File name:

nitrox cracked.rar

Full analysis: https://app.any.run/tasks/b3224510-074d-4fc9-a53a-b6b03610314d
Verdict: Malicious activity
Analysis date: February 07, 2024, 08:24:42
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

66DD4081E227D786147E198758BE3216

SHA1:

FB27D38DC3D02C119E6A48C070B8A3F8E892C3ED

SHA256:

7287F988F87B18998C8B8AEF5376A5BDA1C721A3B82A2C5658C9D89916C220F1

SSDEEP:

98304:Rzlno6m44jcZ/LClfkxCCU23H0CN01Q9/BKHKCQ9opROO2lCrWhQyARg7ayDiq+u:Yt/5Dffkb5bnqswxDBI/MRLEB

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Actions looks like stealing of personal data

      • WinRAR.exe (PID: 1392)

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 1392)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 1392)

    • Reads the Internet Settings

      • NitroxLauncher.exe (PID: 1072)

    • The process creates files with name similar to system file names

      • WinRAR.exe (PID: 1392)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1392)

    • Manual execution by a user

      • NitroxServer-Subnautica.exe (PID: 3044)
      • NitroxLauncher.exe (PID: 1072)

    • Checks supported languages

      • NitroxServer-Subnautica.exe (PID: 3044)
      • NitroxLauncher.exe (PID: 1072)

    • Reads the computer name

      • NitroxServer-Subnautica.exe (PID: 3044)
      • NitroxLauncher.exe (PID: 1072)

    • Reads the machine GUID from the registry

      • NitroxServer-Subnautica.exe (PID: 3044)
      • NitroxLauncher.exe (PID: 1072)

    • Reads Environment values

      • NitroxLauncher.exe (PID: 1072)

    • Creates files or folders in the user directory

      • NitroxLauncher.exe (PID: 1072)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
41
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe nitroxlauncher.exe nitroxserver-subnautica.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1072"C:\Users\admin\Desktop\nitrox cracked\NitroxLauncher.exe" C:\Users\admin\Desktop\nitrox cracked\NitroxLauncher.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
NitroxLauncher
Exit code:
0
Version:
1.4.0.0
Modules
Images
c:\users\admin\desktop\nitrox cracked\nitroxlauncher.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\apppatch\aclayers.dll
c:\windows\system32\sspicli.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\rpcrt4.dll
1392"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\nitrox cracked.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\comdlg32.dll
3044"C:\Users\admin\Desktop\nitrox cracked\NitroxServer-Subnautica.exe" C:\Users\admin\Desktop\nitrox cracked\NitroxServer-Subnautica.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
NitroxServer-Subnautica
Exit code:
3221225786
Version:
1.4.0.0
Modules
Images
c:\users\admin\desktop\nitrox cracked\nitroxserver-subnautica.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
2 087
Read events
2 058
Write events
29
Delete events
0

Modification events

(PID) Process:(1392) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(1392) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip
(PID) Process:(1392) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(1392) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(1392) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(1392) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(1392) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(1392) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(1392) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(1392) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
Executable files
26
Suspicious files
15
Text files
19
Unknown types
0

Dropped files

PID
Process
Filename
Type
1392WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1392.27926\nitrox cracked\AssetBundles\chatkeyhintbinary
MD5:6697F97F158762858938E4224BA3AAF5
SHA256:B05857BA57BE3CCA55CE5CA77ECB48F8464B5E57B393BDE7FAC2093ADFA702B3
1392WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1392.27926\nitrox cracked\AssetBundles\chatlogbinary
MD5:5C78EFB8D79E4804219CA6377091D230
SHA256:8AE8DF4F3AF255F1C61BFB47AAB2C04AC18FECC276874F58C20FDA83163055FD
1392WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1392.27926\nitrox cracked\lib\0Harmony.dllexecutable
MD5:DFE9C720D12800B88E79339A1D6DFB99
SHA256:F9DD2E268FAE299D52EDE8B8D939622D78AA948C8FEA3189DB12EF535996C937
1392WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1392.27926\nitrox cracked\lib\Autofac.dllexecutable
MD5:996F8BB8D5988EC942F1A412120E6178
SHA256:4A0A258ACDD8B8544F100255B36956465AAB30FBD557C27D7C1479E2176DA3A6
1392WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1392.27926\nitrox cracked\lib\Autofac.pdbbinary
MD5:82936300C92028D932BFE54C6DC3ED13
SHA256:C3ED46EC85B026BF9D5E392E8BB6CC691C864C2149248BBDE5C97E6E8AC2B984
1392WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1392.27926\nitrox cracked\lib\AssetsTools.NET.dllexecutable
MD5:AFA8E9D0029DB39C2DF74B4C55356D0F
SHA256:4113A6BE45035466ACB0221E84E3CEB9B9C5A8B530D6FF41C76282D2953EE220
1392WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1392.27926\nitrox cracked\lib\Autofac.xmlxml
MD5:C38125A097766C4C71AD1FC3FC03FB4D
SHA256:D9F6FF4BFBCDCCC26DBDC6CADF943F19199463D540BB01F6471263354E551AC0
1392WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1392.27926\nitrox cracked\lib\dnlib.xmlxml
MD5:7273A60AA5A1BCBAAE384BF4F7349D8D
SHA256:2CA9D376C327D55ADA644F43D5280A90817048FB8EB7E1DAD576DB5FEB0BD59C
1392WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1392.27926\nitrox cracked\lib\discord-rpc.dllexecutable
MD5:5882C37B79BAE47A0D090006564EDB22
SHA256:5CC2E504800CF4ED2F4781364F661EA22349658DDC391B5D54195E573109D87B
1392WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1392.27926\nitrox cracked\lib\dnlib.dllexecutable
MD5:DE0069C4097C987BD30EBE8155A8AF35
SHA256:83445595D38A8E33513B33DFC201983AF4746E5327C9BED470A6282D91D539B6
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
5
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
1072
NitroxLauncher.exe
140.82.121.5:443
api.github.com
GITHUB
US
unknown

DNS requests

Domain
IP
Reputation
api.github.com
  • 140.82.121.5
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
nitrox cracked.rar