analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Ultimate Discord Nuke.rar

Full analysis: https://app.any.run/tasks/718954f1-77d7-4a3f-a5f9-1b2a72c8679d
Verdict: Malicious activity
Analysis date: August 08, 2020, 15:20:08
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

CBB65054ED616386F3D4A482A8940D04

SHA1:

B8393CF36AF40986B3409C06CA8CAE2FB5AB8CE1

SHA256:

5C32E90BB3D4F2A77DEB7A2AAD75E515AADA16CDEB2114FE5AF9E39548B6D51A

SSDEEP:

196608:Qb5VIuu6WC7eL2KUPklrqp2RU+j29J1A/qy2wtgisBEFiUeT0VOvTG6w5ED8f:QrY61iyBkwcqxnj+iUBOvCnP

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • ultimate_discord_nuke.exe (PID: 3848)

    • Application was dropped or rewritten from another process

      • ultimate_discord_nuke.exe (PID: 3848)
      • ultimate_discord_nuke.exe (PID: 3296)

  • SUSPICIOUS

    • Application launched itself

      • ultimate_discord_nuke.exe (PID: 3296)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3176)
      • ultimate_discord_nuke.exe (PID: 3296)

    • Loads Python modules

      • ultimate_discord_nuke.exe (PID: 3848)

  • INFO

    • Reads settings of System Certificates

      • ultimate_discord_nuke.exe (PID: 3848)

    • Manual execution by user

      • ultimate_discord_nuke.exe (PID: 3296)
      • iexplore.exe (PID: 1932)

    • Changes internet zones settings

      • iexplore.exe (PID: 1932)

    • Application launched itself

      • iexplore.exe (PID: 1932)

    • Dropped object may contain Bitcoin addresses

      • ultimate_discord_nuke.exe (PID: 3296)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 1932)
      • iexplore.exe (PID: 2252)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2252)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
5
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe ultimate_discord_nuke.exe ultimate_discord_nuke.exe iexplore.exe iexplore.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
3176"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Ultimate Discord Nuke.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
3296"C:\Users\admin\Desktop\Ultimate Discord Nuke\ultimate_discord_nuke.exe" C:\Users\admin\Desktop\Ultimate Discord Nuke\ultimate_discord_nuke.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
3848"C:\Users\admin\Desktop\Ultimate Discord Nuke\ultimate_discord_nuke.exe" C:\Users\admin\Desktop\Ultimate Discord Nuke\ultimate_discord_nuke.exe
ultimate_discord_nuke.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
1932"C:\Program Files\Internet Explorer\iexplore.exe" C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
2252"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1932 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Total events
923
Read events
849
Write events
0
Delete events
0

Modification events

No data
Executable files
35
Suspicious files
3
Text files
929
Unknown types
2

Dropped files

PID
Process
Filename
Type
3176WinRAR.exeC:\Users\admin\Desktop\Ultimate Discord Nuke\READ ME.txttext
MD5:56E68E948048610E62F8323C5B0FC926
SHA256:64D8AE3155985813813AB17430CE6B359D09A0AC5DB94B76D1BFDB57123B7F7E
3296ultimate_discord_nuke.exeC:\Users\admin\AppData\Local\Temp\_MEI32962\cryptography\hazmat\bindings\_constant_time.cp38-win32.pydexecutable
MD5:F1D46516EB5AAFF20393839CBD446009
SHA256:CAA9A51FECD9E2FDA8AFC55E6779BED7280E20CDEFE73AAF1DF860691689CA61
3176WinRAR.exeC:\Users\admin\Desktop\Ultimate Discord Nuke\ultimate_discord_nuke.exeexecutable
MD5:A86BC9C2F2C363E6A86AFB3078C33C68
SHA256:A1EA0D96D6EBB8587C2E9A3AF50B9B95893229E66DC9038271C19C465E1E4432
3296ultimate_discord_nuke.exeC:\Users\admin\AppData\Local\Temp\_MEI32962\_elementtree.pydexecutable
MD5:29928F61AAC2E9989BB097620B52A289
SHA256:EB8DE455AE9EF9B5223DA2EAA2A74121EB2FE5371CB07E803E8E6E5C3CB5FB44
3296ultimate_discord_nuke.exeC:\Users\admin\AppData\Local\Temp\_MEI32962\cryptography\hazmat\bindings\_openssl.cp38-win32.pydexecutable
MD5:93261A7BE7A2C2571C5857F5C56F7A92
SHA256:798CB051834CC8B41163F8D076A2F8EDD69930A6E77481B9CAA0B90A231B1808
3296ultimate_discord_nuke.exeC:\Users\admin\AppData\Local\Temp\_MEI32962\_testcapi.pydexecutable
MD5:F33981092BFAE8CABF404AAB0199A979
SHA256:5796A1D619CE13CC90B1E6EBFDDC374BE33EDBC1B3D9CB562DDD05007D6C845E
3296ultimate_discord_nuke.exeC:\Users\admin\AppData\Local\Temp\_MEI32962\_cffi_backend.cp38-win32.pydexecutable
MD5:012DB6C90D38DB71D0647659217CA286
SHA256:4207E3276411F75A6680EAE28D7D5ED7F6CAD946B1DE7B724440F44593267414
3296ultimate_discord_nuke.exeC:\Users\admin\AppData\Local\Temp\_MEI32962\_bz2.pydexecutable
MD5:0F75C236C4CCFEA1B16F132F6C139236
SHA256:5DC26DCBF58CC7F5BFDEC0BADD5240D6724DB3E34010AAF35A31876FE4057158
3296ultimate_discord_nuke.exeC:\Users\admin\AppData\Local\Temp\_MEI32962\_ctypes.pydexecutable
MD5:3A2E78784B929003A6BACEEBDB0EFA4D
SHA256:F205948B01B29CB244AE09C5B57FD4B6C8F356DFCD2F8CB49E7CFD177A748CF9
3296ultimate_discord_nuke.exeC:\Users\admin\AppData\Local\Temp\_MEI32962\_multiprocessing.pydexecutable
MD5:8901E96BB7A8EEAD994AF2BDF54A2447
SHA256:823A96F080A3424F4C5327CF61FF517723E19A69679EBE93EA97061063D8D593
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
3
DNS requests
4
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1932
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1932
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
3848
ultimate_discord_nuke.exe
162.159.134.233:443
discordapp.com
Cloudflare Inc
shared

DNS requests

Domain
IP
Reputation
discordapp.com
  • 162.159.134.233
  • 162.159.129.233
  • 162.159.135.233
  • 162.159.133.233
  • 162.159.130.233
whitelisted
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
api.bing.com
  • 13.107.5.80
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
Ultimate Discord Nuke.rar