File name:

The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2-peizhaochen.zip

Full analysis: https://app.any.run/tasks/bdeb9489-057e-4db6-bfc0-c4746ccdb909
Verdict: Malicious activity
Analysis date: January 04, 2024, 14:16:55
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

1EBC401FF9D93297714A73CFACA0CF89

SHA1:

D44C2965EF6ED5BA6A7BE4DE62390E91231933AB

SHA256:

64DF02D099D4179983E04EBEB4469C7C4F9B223FB411EB682D740B4A70F92600

SSDEEP:

98304:btfmg8GYnfjsXgkka5+jTq/R+4NPXcqx6EkEXwOeNAUDwf4ldKpBTPWR8H3AybGr:MtcUajqk+4A57

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads the Internet Settings

      • HelpPane.exe (PID: 1796)

    • Reads Internet Explorer settings

      • HelpPane.exe (PID: 1796)

    • Reads Microsoft Outlook installation path

      • HelpPane.exe (PID: 1796)

  • INFO

    • Checks supported languages

      • The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2.exe (PID: 2000)
      • The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2.exe (PID: 1624)

    • Reads the computer name

      • The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2.exe (PID: 1624)

    • Checks proxy server information

      • HelpPane.exe (PID: 1796)

    • Manual execution by a user

      • osk.exe (PID: 2428)
      • osk.exe (PID: 2668)
      • The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2.exe (PID: 1624)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 2036)
      • The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2.exe (PID: 2000)
      • The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2.exe (PID: 1624)

    • Reads the machine GUID from the registry

      • HelpPane.exe (PID: 1796)

    • Create files in a temporary directory

      • The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2.exe (PID: 2000)
      • The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2.exe (PID: 1624)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: None
ZipModifyDate: 2024:01:04 15:07:12
ZipCRC: 0x00000000
ZipCompressedSize: -
ZipUncompressedSize: -
ZipFileName: The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2-peizhaochen/
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
50
Monitored processes
6
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs the.callisto.protocol.v1.0.plus.17.trainer.update2.exe the.callisto.protocol.v1.0.plus.17.trainer.update2.exe no specs helppane.exe no specs osk.exe no specs osk.exe

Process information

PID
CMD
Path
Indicators
Parent process
1624"C:\Users\admin\Desktop\The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2-peizhaochen\The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2.exe" C:\Users\admin\Desktop\The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2-peizhaochen\The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2.exe
explorer.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\desktop\the.callisto.protocol.v1.0.plus.17.trainer.update2-peizhaochen\the.callisto.protocol.v1.0.plus.17.trainer.update2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
1796C:\Windows\helppane.exe -EmbeddingC:\Windows\HelpPane.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Help and Support
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\helppane.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2000"C:\Users\admin\AppData\Local\Temp\cetrainers\CET6127.tmp\The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2.exe" -ORIGIN:"C:\Users\admin\Desktop\The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2-peizhaochen\"C:\Users\admin\AppData\Local\Temp\cetrainers\CET6127.tmp\The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2.exeThe.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2.exe
User:
admin
Integrity Level:
HIGH
Exit code:
0
Modules
Images
c:\users\admin\appdata\local\temp\cetrainers\cet6127.tmp\the.callisto.protocol.v1.0.plus.17.trainer.update2.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
2036"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2-peizhaochen.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2428"C:\Windows\system32\osk.exe" C:\Windows\System32\osk.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Accessibility On-Screen Keyboard
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\osk.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2668"C:\Windows\system32\osk.exe" C:\Windows\System32\osk.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Accessibility On-Screen Keyboard
Exit code:
3221226540
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\osk.exe
c:\windows\system32\ntdll.dll
Total events
1 472
Read events
1 436
Write events
36
Delete events
0

Modification events

(PID) Process:(2036) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(2036) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(2036) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(2036) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(2036) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(2036) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(2036) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(2036) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(2036) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2036) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
Executable files
5
Suspicious files
1
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
1624The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2.exeC:\Users\admin\AppData\Local\Temp\cetrainers\CET6127.tmp\CET_Archive.dat
MD5:
SHA256:
2036WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2036.31580\The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2-peizhaochen\More Trainers @ GameCopyWorld.urltext
MD5:B40C2287E8323510C1FDDB903E4F6D3C
SHA256:BC2C79EA0113B6B2B6A06A8AE448ADA10CB05026BD4F840582079F218CE50937
2036WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2036.31580\The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2-peizhaochen\options.txttext
MD5:CE13563B4C5A6FBDE556BDC19D4D23B8
SHA256:CB9B0711F6FD84280124219CB277BCFB39B5BBAD1C28F08C2AE3FEB60D4A5D36
2036WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2036.31580\The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2-peizhaochen\More Trainers @ GameCopyWorld.txttext
MD5:89FB6C7E14E31F7ECEA25983C55C1817
SHA256:F66CA8674A2E6C0B4F79536B24B5848FDB2945F611BC0AD25378B0A709CBF7A2
1624The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2.exeC:\Users\admin\AppData\Local\Temp\cetrainers\CET6127.tmp\The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2.exeexecutable
MD5:A65C29111A4CF5A7FDD5A9D79F77BCAB
SHA256:DAB3003436B6861AE220CC5FDCB97970FC05AFDF114C2F91E46EED627CE3D6AF
2000The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2.exeC:\Users\admin\AppData\Local\Temp\cetrainers\CET6127.tmp\extracted\lua53-64.dllexecutable
MD5:B7C9F1E7E640F1A034BE84AF86970D45
SHA256:6D0A06B90213F082CB98950890518C0F08B9FC16DBFAB34D400267CB6CDADEFF
2000The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2.exeC:\Users\admin\AppData\Local\Temp\cetrainers\CET6127.tmp\extracted\The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2.exeexecutable
MD5:7D234D01DA96F53F0BFAECB3A8F3FCC4
SHA256:46EFDD35E91D2A90AB76A6FCCDED973AFC80D7B4A83FDA4BBE305B9FE9B6851D
2000The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2.exeC:\Users\admin\AppData\Local\Temp\cetrainers\CET6127.tmp\extracted\speedhack-x86_64.dllexecutable
MD5:19B2050B660A4F9FCB71C93853F2E79C
SHA256:5421B570FBC1165D7794C08279E311672DC4F42CB7AE1CBDDCD7EEA0B1136FFF
2000The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2.exeC:\Users\admin\AppData\Local\Temp\cetrainers\CET6127.tmp\extracted\CET_TRAINER.CETRAINERbinary
MD5:923CA725E43B6AB3926C3AD4C3E5139A
SHA256:1AF096B34F7CF3119A1ECC4E54792899DB77B327E450E5B6C8B27B5E60718D07
2036WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2036.31580\The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2-peizhaochen\The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2.exeexecutable
MD5:481DE97B2EBD53D89B914A99128F3EEF
SHA256:C89F00B7E6579332C7295F3C7B943307F4584C9BB29AAE9B9AAA5EF2D4DD8199
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
The.Callisto.Protocol.v1.0.Plus.17.Trainer.Update2-peizhaochen.zip