File name: | Ultimate Discord Nuke.rar |
Full analysis: | https://app.any.run/tasks/718954f1-77d7-4a3f-a5f9-1b2a72c8679d |
Verdict: | Malicious activity |
Analysis date: | August 08, 2020, 15:20:08 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | CBB65054ED616386F3D4A482A8940D04 |
SHA1: | B8393CF36AF40986B3409C06CA8CAE2FB5AB8CE1 |
SHA256: | 5C32E90BB3D4F2A77DEB7A2AAD75E515AADA16CDEB2114FE5AF9E39548B6D51A |
SSDEEP: | 196608:Qb5VIuu6WC7eL2KUPklrqp2RU+j29J1A/qy2wtgisBEFiUeT0VOvTG6w5ED8f:QrY61iyBkwcqxnj+iUBOvCnP |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3176 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Ultimate Discord Nuke.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3296 | "C:\Users\admin\Desktop\Ultimate Discord Nuke\ultimate_discord_nuke.exe" | C:\Users\admin\Desktop\Ultimate Discord Nuke\ultimate_discord_nuke.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
3848 | "C:\Users\admin\Desktop\Ultimate Discord Nuke\ultimate_discord_nuke.exe" | C:\Users\admin\Desktop\Ultimate Discord Nuke\ultimate_discord_nuke.exe | ultimate_discord_nuke.exe | |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
1932 | "C:\Program Files\Internet Explorer\iexplore.exe" | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2252 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1932 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3176 | WinRAR.exe | C:\Users\admin\Desktop\Ultimate Discord Nuke\READ ME.txt | text | |
MD5:56E68E948048610E62F8323C5B0FC926 | SHA256:64D8AE3155985813813AB17430CE6B359D09A0AC5DB94B76D1BFDB57123B7F7E | |||
3296 | ultimate_discord_nuke.exe | C:\Users\admin\AppData\Local\Temp\_MEI32962\cryptography\hazmat\bindings\_constant_time.cp38-win32.pyd | executable | |
MD5:F1D46516EB5AAFF20393839CBD446009 | SHA256:CAA9A51FECD9E2FDA8AFC55E6779BED7280E20CDEFE73AAF1DF860691689CA61 | |||
3176 | WinRAR.exe | C:\Users\admin\Desktop\Ultimate Discord Nuke\ultimate_discord_nuke.exe | executable | |
MD5:A86BC9C2F2C363E6A86AFB3078C33C68 | SHA256:A1EA0D96D6EBB8587C2E9A3AF50B9B95893229E66DC9038271C19C465E1E4432 | |||
3296 | ultimate_discord_nuke.exe | C:\Users\admin\AppData\Local\Temp\_MEI32962\_elementtree.pyd | executable | |
MD5:29928F61AAC2E9989BB097620B52A289 | SHA256:EB8DE455AE9EF9B5223DA2EAA2A74121EB2FE5371CB07E803E8E6E5C3CB5FB44 | |||
3296 | ultimate_discord_nuke.exe | C:\Users\admin\AppData\Local\Temp\_MEI32962\cryptography\hazmat\bindings\_openssl.cp38-win32.pyd | executable | |
MD5:93261A7BE7A2C2571C5857F5C56F7A92 | SHA256:798CB051834CC8B41163F8D076A2F8EDD69930A6E77481B9CAA0B90A231B1808 | |||
3296 | ultimate_discord_nuke.exe | C:\Users\admin\AppData\Local\Temp\_MEI32962\_testcapi.pyd | executable | |
MD5:F33981092BFAE8CABF404AAB0199A979 | SHA256:5796A1D619CE13CC90B1E6EBFDDC374BE33EDBC1B3D9CB562DDD05007D6C845E | |||
3296 | ultimate_discord_nuke.exe | C:\Users\admin\AppData\Local\Temp\_MEI32962\_cffi_backend.cp38-win32.pyd | executable | |
MD5:012DB6C90D38DB71D0647659217CA286 | SHA256:4207E3276411F75A6680EAE28D7D5ED7F6CAD946B1DE7B724440F44593267414 | |||
3296 | ultimate_discord_nuke.exe | C:\Users\admin\AppData\Local\Temp\_MEI32962\_bz2.pyd | executable | |
MD5:0F75C236C4CCFEA1B16F132F6C139236 | SHA256:5DC26DCBF58CC7F5BFDEC0BADD5240D6724DB3E34010AAF35A31876FE4057158 | |||
3296 | ultimate_discord_nuke.exe | C:\Users\admin\AppData\Local\Temp\_MEI32962\_ctypes.pyd | executable | |
MD5:3A2E78784B929003A6BACEEBDB0EFA4D | SHA256:F205948B01B29CB244AE09C5B57FD4B6C8F356DFCD2F8CB49E7CFD177A748CF9 | |||
3296 | ultimate_discord_nuke.exe | C:\Users\admin\AppData\Local\Temp\_MEI32962\_multiprocessing.pyd | executable | |
MD5:8901E96BB7A8EEAD994AF2BDF54A2447 | SHA256:823A96F080A3424F4C5327CF61FF517723E19A69679EBE93EA97061063D8D593 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1932 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1932 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3848 | ultimate_discord_nuke.exe | 162.159.134.233:443 | discordapp.com | Cloudflare Inc | — | shared |
Domain | IP | Reputation |
---|---|---|
discordapp.com |
| whitelisted |
www.bing.com |
| whitelisted |
api.bing.com |
| whitelisted |