File name:

Discord Nitro Checker v2.rar

Full analysis: https://app.any.run/tasks/d9712c7d-291e-4fc3-8106-942eb6bf3159
Verdict: Malicious activity
Analysis date: December 18, 2021, 11:53:33
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

5B1B1C7BD73BD5643997C366BA3859E7

SHA1:

D9D1999D0AED0227B50C7ADCB16AEC171C783739

SHA256:

6B64AFE83C141968C15A84B8CA78E7D1FC102BEEDF362FD9BA11352FA2C1F3F3

SSDEEP:

196608:G1vsS+MDKg2EO49P/kRxxqCi+p9os62Gy18O:GprDKgJ39PY9X62Gyb

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads the computer name

      • WinRAR.exe (PID: 3036)

    • Checks supported languages

      • WinRAR.exe (PID: 3036)

    • Drops a file with a compile date too recent

      • WinRAR.exe (PID: 3036)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3036)

    • Drops a file that was compiled in debug mode

      • WinRAR.exe (PID: 3036)

  • INFO

    • Checks supported languages

      • NOTEPAD.EXE (PID: 2888)
      • NOTEPAD.EXE (PID: 2148)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
36
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe notepad.exe no specs notepad.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2148"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\Rar$DIa3036.11810\codes.txtC:\Windows\system32\NOTEPAD.EXEWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
2888"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\Rar$DIa3036.9856\proxy.txtC:\Windows\system32\NOTEPAD.EXEWinRAR.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
3036"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Discord Nitro Checker v2.rar"C:\Program Files\WinRAR\WinRAR.exe
Explorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
Total events
1 601
Read events
1 571
Write events
30
Delete events
0

Modification events

(PID) Process:(3036) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3036) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3036) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3036) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(3036) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3036) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Discord Nitro Checker v2.rar
(PID) Process:(3036) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3036) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3036) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3036) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
Executable files
7
Suspicious files
0
Text files
4
Unknown types
0

Dropped files

PID
Process
Filename
Type
3036WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3036.8460\DNC v2\xNet.dllexecutable
MD5:AC1DCEDDBC66A1AB7915AC9931F0CFEC
SHA256:CC949931EF9533ADCED83F3D58862E9732E5DB7AD17B5FD4CB9D209A99EDB592
3036WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3036.8460\DNC v2\proxy.txttext
MD5:753B4724334E4225692518782B905235
SHA256:655F942072204C3049B57FE016B403D8BC52C838AB8E65EE5018E81981550C76
3036WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3036.8460\DNC v2\DNC v2.exeexecutable
MD5:ECAFE77EA5E336332A88481699B5BB70
SHA256:8E6908E145FEED4AA6EE5A05753B69803E5801BB7C08EAC68B199300682000D2
3036WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3036.8460\DNC v2\codes.txttext
MD5:A2E4822A98337283E39F7B60ACF85EC9
SHA256:2E1CFA82B035C26CBBBDAE632CEA070514EB8B773F616AAEAF668E2F0BE8F10D
3036WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa3036.10324\xNet.dllexecutable
MD5:AC1DCEDDBC66A1AB7915AC9931F0CFEC
SHA256:CC949931EF9533ADCED83F3D58862E9732E5DB7AD17B5FD4CB9D209A99EDB592
3036WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa3036.9574\Newtonsoft.Json.dllexecutable
MD5:5AFDA7C7D4F7085E744C2E7599279DB3
SHA256:F58C374FFCAAE4E36D740D90FBF7FE70D0ABB7328CD9AF3A0A7B70803E994BA4
3036WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa3036.11810\codes.txttext
MD5:A2E4822A98337283E39F7B60ACF85EC9
SHA256:2E1CFA82B035C26CBBBDAE632CEA070514EB8B773F616AAEAF668E2F0BE8F10D
3036WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3036.8460\DNC v2\Colorful.Console.dllexecutable
MD5:5F3D2CFBC21591B8FEEF1EFA3E59A4D0
SHA256:F31D4FD7E729FC6CF4ECAB972B6B1EE897918A325B1CA572030966F831E768FB
3036WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa3036.9856\proxy.txttext
MD5:753B4724334E4225692518782B905235
SHA256:655F942072204C3049B57FE016B403D8BC52C838AB8E65EE5018E81981550C76
3036WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3036.8460\DNC v2\Newtonsoft.Json.dllexecutable
MD5:5AFDA7C7D4F7085E744C2E7599279DB3
SHA256:F58C374FFCAAE4E36D740D90FBF7FE70D0ABB7328CD9AF3A0A7B70803E994BA4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Discord Nitro Checker v2.rar