File name:

NetLimiter Keygen v1.3.rar

Full analysis: https://app.any.run/tasks/bf08983e-0aa6-48d8-ad8e-9b4e4d752acd
Verdict: Malicious activity
Analysis date: December 03, 2023, 13:50:51
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

44DB29975C2B49AF2D221BC1B1AA2FF2

SHA1:

B64AC73F963F46BB56DF852A2E9D997CF5F0E100

SHA256:

681AE66A02C669828DA47A5657562DAD1ABAFAA8D6E7649F585D3051CD55FDDA

SSDEEP:

98304:LCMp06/PBDj0nvvkuHXj3JyJtFFvLmSqDqyEeAIFShPEOWvBuNGQh08BoWYj91gh:LFJjJsZ4y0yQ3j5

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Creates a writable file in the system directory

      • NetLimiter Keygen v1.3.exe (PID: 2612)

    • Drops the executable file immediately after the start

      • NetLimiter Keygen v1.3.exe (PID: 2612)

  • SUSPICIOUS

    • Reads the BIOS version

      • NetLimiter Keygen v1.3.exe (PID: 2612)

  • INFO

    • Manual execution by a user

      • osk.exe (PID: 3856)
      • wmpnscfg.exe (PID: 3672)
      • NetLimiter Keygen v1.3.exe (PID: 2612)
      • NetLimiter Keygen v1.3.exe (PID: 2068)
      • osk.exe (PID: 2600)

    • Checks supported languages

      • wmpnscfg.exe (PID: 3672)
      • NetLimiter Keygen v1.3.exe (PID: 2612)

    • Reads the computer name

      • wmpnscfg.exe (PID: 3672)
      • NetLimiter Keygen v1.3.exe (PID: 2612)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 564)

    • Process checks are UAC notifies on

      • NetLimiter Keygen v1.3.exe (PID: 2612)

    • Reads the machine GUID from the registry

      • NetLimiter Keygen v1.3.exe (PID: 2612)

    • Create files in a temporary directory

      • NetLimiter Keygen v1.3.exe (PID: 2612)

    • Creates files in the program directory

      • NetLimiter Keygen v1.3.exe (PID: 2612)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
54
Monitored processes
6
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs wmpnscfg.exe no specs osk.exe no specs osk.exe netlimiter keygen v1.3.exe no specs netlimiter keygen v1.3.exe

Process information

PID
CMD
Path
Indicators
Parent process
564"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\NetLimiter Keygen v1.3.rar"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2068"C:\Users\admin\Desktop\NetLimiter Keygen v1.3.exe" C:\Users\admin\Desktop\NetLimiter Keygen v1.3.exeexplorer.exe
User:
admin
Company:
Jasi2169
Integrity Level:
MEDIUM
Description:
Netlimiter Keygen By Jasi2169
Exit code:
3221226540
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\netlimiter keygen v1.3.exe
c:\windows\system32\ntdll.dll
2600"C:\Windows\system32\osk.exe" C:\Windows\System32\osk.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Accessibility On-Screen Keyboard
Exit code:
3221226540
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\osk.exe
c:\windows\system32\ntdll.dll
2612"C:\Users\admin\Desktop\NetLimiter Keygen v1.3.exe" C:\Users\admin\Desktop\NetLimiter Keygen v1.3.exe
explorer.exe
User:
admin
Company:
Jasi2169
Integrity Level:
HIGH
Description:
Netlimiter Keygen By Jasi2169
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\netlimiter keygen v1.3.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
3672"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
3856"C:\Windows\system32\osk.exe" C:\Windows\System32\osk.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Accessibility On-Screen Keyboard
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\osk.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
Total events
2 608
Read events
2 575
Write events
32
Delete events
1

Modification events

(PID) Process:(564) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\17F\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(564) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(2612) NetLimiter Keygen v1.3.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:NodeSlots
Value:
0202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202
(PID) Process:(2612) NetLimiter Keygen v1.3.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU
Operation:writeName:MRUListEx
Value:
07000000020000000100000000000000060000000C0000000B0000000D0000000A0000000900000008000000030000000500000004000000FFFFFFFF
Executable files
3
Suspicious files
4
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
2612NetLimiter Keygen v1.3.exeC:\Users\admin\AppData\Local\Temp\Netlimiter Keygen.X86.1.0.0.0\Native.dllexecutable
MD5:36FDE2466FEA08328EDB8744EE01981E
SHA256:AC3D757539AF3AC2103803F5F058FCF05D4082498DCB02F42EBF322A5AC9D9D6
2612NetLimiter Keygen v1.3.exeC:\Windows\system32\bassmod.dllexecutable
MD5:E4EC57E8508C5C4040383EBE6D367928
SHA256:8AD9E47693E292F381DA42DDC13724A3063040E51C26F4CA8E1F8E2F1DDD547F
2612NetLimiter Keygen v1.3.exeC:\Windows\System32\drivers\etc\hoststext
MD5:72E99DAA8D587435C9D50E04EC3D7E80
SHA256:61FA8F0E71D155715F17B4100D77D54DF9EEBD1E036B87CB14CD4356CD0F66D1
2612NetLimiter Keygen v1.3.exeC:\ProgramData\Locktime\NetLimiter\5\license.jsonbinary
MD5:89D71E089948A958CBD6F9A7ED0B16A2
SHA256:3F097526B7904D5648A09563571EE312516647080FEFA37E84BB2EA6A73DCF45
2612NetLimiter Keygen v1.3.exeC:\Users\admin\AppData\Local\Temp\Netlimiter Keygen.X86.1.0.0.0\keygen_cursor.curbinary
MD5:FC9B2E18A0E21C712E227E88248882C1
SHA256:FE802DB4DE68C9340F7A211DDF694109FD983478454CCB925A06F68851276C69
564WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb564.46924\NetLimiter Keygen v1.3.exeexecutable
MD5:403CE52E780C06D2869145AD4461B567
SHA256:124E9A0FB03FCEB4DD2ED5820C5A8D8381A2BFE6922A6CF8B630C29D3BEF564A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
6
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
2588
svchost.exe
239.255.255.250:1900
whitelisted
868
svchost.exe
23.35.228.137:80
AKAMAI-AS
DE
unknown
868
svchost.exe
184.30.20.134:80
armmf.adobe.com
AKAMAI-AS
DE
unknown

DNS requests

Domain
IP
Reputation
armmf.adobe.com
  • 184.30.20.134
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
NetLimiter Keygen v1.3.rar