analyze malware
- Huge database of samples and IOCs
- Custom VM setup
- Unlimited submissions
- Interactive approach
| File name: | RuBot Cracked.zip |
| Full analysis: | https://app.any.run/tasks/08b3d1f1-9e9e-4761-8038-a8c8c9c6bb81 |
| Verdict: | Malicious activity |
| Analysis date: | August 09, 2020, 01:09:04 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | application/zip |
| File info: | Zip archive data, at least v2.0 to extract |
| MD5: | 37D2DAD58754B27D4B9250D179E24440 |
| SHA1: | 6AF1ADE87A1E14E4F6EB997EF1540C5377B86546 |
| SHA256: | 673134EFE7B5694843693657BCA52144AE668DC5C1E99421A03FE9E11AA520C0 |
| SSDEEP: | 12288:/UCkdYOaD3wrb8IxQMAu06iqUzdwSMOtF3yHDskgfHkBjR18VKecFajgMTV2nTpn:/YdY/cQVxqUzdwwICHkVfecZmgpMm |
MALICIOUS
Loads dropped or rewritten executable
- SearchProtocolHost.exe (PID: 3464)
- RuBot2Copy.exe (PID: 2740)
Application was dropped or rewritten from another process
- RuBot2Copy.exe (PID: 2740)
SUSPICIOUS
Executable content was dropped or overwritten
- WinRAR.exe (PID: 2820)
INFO
Manual execution by user
- RuBot2Copy.exe (PID: 2740)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .zip | | | ZIP compressed archive (100) |
|---|
EXIF
ZIP
| ZipRequiredVersion: | 20 |
|---|---|
| ZipBitFlag: | - |
| ZipCompression: | None |
| ZipModifyDate: | 2018:03:24 11:21:20 |
| ZipCRC: | 0x834fc351 |
| ZipCompressedSize: | 15 |
| ZipUncompressedSize: | 15 |
| ZipFileName: | RuBot Cracked/New Text Document.txt |
Total processes
42
Monitored processes
3
Malicious processes
2
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process |
|---|---|---|---|---|
| 2820 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\RuBot Cracked.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
| 3464 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
| 2740 | "C:\Users\admin\Desktop\RuBot Cracked\RuBot\RuBot2Copy.exe" | C:\Users\admin\Desktop\RuBot Cracked\RuBot\RuBot2Copy.exe | — | explorer.exe |
User: admin Company: RuBot.OVH Integrity Level: MEDIUM Description: RuBot_Tools Version: 6.1.0.0 | ||||
Total events
782
Read events
767
Write events
15
Delete events
0
Modification events
| (PID) Process: | (2820) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
| Operation: | write | Name: | ShellExtBMP |
Value: | |||
| (PID) Process: | (2820) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
| Operation: | write | Name: | ShellExtIcon |
Value: | |||
| (PID) Process: | (2820) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\137\52C64B7E |
| Operation: | write | Name: | LanguageList |
Value: en-US | |||
| (PID) Process: | (2820) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\137\52C64B7E |
| Operation: | write | Name: | @C:\Windows\system32\NetworkExplorer.dll,-1 |
Value: Network | |||
| (PID) Process: | (2820) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\RuBot Cracked.zip | |||
| (PID) Process: | (2820) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | name |
Value: 120 | |||
| (PID) Process: | (2820) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | size |
Value: 80 | |||
| (PID) Process: | (2820) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | type |
Value: 120 | |||
| (PID) Process: | (2820) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | mtime |
Value: 100 | |||
| (PID) Process: | (2820) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath |
| Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop | |||
Executable files
5
Suspicious files
1
Text files
15
Unknown types
2
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2820 | WinRAR.exe | C:\Users\admin\Desktop\RuBot Cracked\README - HOW TO USE.txt | text | |
MD5:E71E212FDC0E252F66AC32304EC00176 | SHA256:5A7C7A5FC211990FAF1CDF8D38E9D5B83A0709A01267EA9F048534266ED89EDA | |||
| 2820 | WinRAR.exe | C:\Users\admin\Desktop\RuBot Cracked\New Text Document.txt | text | |
MD5:F92AAC60117CB5A86A0682EC1AAB913B | SHA256:56D25187715CC8C648942821E5FEE3214E5F02EB9815B7CFA6A7CB657C810C59 | |||
| 2820 | WinRAR.exe | C:\Users\admin\Desktop\RuBot Cracked\RuBot\RuBot Tools.exe.config | xml | |
MD5:CEBFE157098995082112604CA8730110 | SHA256:DFDF5ECD6291CB0D74B89746B733BC8B1F6E74F00A253DEE15D14891A2CF5BA0 | |||
| 2820 | WinRAR.exe | C:\Users\admin\Desktop\RuBot Cracked\RuBot\Chat Bots Texts\GERMAN CHATBOT.txt | text | |
MD5:10988A198328FC7AF11DD9CDBDB4C52D | SHA256:942C78CF9CA4423E62EA1B6F5D0FD88D955BBAC39F8A52519A54F1C99E734C31 | |||
| 2820 | WinRAR.exe | C:\Users\admin\Desktop\RuBot Cracked\RuBot\.vs\RuBot Tools\v15\.suo | binary | |
MD5:72047AF58DB7B8A1FEE383AA420C6779 | SHA256:F508439301484AA31277BB4C49BC0A14AD95235F8E96C6FFBB0422DEC737A8B6 | |||
| 2820 | WinRAR.exe | C:\Users\admin\Desktop\RuBot Cracked\RuBot\Chat Bots Texts\chatBot1.txt | text | |
MD5:C789D5B6C6FF9F572E01190D47AE7650 | SHA256:545446DEC55B7D26D36E8C41FACDDBF3613AF32276F473D545E7CA2E486A7010 | |||
| 2820 | WinRAR.exe | C:\Users\admin\Desktop\RuBot Cracked\RuBot\HtmlAgilityPack.dll | executable | |
MD5:433645B4A51EE5D2A2E48114BE461052 | SHA256:129288252BEED0824C8436F3C595BD8E200A2182A229DEC85A2CA722F0CF1A05 | |||
| 2820 | WinRAR.exe | C:\Users\admin\Desktop\RuBot Cracked\RuBot\Chat Bots Texts\chatBot 2.txt | text | |
MD5:2B4E21C7544F4BCD9232D2859BA96E37 | SHA256:9B253AAE47E1D2573CB8508EB235CC9C660826F7D8AE295D82AC495CA2B2C388 | |||
| 2820 | WinRAR.exe | C:\Users\admin\Desktop\RuBot Cracked\RuBot\HtmlAgilityPack.pdb | pdb | |
MD5:A62E283F655F6C8D13C2157DECC6D526 | SHA256:76209CD7521A86B41E27242F6BBB4FB48715840809D4E932351F33AE7C07D19F | |||
| 2820 | WinRAR.exe | C:\Users\admin\Desktop\RuBot Cracked\RuBot\RuBot Tools.vshost.exe.manifest | xml | |
MD5:A19A2658BA69030C6AC9D11FD7D7E3C1 | SHA256:C0085EB467D2FC9C9F395047E057183B3CD1503A4087D0DB565161C13527A76F | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report