analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

TSP Dork generator v8.0.rar.zip

Full analysis: https://app.any.run/tasks/6f17d327-c52a-487a-9185-a30cb88ff2d7
Verdict: Malicious activity
Analysis date: February 29, 2024, 06:09:44
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v5.1 to extract, compression method=AES Encrypted
MD5:

2551C2DB661C370E2827C7B858CE1F81

SHA1:

C6903D36CCF3E1158BB065947028638DFA515074

SHA256:

66D4305A593BD6EF1122CB96E94E320DA3A53EF1B3B83C106950DB67D289B4B5

SSDEEP:

3072:UScfb1Pjb2RrDPLlHXqPiMbeK+Iac5Mo8OuOR7yk5x62:UScfpPjbGrDPhHIJLI698O7h62

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3864)

  • SUSPICIOUS

    • Reads settings of System Certificates

      • TSP Dork generator hot edition.exe (PID: 2904)

    • Reads the Internet Settings

      • TSP Dork generator hot edition.exe (PID: 2904)

  • INFO

    • Checks supported languages

      • TSP Dork generator hot edition.exe (PID: 2904)

    • Reads the computer name

      • TSP Dork generator hot edition.exe (PID: 2904)

    • Manual execution by a user

      • explorer.exe (PID: 2844)
      • TSP Dork generator hot edition.exe (PID: 2904)
      • WinRAR.exe (PID: 2256)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 2256)

    • Reads the machine GUID from the registry

      • TSP Dork generator hot edition.exe (PID: 2904)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2256)

    • Reads Environment values

      • TSP Dork generator hot edition.exe (PID: 2904)

    • Reads the software policy settings

      • TSP Dork generator hot edition.exe (PID: 2904)

    • Dropped object may contain TOR URL's

      • WinRAR.exe (PID: 2256)

    • Create files in a temporary directory

      • TSP Dork generator hot edition.exe (PID: 2904)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: TSP Dork generator v8.0.rar
ZipUncompressedSize: 135444
ZipCompressedSize: 133171
ZipCRC: 0xfe273da3
ZipModifyDate: 2024:02:29 06:08:24
ZipCompression: Unknown (99)
ZipBitFlag: 0x0009
ZipRequiredVersion: 51
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
4
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs explorer.exe no specs winrar.exe tsp dork generator hot edition.exe

Process information

PID
CMD
Path
Indicators
Parent process
3864"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2844"C:\Windows\explorer.exe" C:\Windows\explorer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2256"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\TSP Dork generator v8.0.rar" "C:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2904"C:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\TSP Dork generator v8.0\TSP Dork generator hot edition.exe" C:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\TSP Dork generator v8.0\TSP Dork generator hot edition.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
TSP Dork generator hot edition
Version:
8.0
Modules
Images
c:\users\admin\appdata\local\temp\tsp dork generator v8.0.rar\tsp dork generator v8.0\tsp dork generator hot edition.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
7 714
Read events
7 665
Write events
49
Delete events
0

Modification events

(PID) Process:(3864) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3864) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3864) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3864) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3864) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3864) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3864) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar.zip
(PID) Process:(3864) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3864) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3864) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
1
Suspicious files
1
Text files
22
Unknown types
0

Dropped files

PID
Process
Filename
Type
2256WinRAR.exeC:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\TSP Dork generator v8.0\presets\pageformats\preset1.txttext
MD5:2B5731A9F0CE7D2F2A072722CBE79B0E
SHA256:581D58A3C96630D424548CF351407F0BB391C4626FFA688B9B11AB76E9877F1D
2256WinRAR.exeC:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\TSP Dork generator v8.0\presets\pagetypes\preset4.txttext
MD5:D58F0023C6286E09E869F2C5B325C228
SHA256:0E37CFA88A01F7AA70A758DA1D6E0DAD6A5766425F0302AC0BBCD73071DD5C47
2256WinRAR.exeC:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\TSP Dork generator v8.0\presets\keywords\preset1.txttext
MD5:1CAC10EAA2C203DAC5AA4C230BF19FCE
SHA256:6F022B8F33BA04FC4F5421898415406601E3CD1750AEF978B1295429814C5C4B
2256WinRAR.exeC:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\TSP Dork generator v8.0\presets\pagetypes\preset3.txttext
MD5:191CBDE5955EA52A58EFD6D65D5C5156
SHA256:14C9F52729B15B0E0B6C42F147513A7FF4EDC45AF6F9996030D56033D9CA022E
2256WinRAR.exeC:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\TSP Dork generator v8.0\presets\keywords\preset3.txttext
MD5:FE3B7AD87D2546B67915E710C73AB2E8
SHA256:7258DDB3ADB38169E5A4192A52829963F83C9F9F2311D124D516B3D46CD9937A
2256WinRAR.exeC:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\TSP Dork generator v8.0\presets\pagetypes\preset2.txttext
MD5:5429B5BED87190B6A82E57A4701D7256
SHA256:85E3265A68C922BFAF3E0435DADCD2D511B7B4E605E31E28FFD54A4D70CFF9E9
2256WinRAR.exeC:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\TSP Dork generator v8.0\presets\domainextentions\preset4.txttext
MD5:D226F5E0575E845DDB610E0DAB8654AA
SHA256:946666992DBD0B0F4FE9021F312C616AAD550091D1097524B4FF1DF738B64B7E
2256WinRAR.exeC:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\TSP Dork generator v8.0\presets\keywords\preset4.txttext
MD5:0F66E729C9AEC472641B571C2C0BAB26
SHA256:405F1E7D0F5ECEB5749886F690D1A915A08C7D9F357579E866BF1481B4200566
2256WinRAR.exeC:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\TSP Dork generator v8.0\presets\domainextentions\preset2.txttext
MD5:9BC73C29CE06144A655572DEEFCAABDC
SHA256:BF65DF2FCDF6B14147223C9C82172A2FCD9C668924381BD00618C4B57CC4DA2D
2256WinRAR.exeC:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\TSP Dork generator v8.0\presets\pageformats\preset2.txttext
MD5:C8630823238A94802DAC85F7E44161FB
SHA256:3836540F46CEC7DA1593DBDB58F24D5775D1F0C4D67AACDD91ECEBAA41F7F13D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
6
DNS requests
2
Threats
3

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
2904
TSP Dork generator hot edition.exe
162.125.66.15:443
dl.dropbox.com
DROPBOX
DE
malicious

DNS requests

Domain
IP
Reputation
dl.dropbox.com
  • 162.125.66.15
shared
dl.dropboxusercontent.com
  • 162.125.66.15
shared

Threats

PID
Process
Class
Message
Misc activity
ET INFO DropBox User Content Download Access over SSL M2
Misc activity
ET INFO DropBox User Content Domain (dl .dropboxusercontent .com in TLS SNI)
Misc activity
ET INFO DropBox User Content Download Access over SSL M2
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
TSP Dork generator v8.0.rar.zip