URL:

https://dosya.co/bdsyskukm6y6/SilverBullet.v1.1.2.rar.html

Full analysis: https://app.any.run/tasks/6b976aad-9887-4b82-918a-7c77711be4f1
Verdict: Malicious activity
Analysis date: November 25, 2023, 13:28:16
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
SHA1:

BA6EE9ACC59746720FB7AE83A7F7FB9F85F5D7C5

SHA256:

6ECAF5B4DD4889C108633BA6234245F3713DCBAA25487BC2D2C8325D54C45DE9

SSDEEP:

3:N8SgLdCsGtP9RnjLzn:2SXr5znjn

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 2728)

    • Reads the Internet Settings

      • SilverBullet.exe (PID: 3624)

  • INFO

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2332)

    • Reads the computer name

      • wmpnscfg.exe (PID: 2332)
      • SilverBullet.exe (PID: 3624)

    • The process uses the downloaded file

      • iexplore.exe (PID: 564)
      • WinRAR.exe (PID: 2728)

    • Checks supported languages

      • SilverBullet.exe (PID: 3624)
      • wmpnscfg.exe (PID: 2332)

    • Application launched itself

      • iexplore.exe (PID: 564)

    • Reads the machine GUID from the registry

      • wmpnscfg.exe (PID: 2332)
      • SilverBullet.exe (PID: 3624)

    • Create files in a temporary directory

      • SilverBullet.exe (PID: 3624)

    • Reads Environment values

      • SilverBullet.exe (PID: 3624)

    • Creates files in the program directory

      • SilverBullet.exe (PID: 3624)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 2728)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
5
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
start iexplore.exe iexplore.exe wmpnscfg.exe no specs winrar.exe no specs silverbullet.exe

Process information

PID
CMD
Path
Indicators
Parent process
564"C:\Program Files\Internet Explorer\iexplore.exe" "https://dosya.co/bdsyskukm6y6/SilverBullet.v1.1.2.rar.html"C:\Program Files\Internet Explorer\iexplore.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
2332"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\ole32.dll
2728"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\SilverBullet.v1.1.2.rar"C:\Program Files\WinRAR\WinRAR.exeiexplore.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
2848"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:564 CREDAT:267521 /prefetch:2C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Exit code:
0
Version:
11.00.9600.16428 (winblue_gdr.131013-1700)
Modules
Images
c:\program files\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\iertutil.dll
3624"C:\Users\admin\AppData\Local\Temp\Rar$EXa2728.1163\SilverBullet.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa2728.1163\SilverBullet.exe
WinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
SilverBullet
Exit code:
0
Version:
1.1.0.0
Modules
Images
c:\users\admin\appdata\local\temp\rar$exa2728.1163\silverbullet.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
27 187
Read events
27 087
Write events
95
Delete events
5

Modification events

(PID) Process:(564) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPDaysSinceLastAutoMigration
Value:
0
(PID) Process:(564) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing
Operation:writeName:NTPLastLaunchHighDateTime
Value:
30847387
(PID) Process:(564) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\UrlBlockManager
Operation:writeName:NextCheckForUpdateHighDateTime
Value:
30847437
(PID) Process:(564) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(564) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(564) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
Operation:writeName:CompatibilityFlags
Value:
0
(PID) Process:(564) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(564) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(564) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(564) iexplore.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
179
Suspicious files
208
Text files
123
Unknown types
0

Dropped files

PID
Process
Filename
Type
2848iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751binary
MD5:60FE01DF86BE2E5331B0CDBE86165686
SHA256:C08CCBC876CD5A7CDFA9670F9637DA57F6A1282198A9BC71FC7D7247A6E5B7A8
2848iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157binary
MD5:25CF8E54ACC3ACDB5B57D426795CA040
SHA256:A42C0940C3A8BFD0AD7976363E85FA4B67A1AA6780A8197C0F6B4C03D223D214
2848iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\tablo[1].csstext
MD5:D15ABDDFFAE3A6BA62FA24B5D4D8DB57
SHA256:4FDCCB9053939F1C4AB512C674B1AE9320CBA6733D682D5E796B4B75DA782BFF
2848iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7906151FBB6A030EF769491555A08F2Fbinary
MD5:5FDD87CCAAD4F7DFBCDAAC910F2D8A4F
SHA256:02ED94587BA67C06B66E23C1E9AD8FC262219C4138F280117CE719E3000E94EF
2848iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DY534W2X\main[1].csstext
MD5:5B0C53B19C0A3A992E960D224CB5A66A
SHA256:316324B163A0DA3F6CD4568C006ADF9FFA137063EBD9A4DB29CAC643D59FCB46
2848iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157compressed
MD5:1BFE591A4FE3D91B03CDF26EAACD8F89
SHA256:9CF94355051BF0F4A45724CA20D1CC02F76371B963AB7D1E38BD8997737B13D8
2848iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\xupload[1].jstext
MD5:B93D4507A507DD3B262DF968DE263629
SHA256:F52BD322C3A2E09338BF72B845C59AC2B1C4ECFFE5E0E0513010CD69FF7EEC9F
2848iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\SilverBullet.v1.1.2.rar[1].htmhtml
MD5:F9AA37595BB1371519069BD921AFF6A1
SHA256:5844B2226B9D5A6589CBCA531276F85EADDD5280EA98EF7F875A27F4BCF6D29F
2848iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YTOWV792\logo[1].pngimage
MD5:366827E3E11017BFC9FF2073B98D7BCA
SHA256:7ED72D07BAD4E847F9647546DDF0EF0177B4BECDCB899ECF4BBA18B76031FE7B
2848iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\jquery.cookie[1].jstext
MD5:FF14E4812B7F512E620B1AD35542BCFC
SHA256:C4FB91BEFCF134B81ECFA1C586E1F9D6426C8F4FC1F6C130AC1FDDB49AB5DF96
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
30
TCP/UDP connections
86
DNS requests
41
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2848
iexplore.exe
GET
200
87.248.204.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?e925f9b3981bfc0f
unknown
compressed
4.66 Kb
unknown
2848
iexplore.exe
GET
200
87.248.204.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0e152650b56312b4
unknown
compressed
4.66 Kb
unknown
2848
iexplore.exe
GET
200
87.248.204.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?49b3268dada30985
unknown
compressed
61.6 Kb
unknown
2848
iexplore.exe
GET
200
87.248.204.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?224689cdb0c8b7cf
unknown
compressed
61.6 Kb
unknown
2848
iexplore.exe
GET
200
23.60.200.134:80
http://x1.c.lencr.org/
unknown
binary
717 b
unknown
2848
iexplore.exe
GET
200
95.101.54.129:80
http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgQhaBg0mC81QrjoTYWl8uKnYw%3D%3D
unknown
binary
503 b
unknown
1080
svchost.exe
GET
304
87.248.204.0:80
http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?60b2f43ad8cf70d9
unknown
unknown
2848
iexplore.exe
GET
200
142.250.186.35:80
http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D
unknown
binary
1.41 Kb
unknown
2848
iexplore.exe
GET
200
142.250.186.35:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEEYEdcdvM%2B0BEMsDuQBqQWU%3D
unknown
binary
471 b
unknown
2848
iexplore.exe
GET
200
142.250.186.35:80
http://ocsp.pki.goog/gts1c3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTHLnmK3f9hNLO67UdCuLvGwCQHYwQUinR%2Fr4XN7pXNPZzQ4kYU83E1HScCEGnDG5bTn5x8CX%2FV35qhd0s%3D
unknown
binary
471 b
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
2848
iexplore.exe
195.201.111.49:443
dosya.co
Hetzner Online GmbH
DE
unknown
4
System
192.168.100.255:138
whitelisted
2848
iexplore.exe
87.248.204.0:80
ctldl.windowsupdate.com
LLNW
US
unknown
2848
iexplore.exe
23.60.200.134:80
x1.c.lencr.org
AKAMAI-AS
DE
unknown
2848
iexplore.exe
95.101.54.129:80
r3.o.lencr.org
Akamai International B.V.
DE
unknown
2588
svchost.exe
239.255.255.250:1900
whitelisted
1080
svchost.exe
87.248.204.0:80
ctldl.windowsupdate.com
LLNW
US
unknown
2848
iexplore.exe
142.250.185.74:443
fonts.googleapis.com
GOOGLE
US
whitelisted

DNS requests

Domain
IP
Reputation
dosya.co
  • 195.201.111.49
unknown
ctldl.windowsupdate.com
  • 87.248.204.0
unknown
x1.c.lencr.org
  • 23.60.200.134
unknown
r3.o.lencr.org
  • 95.101.54.129
  • 95.101.54.195
  • 95.101.54.104
  • 95.101.54.113
  • 95.101.54.202
  • 95.101.54.121
  • 2.16.202.123
  • 95.101.54.107
  • 95.101.54.210
unknown
fonts.googleapis.com
  • 142.250.185.74
unknown
maxcdn.bootstrapcdn.com
  • 104.18.11.207
  • 104.18.10.207
unknown
cdnjs.cloudflare.com
  • 104.17.25.14
  • 104.17.24.14
unknown
www.googletagmanager.com
  • 216.58.212.136
unknown
apis.google.com
  • 142.250.185.142
unknown
pagead2.googlesyndication.com
  • 172.217.18.98
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
https://dosya.co/bdsyskukm6y6/SilverBullet.v1.1.2.rar.html