File name:

nitrox cracked.rar

Full analysis: https://app.any.run/tasks/b3224510-074d-4fc9-a53a-b6b03610314d
Verdict: Malicious activity
Analysis date: February 07, 2024, 08:24:42
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

66DD4081E227D786147E198758BE3216

SHA1:

FB27D38DC3D02C119E6A48C070B8A3F8E892C3ED

SHA256:

7287F988F87B18998C8B8AEF5376A5BDA1C721A3B82A2C5658C9D89916C220F1

SSDEEP:

98304:Rzlno6m44jcZ/LClfkxCCU23H0CN01Q9/BKHKCQ9opROO2lCrWhQyARg7ayDiq+u:Yt/5Dffkb5bnqswxDBI/MRLEB

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • WinRAR.exe (PID: 1392)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 1392)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 1392)

    • The process creates files with name similar to system file names

      • WinRAR.exe (PID: 1392)

    • Reads the Internet Settings

      • NitroxLauncher.exe (PID: 1072)

  • INFO

    • Reads the computer name

      • NitroxLauncher.exe (PID: 1072)
      • NitroxServer-Subnautica.exe (PID: 3044)

    • Checks supported languages

      • NitroxLauncher.exe (PID: 1072)
      • NitroxServer-Subnautica.exe (PID: 3044)

    • Reads the machine GUID from the registry

      • NitroxLauncher.exe (PID: 1072)
      • NitroxServer-Subnautica.exe (PID: 3044)

    • Manual execution by a user

      • NitroxLauncher.exe (PID: 1072)
      • NitroxServer-Subnautica.exe (PID: 3044)

    • Reads Environment values

      • NitroxLauncher.exe (PID: 1072)

    • Creates files or folders in the user directory

      • NitroxLauncher.exe (PID: 1072)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1392)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe nitroxlauncher.exe nitroxserver-subnautica.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1072"C:\Users\admin\Desktop\nitrox cracked\NitroxLauncher.exe" C:\Users\admin\Desktop\nitrox cracked\NitroxLauncher.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
NitroxLauncher
Exit code:
0
Version:
1.4.0.0
Modules
Images
c:\users\admin\desktop\nitrox cracked\nitroxlauncher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
1392"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\nitrox cracked.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3044"C:\Users\admin\Desktop\nitrox cracked\NitroxServer-Subnautica.exe" C:\Users\admin\Desktop\nitrox cracked\NitroxServer-Subnautica.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
NitroxServer-Subnautica
Exit code:
3221225786
Version:
1.4.0.0
Modules
Images
c:\users\admin\desktop\nitrox cracked\nitroxserver-subnautica.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
2 087
Read events
2 058
Write events
29
Delete events
0

Modification events

(PID) Process:(1392) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1392) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(1392) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(1392) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(1392) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(1392) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1392) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1392) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1392) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1392) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
Executable files
26
Suspicious files
15
Text files
19
Unknown types
0

Dropped files

PID
Process
Filename
Type
1392WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1392.27926\nitrox cracked\AssetBundles\chatkeyhintbinary
MD5:6697F97F158762858938E4224BA3AAF5
SHA256:B05857BA57BE3CCA55CE5CA77ECB48F8464B5E57B393BDE7FAC2093ADFA702B3
1392WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1392.27926\nitrox cracked\lib\Microsoft.WindowsAPICodePack.Shell.dllexecutable
MD5:54FE9A2748C4A0F282D4EC91E3CADC16
SHA256:E6FA9D9E34FF3BF63CE782654B14E4B54A3ABD1022C87BC099032C2948157672
1392WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1392.27926\nitrox cracked\lib\discord-rpc.dllexecutable
MD5:5882C37B79BAE47A0D090006564EDB22
SHA256:5CC2E504800CF4ED2F4781364F661EA22349658DDC391B5D54195E573109D87B
1392WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1392.27926\nitrox cracked\lib\dnlib.xmlxml
MD5:7273A60AA5A1BCBAAE384BF4F7349D8D
SHA256:2CA9D376C327D55ADA644F43D5280A90817048FB8EB7E1DAD576DB5FEB0BD59C
1392WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1392.27926\nitrox cracked\lib\DotNetZip.xmlxml
MD5:AFFC560C09C60B437D6ABE245691CDC8
SHA256:A55C1ACD3FE400A5CA2B988D838E3EBFA3C561B7657ADB6D994E27636369E5D1
1392WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1392.27926\nitrox cracked\lib\Autofac.xmlxml
MD5:C38125A097766C4C71AD1FC3FC03FB4D
SHA256:D9F6FF4BFBCDCCC26DBDC6CADF943F19199463D540BB01F6471263354E551AC0
1392WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1392.27926\nitrox cracked\lib\DotNetZip.pdbpdb
MD5:99E8A5017031E4F4E655AAA4320032C5
SHA256:ED51DAC1907A49E091D2AB6711EEF4D2F032071F527BFEDD4343F72B886223E8
1392WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1392.27926\nitrox cracked\lib\DotNetZip.dllexecutable
MD5:6D1C62EC1C2EF722F49B2D8DD4A4DF16
SHA256:00DA1597D92235D3F84DA979E2FA5DBF049BAFB52C33BD6FC8EE7B29570C124C
1392WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1392.27926\nitrox cracked\lib\LiteNetLib.xmlxml
MD5:901417AEFE1BAA8B27A9E6D5709A1F21
SHA256:3513C687833742D1FC028692BF7D0DEBF794287A9D4448326411DEF2D649C1A7
1392WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1392.27926\nitrox cracked\lib\Microsoft.WindowsAPICodePack.dllexecutable
MD5:0D661949EBC172DFB3C3B98566BDF0FE
SHA256:808E96F59E7DD2212EACE049079D25545F6C9C3F05244EC9CDC539FDA18D34D6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
1072
NitroxLauncher.exe
140.82.121.5:443
api.github.com
GITHUB
US
unknown

DNS requests

Domain
IP
Reputation
api.github.com
  • 140.82.121.5
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
nitrox cracked.rar