File name:

TSP Dork generator v8.0.rar.zip

Full analysis: https://app.any.run/tasks/6f17d327-c52a-487a-9185-a30cb88ff2d7
Verdict: Malicious activity
Analysis date: February 29, 2024, 06:09:44
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v5.1 to extract, compression method=AES Encrypted
MD5:

2551C2DB661C370E2827C7B858CE1F81

SHA1:

C6903D36CCF3E1158BB065947028638DFA515074

SHA256:

66D4305A593BD6EF1122CB96E94E320DA3A53EF1B3B83C106950DB67D289B4B5

SSDEEP:

3072:UScfb1Pjb2RrDPLlHXqPiMbeK+Iac5Mo8OuOR7yk5x62:UScfpPjbGrDPhHIJLI698O7h62

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3864)

  • SUSPICIOUS

    • Reads the Internet Settings

      • TSP Dork generator hot edition.exe (PID: 2904)

    • Reads settings of System Certificates

      • TSP Dork generator hot edition.exe (PID: 2904)

  • INFO

    • Manual execution by a user

      • explorer.exe (PID: 2844)
      • TSP Dork generator hot edition.exe (PID: 2904)
      • WinRAR.exe (PID: 2256)

    • Dropped object may contain TOR URL's

      • WinRAR.exe (PID: 2256)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 2256)

    • Checks supported languages

      • TSP Dork generator hot edition.exe (PID: 2904)

    • Reads the computer name

      • TSP Dork generator hot edition.exe (PID: 2904)

    • Reads Environment values

      • TSP Dork generator hot edition.exe (PID: 2904)

    • Reads the software policy settings

      • TSP Dork generator hot edition.exe (PID: 2904)

    • Reads the machine GUID from the registry

      • TSP Dork generator hot edition.exe (PID: 2904)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2256)

    • Create files in a temporary directory

      • TSP Dork generator hot edition.exe (PID: 2904)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 51
ZipBitFlag: 0x0009
ZipCompression: Unknown (99)
ZipModifyDate: 2024:02:29 06:08:24
ZipCRC: 0xfe273da3
ZipCompressedSize: 133171
ZipUncompressedSize: 135444
ZipFileName: TSP Dork generator v8.0.rar
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
4
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs explorer.exe no specs winrar.exe tsp dork generator hot edition.exe

Process information

PID
CMD
Path
Indicators
Parent process
2256"C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\TSP Dork generator v8.0.rar" "C:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2844"C:\Windows\explorer.exe" C:\Windows\explorer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2904"C:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\TSP Dork generator v8.0\TSP Dork generator hot edition.exe" C:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\TSP Dork generator v8.0\TSP Dork generator hot edition.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
TSP Dork generator hot edition
Exit code:
0
Version:
8.0
Modules
Images
c:\users\admin\appdata\local\temp\tsp dork generator v8.0.rar\tsp dork generator v8.0\tsp dork generator hot edition.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
3864"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
7 714
Read events
7 665
Write events
49
Delete events
0

Modification events

(PID) Process:(3864) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3864) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3864) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3864) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3864) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3864) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3864) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar.zip
(PID) Process:(3864) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3864) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3864) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
1
Suspicious files
1
Text files
22
Unknown types
0

Dropped files

PID
Process
Filename
Type
2256WinRAR.exeC:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\TSP Dork generator v8.0\presets\domainextentions\preset2.txttext
MD5:9BC73C29CE06144A655572DEEFCAABDC
SHA256:BF65DF2FCDF6B14147223C9C82172A2FCD9C668924381BD00618C4B57CC4DA2D
2256WinRAR.exeC:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\TSP Dork generator v8.0\presets\domainextentions\preset1.txttext
MD5:67815BB37D3B3D1BF9CD8D247DF71921
SHA256:AB11A70EEF7BA2A8F146864EC8A4E675C0834A71E02087B86815EEF7F3B1F4AD
2256WinRAR.exeC:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\TSP Dork generator v8.0\presets\domainextentions\preset3.txttext
MD5:561B8CC2A5E145D78E61EF62B4D15D30
SHA256:0F37CE78BE139CB3161C45F93FD2E7D502124EF349D9E9DC95386E46350B7A89
3864WinRAR.exeC:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\TSP Dork generator v8.0.rarcompressed
MD5:FD6F4E94278D5A6778B7B2AD491A81B6
SHA256:42EA276F57E0C94ACCEEBB3073B5A04F377530BF5C4EFF6C4D65435253C6FFD1
2256WinRAR.exeC:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\TSP Dork generator v8.0\presets\pagetypes\preset3.txttext
MD5:191CBDE5955EA52A58EFD6D65D5C5156
SHA256:14C9F52729B15B0E0B6C42F147513A7FF4EDC45AF6F9996030D56033D9CA022E
2256WinRAR.exeC:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\TSP Dork generator v8.0\presets\pageformats\preset3.txttext
MD5:87F4C2439DDD025A233BD5AAF3656168
SHA256:516BF2DA52790E61DF36EB8AD74FF5A458D44312E0CCE3D08CA6FD5CD4619835
2256WinRAR.exeC:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\TSP Dork generator v8.0\presets\pagetypes\preset1.txttext
MD5:BAB63182B97F9E5678786AECEA52700F
SHA256:F5F82368C882677ED966753CFA4371DE6EF5214CCFC3EBAEE050E3AFDDFFBC5D
2256WinRAR.exeC:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\TSP Dork generator v8.0\presets\pagetypes\preset2.txttext
MD5:5429B5BED87190B6A82E57A4701D7256
SHA256:85E3265A68C922BFAF3E0435DADCD2D511B7B4E605E31E28FFD54A4D70CFF9E9
2256WinRAR.exeC:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\TSP Dork generator v8.0\presets\searchfunctions\preset2.txttext
MD5:0D1C471E849110783E72C30E42739D84
SHA256:65660887CD06E72CF738FCF4BAFB40F27D1A444DBBBA82881038ABB9E7A42E62
2256WinRAR.exeC:\Users\admin\AppData\Local\Temp\TSP Dork generator v8.0.rar\TSP Dork generator v8.0\presets\searchfunctions\preset1.txttext
MD5:AA39E20221E791C4C78E64C81CA56254
SHA256:750EBDC6C646B22D1A22D3D4C72C7B6F46F63421A590112F0F50F5C5CA314028
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
6
DNS requests
2
Threats
3

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
2904
TSP Dork generator hot edition.exe
162.125.66.15:443
dl.dropbox.com
DROPBOX
DE
malicious

DNS requests

Domain
IP
Reputation
dl.dropbox.com
  • 162.125.66.15
shared
dl.dropboxusercontent.com
  • 162.125.66.15
shared

Threats

PID
Process
Class
Message
2904
TSP Dork generator hot edition.exe
Misc activity
ET INFO DropBox User Content Download Access over SSL M2
2904
TSP Dork generator hot edition.exe
Misc activity
ET INFO DropBox User Content Domain (dl .dropboxusercontent .com in TLS SNI)
2904
TSP Dork generator hot edition.exe
Misc activity
ET INFO DropBox User Content Download Access over SSL M2
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
TSP Dork generator v8.0.rar.zip