bfd6-c9bcbc77b366
Verdict: Malicious activity
Analysis date: January 28, 2024, 13:48:55
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/plain
File info: ASCII text, with no line terminators
MD5:

35C0F3BADE49F23E3503264AB29C03A4

SHA1:

8AFC7253582E5FC646A787EAB050AC1C4C486021

SHA256:

5BA44116F65DFDF153B2E3885592D5F15B6F435CF1CB41685D2E26777F085170

SSDEEP:

3:RJDcVcLACn:vD1Nn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 2724)

    • Start notepad (likely ransomware note)

      • MilfyCity-32.exe (PID: 2360)
      • MilfyCity-32.exe (PID: 3904)
      • MilfyCity-32.exe (PID: 3784)

  • INFO

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 2724)

    • Manual execution by a user

      • WinRAR.exe (PID: 2724)
      • MilfyCity-32.exe (PID: 2360)
      • notepad.exe (PID: 2796)
      • MilfyCity-32.exe (PID: 3784)
      • MilfyCity-32.exe (PID: 3904)

    • Checks supported languages

      • MilfyCity-32.exe (PID: 2360)
      • MilfyCity-32.exe (PID: 3784)
      • MilfyCity-32.exe (PID: 3904)

    • Reads the machine GUID from the registry

      • MilfyCity-32.exe (PID: 2360)
      • MilfyCity-32.exe (PID: 3784)
      • MilfyCity-32.exe (PID: 3904)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2724)

    • Reads the computer name

      • MilfyCity-32.exe (PID: 2360)
      • MilfyCity-32.exe (PID: 3904)
      • MilfyCity-32.exe (PID: 3784)

    • Create files in a temporary directory

      • MilfyCity-32.exe (PID: 2360)
      • MilfyCity-32.exe (PID: 3904)
      • MilfyCity-32.exe (PID: 3784)

    • Creates files or folders in the user directory

      • MilfyCity-32.exe (PID: 3904)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
59
Monitored processes
9
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start notepad.exe no specs winrar.exe milfycity-32.exe no specs notepad.exe no specs notepad.exe no specs milfycity-32.exe no specs notepad.exe no specs milfycity-32.exe notepad.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
984"C:\Windows\system32\NOTEPAD.EXE" "C:\Users\admin\Desktop\MilfyCity.exe.txt"C:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2360"C:\Users\admin\Desktop\Milfy City-1.0e-pc\MilfyCity-32.exe" C:\Users\admin\Desktop\Milfy City-1.0e-pc\MilfyCity-32.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\desktop\milfy city-1.0e-pc\milfycity-32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2724"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Desktop\Milfy City-1.0e-pc.rar" "C:\Users\admin\Desktop\Milfy City-1.0e-pc\"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2796"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\Milfy City-1.0e-pc\log.txtC:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3024"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\Milfy City-1.0e-pc\traceback.txtC:\Windows\System32\notepad.exeMilfyCity-32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3784"C:\Users\admin\Desktop\Milfy City-1.0e-pc\MilfyCity-32.exe" C:\Users\admin\Desktop\Milfy City-1.0e-pc\MilfyCity-32.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\desktop\milfy city-1.0e-pc\milfycity-32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
3836"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\Milfy City-1.0e-pc\traceback.txtC:\Windows\System32\notepad.exeMilfyCity-32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3904"C:\Users\admin\Desktop\Milfy City-1.0e-pc\MilfyCity-32.exe" C:\Users\admin\Desktop\Milfy City-1.0e-pc\MilfyCity-32.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1
Modules
Images
c:\users\admin\desktop\milfy city-1.0e-pc\milfycity-32.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
c:\windows\system32\api-ms-win-core-file-l2-1-0.dll
c:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
4008"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\Milfy City-1.0e-pc\traceback.txtC:\Windows\System32\notepad.exeMilfyCity-32.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
1 009
Read events
1 005
Write events
4
Delete events
0

Modification events

(PID) Process:(2724) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2724) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2724) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2724) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
28
Suspicious files
103
Text files
1 046
Unknown types
0

Dropped files

PID
Process
Filename
Type
2724WinRAR.exeC:\Users\admin\Desktop\Milfy City-1.0e-pc\game\cache\bytecode.rpyb
MD5:
SHA256:
2724WinRAR.exeC:\Users\admin\Desktop\Milfy City-1.0e-pc\game\scripts.rpa
MD5:
SHA256:
2724WinRAR.exeC:\Users\admin\Desktop\Milfy City-1.0e-pc\lib\linux-i686\librenpython.so
MD5:
SHA256:
2724WinRAR.exeC:\Users\admin\Desktop\Milfy City-1.0e-pc\lib\linux-x86_64\librenpython.so
MD5:
SHA256:
2724WinRAR.exeC:\Users\admin\Desktop\Milfy City-1.0e-pc\game\cache\pyanalysis.rpybbinary
MD5:0BD88E7120BE17A0A85AD112EA854B54
SHA256:0632A0939AD0D8E0330447C7C9BE77678F31D99A04554D2FBB7BC34C3DAAF8EF
2724WinRAR.exeC:\Users\admin\Desktop\Milfy City-1.0e-pc\game\tl\None\common.rpymcbinary
MD5:346758FA7598AF2D263307FDC69260CE
SHA256:5B870A09E0220E94562DB7507D115AE314343A938D38C5E0D54493D189BE276B
2724WinRAR.exeC:\Users\admin\Desktop\Milfy City-1.0e-pc\game\script_version.txttext
MD5:A676C55E8674C4D8675ED274932EE6CD
SHA256:B03F0B2BEF0B5EAE99F201DA99F32BEDFE8606A191F0385F3116B3EB3A0E8CF0
2724WinRAR.exeC:\Users\admin\Desktop\Milfy City-1.0e-pc\game\cache\screens.rpybbinary
MD5:121367F1BC6CA891386224EBD5C9DAE8
SHA256:837D42B12C337BBFDF5B87CCF8CC5D4A34F44D9E1D68B68F7A80BD50F8241731
2724WinRAR.exeC:\Users\admin\Desktop\Milfy City-1.0e-pc\game\cache\shaders.txttext
MD5:26B09033FA5A44366686DC52D745E700
SHA256:531E297FA69C8A3E1335B9CE08ECC45148346F3DA379009B9677E22F6AA9723E
2724WinRAR.exeC:\Users\admin\Desktop\Milfy City-1.0e-pc\game\presplash.jpgimage
MD5:BEB1A7F885E2EC9D32A94B592EFAB36B
SHA256:4DB34FCCE71092D03F7ACB58ECAACFA6C63A570C9C4ED6A106B2A057D08539B3
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
Process
Message
MilfyCity-32.exe
[S_API] SteamAPI_Init(): SteamAPI_IsSteamRunning() did not locate a running instance of Steam.
MilfyCity-32.exe
[S_API] SteamAPI_Init(): Sys_LoadModule failed to load: C:\Program Files\Steam\steamclient.dll
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
MilfyCity.exe.txt