analyze malware
- Huge database of samples and IOCs
- Custom VM setup
- Unlimited submissions
- Interactive approach
| File name: | Crypter_Pro_Free_v2.0.rar |
| Full analysis: | https://app.any.run/tasks/808efa11-6573-4038-8d6e-7f176fa8b722 |
| Verdict: | Malicious activity |
| Analysis date: | May 29, 2020, 22:12:12 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| MIME: | application/x-rar |
| File info: | RAR archive data, v5 |
| MD5: | BE7F8CF2C86D1A96B45F6EEA22F8051B |
| SHA1: | D10A5517599F4269C2AEC0EB15A39B136969249A |
| SHA256: | 76DA3CD6BC4EFC93ED816EFE5C6EDADDCFFCC1C6691D3C529668E12905354DD0 |
| SSDEEP: | 24576:8D+JswHLO4i9xclQfrGXRdwckBmaW2pVfAs61KmNSfFq:IDqq3slQ8d5kmaxpVfAnKTfFq |
MALICIOUS
Application was dropped or rewritten from another process
- Crypter Pro Free v2.0.exe (PID: 3020)
Loads dropped or rewritten executable
- Crypter Pro Free v2.0.exe (PID: 3020)
- SearchProtocolHost.exe (PID: 3372)
SUSPICIOUS
No suspicious indicators.INFO
Manual execution by user
- Crypter Pro Free v2.0.exe (PID: 3020)
- NOTEPAD.EXE (PID: 1428)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .rar | | | RAR compressed archive (v5.0) (61.5) |
|---|---|---|
| .rar | | | RAR compressed archive (gen) (38.4) |
Total processes
39
Monitored processes
4
Malicious processes
1
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process |
|---|---|---|---|---|
| 1396 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Crypter_Pro_Free_v2.0.rar" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
| 3372 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
| 3020 | "C:\Users\admin\Desktop\Crypter Pro Free v2.0.exe" | C:\Users\admin\Desktop\Crypter Pro Free v2.0.exe | — | explorer.exe |
User: admin Company: HiDDen PerSOn Integrity Level: MEDIUM Description: Crypter Pro Free v2.0 Version: 1.0.0.0 | ||||
| 1428 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\New Text Document.txt | C:\Windows\system32\NOTEPAD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
Total events
465
Read events
454
Write events
0
Delete events
0
Modification events
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 1396 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1396.18782\Crypter Pro Free v2.0\Crypter Pro Free v2.0.exe | — | |
MD5:— | SHA256:— | |||
| 1396 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1396.18782\Crypter Pro Free v2.0\Crypter Pro Free v2032.dll | — | |
MD5:— | SHA256:— | |||
| 1396 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1396.18782\Crypter Pro Free v2.0\Crypter Pro Free v2064.dll | — | |
MD5:— | SHA256:— | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report