File name:

6.rar

Full analysis: https://app.any.run/tasks/1af4534b-f627-4a18-9583-d392f86d0dad
Verdict: Malicious activity
Analysis date: April 24, 2020, 07:39:42
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

DE84B6C512C5CA08B60471CAE3B57AF4

SHA1:

0812AF4C05B29A07E1F5832F3E2ED4B4E72ED8C0

SHA256:

774512659EA819CE3F7BB69D878931ED5FE747F312E3A3112FF5626BFAE6F255

SSDEEP:

393216:HKBulbruiu0mldgDTUUym4xr07pxubPAn4Pw66:qIdSdYQUyTa2An4o66

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Youtube MP3 Downloader v0.1 By X-SLAYER.exe (PID: 2836)
      • VidiQ Accounts Checker By X-SLAYER.exe (PID: 564)
      • SQLi SLAYER v404.exe (PID: 2880)
      • Instagram Uploader.exe (PID: 3604)
      • DBC Accounts Checker By X-SLAYER.exe (PID: 3360)
      • Betfair Accounts Checker By X-SLAYER.exe (PID: 3316)
      • Bohoo Accounts Checker By X-SLAYER.exe (PID: 3920)
      • Deezer Accounts Checker By X-SLAYER.exe (PID: 2900)
      • MyCanal Accounts Checker By X-SLAYER.exe (PID: 3104)
      • Steam Account Info By X-SLAYER.exe (PID: 3144)
      • Bonusbitcoin Accounts Checker By X-SLAYER.exe (PID: 3120)
      • Country Filter By X-SLAYER.exe (PID: 608)
      • Alexa Accounts Checker By X-SLAYER.exe (PID: 272)
      • CC Checker X-SLAYER.exe (PID: 3220)
      • Bet365 Accounts Checker By X-SLAYER.exe (PID: 1084)
      • Coinify Accounts Checker By X-SLAYER.exe (PID: 2428)
      • Cut-URL Accounts Checker By X-SLAYER.exe (PID: 1900)
      • imgure Uploader.exe (PID: 628)
      • Spotify Accounts Checker By X-SLAYER.exe (PID: 3448)
      • Recharge.com Accounts Checker By X-SLAYER.exe (PID: 3952)
      • Up-4EVER Accounts Checker By X-SLAYER.exe (PID: 3324)
      • Facebook Cover TimeLine Banner By X-SLAYER.exe (PID: 280)
      • File Upload Accounts Checker By X-SLAYER.exe (PID: 3820)
      • TXT Files MERGE by X-SLAYER.exe (PID: 1524)
      • Up-4EVER Accounts Checker By X-SLAYER.exe (PID: 3976)
      • GearBest AccountsChecker By X-SLAYER.exe (PID: 3872)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3544)

  • INFO

    • Manual execution by user

      • Youtube MP3 Downloader v0.1 By X-SLAYER.exe (PID: 2836)
      • VidiQ Accounts Checker By X-SLAYER.exe (PID: 564)
      • SQLi SLAYER v404.exe (PID: 2880)
      • Instagram Uploader.exe (PID: 3604)
      • DBC Accounts Checker By X-SLAYER.exe (PID: 3360)
      • Betfair Accounts Checker By X-SLAYER.exe (PID: 3316)
      • Bohoo Accounts Checker By X-SLAYER.exe (PID: 3920)
      • Deezer Accounts Checker By X-SLAYER.exe (PID: 2900)
      • MyCanal Accounts Checker By X-SLAYER.exe (PID: 3104)
      • Steam Account Info By X-SLAYER.exe (PID: 3144)
      • WINWORD.EXE (PID: 3100)
      • Bonusbitcoin Accounts Checker By X-SLAYER.exe (PID: 3120)
      • CC Checker X-SLAYER.exe (PID: 3220)
      • Coinify Accounts Checker By X-SLAYER.exe (PID: 2428)
      • Country Filter By X-SLAYER.exe (PID: 608)
      • Bet365 Accounts Checker By X-SLAYER.exe (PID: 1084)
      • Alexa Accounts Checker By X-SLAYER.exe (PID: 272)
      • Spotify Accounts Checker By X-SLAYER.exe (PID: 3448)
      • Recharge.com Accounts Checker By X-SLAYER.exe (PID: 3952)
      • imgure Uploader.exe (PID: 628)
      • Cut-URL Accounts Checker By X-SLAYER.exe (PID: 1900)
      • Facebook Cover TimeLine Banner By X-SLAYER.exe (PID: 280)
      • Up-4EVER Accounts Checker By X-SLAYER.exe (PID: 3976)
      • TXT Files MERGE by X-SLAYER.exe (PID: 1524)
      • Up-4EVER Accounts Checker By X-SLAYER.exe (PID: 3324)
      • GearBest AccountsChecker By X-SLAYER.exe (PID: 3872)
      • File Upload Accounts Checker By X-SLAYER.exe (PID: 3820)

    • Creates files in the user directory

      • WINWORD.EXE (PID: 3100)

    • Reads Microsoft Office registry keys

      • WINWORD.EXE (PID: 3100)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
85
Monitored processes
28
Malicious processes
9
Suspicious processes
2

Behavior graph

Click at the process to see the details
start winrar.exe youtube mp3 downloader v0.1 by x-slayer.exe no specs vidiq accounts checker by x-slayer.exe sqli slayer v404.exe instagram uploader.exe no specs dbc accounts checker by x-slayer.exe betfair accounts checker by x-slayer.exe bohoo accounts checker by x-slayer.exe deezer accounts checker by x-slayer.exe mycanal accounts checker by x-slayer.exe steam account info by x-slayer.exe no specs winword.exe no specs bonusbitcoin accounts checker by x-slayer.exe cc checker x-slayer.exe no specs coinify accounts checker by x-slayer.exe country filter by x-slayer.exe alexa accounts checker by x-slayer.exe bet365 accounts checker by x-slayer.exe cut-url accounts checker by x-slayer.exe imgure uploader.exe no specs spotify accounts checker by x-slayer.exe up-4ever accounts checker by x-slayer.exe recharge.com  accounts checker by x-slayer.exe gearbest accountschecker by x-slayer.exe file upload accounts checker by x-slayer.exe facebook cover timeline banner by x-slayer.exe no specs txt files merge by x-slayer.exe no specs up-4ever accounts checker by x-slayer.exe

Process information

PID
CMD
Path
Indicators
Parent process
272"C:\Users\admin\Desktop\Alexa Accounts Checker By X-SLAYER.exe" C:\Users\admin\Desktop\Alexa Accounts Checker By X-SLAYER.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Checker By X-SLAYER
Exit code:
3762504530
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\alexa accounts checker by x-slayer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
280"C:\Users\admin\Desktop\Facebook Cover TimeLine Banner By X-SLAYER.exe" C:\Users\admin\Desktop\Facebook Cover TimeLine Banner By X-SLAYER.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Facebook Cover TimeLine Banner
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\facebook cover timeline banner by x-slayer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
564"C:\Users\admin\Desktop\VidiQ Accounts Checker By X-SLAYER.exe" C:\Users\admin\Desktop\VidiQ Accounts Checker By X-SLAYER.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Checker By X-SLAYER
Exit code:
3762504530
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\vidiq accounts checker by x-slayer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
608"C:\Users\admin\Desktop\Country Filter By X-SLAYER.exe" C:\Users\admin\Desktop\Country Filter By X-SLAYER.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Combo Domaine Filter
Exit code:
3762504530
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\country filter by x-slayer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
628"C:\Users\admin\Desktop\imgure Uploader.exe" C:\Users\admin\Desktop\imgure Uploader.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
imgure Uploader
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\imgure uploader.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1084"C:\Users\admin\Desktop\Bet365 Accounts Checker By X-SLAYER.exe" C:\Users\admin\Desktop\Bet365 Accounts Checker By X-SLAYER.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Checker By X-SLAYER
Exit code:
3762504530
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\bet365 accounts checker by x-slayer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1524"C:\Users\admin\Desktop\TXT Files MERGE by X-SLAYER.exe" C:\Users\admin\Desktop\TXT Files MERGE by X-SLAYER.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
MERGE
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\txt files merge by x-slayer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
1900"C:\Users\admin\Desktop\Cut-URL Accounts Checker By X-SLAYER.exe" C:\Users\admin\Desktop\Cut-URL Accounts Checker By X-SLAYER.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Checker By X-SLAYER
Exit code:
3762504530
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\cut-url accounts checker by x-slayer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2428"C:\Users\admin\Desktop\Coinify Accounts Checker By X-SLAYER.exe" C:\Users\admin\Desktop\Coinify Accounts Checker By X-SLAYER.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Checker By X-SLAYER
Exit code:
3762504530
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\coinify accounts checker by x-slayer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2836"C:\Users\admin\Desktop\Youtube MP3 Downloader v0.1 By X-SLAYER.exe" C:\Users\admin\Desktop\Youtube MP3 Downloader v0.1 By X-SLAYER.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Youtube MP3 Downloader v0.1
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\users\admin\desktop\youtube mp3 downloader v0.1 by x-slayer.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
Total events
1 289
Read events
1 014
Write events
136
Delete events
139

Modification events

(PID) Process:(3544) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3544) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3544) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3544) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\6.rar
(PID) Process:(3544) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3544) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3544) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(3544) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(3544) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin
Operation:writeName:Placement
Value:
2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000
(PID) Process:(3544) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\General
Operation:writeName:LastFolder
Value:
C:\Users\admin\AppData\Local\Temp
Executable files
10
Suspicious files
0
Text files
2
Unknown types
3

Dropped files

PID
Process
Filename
Type
3544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3544.34595\Coinify Accounts Checker By X-SLAYER.exe
MD5:
SHA256:
3544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3544.34595\Country Filter By X-SLAYER.exe
MD5:
SHA256:
3544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3544.34595\Cut-URL Accounts Checker By X-SLAYER.exe
MD5:
SHA256:
3544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3544.34595\DBC Accounts Checker By X-SLAYER.exe
MD5:
SHA256:
3544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3544.34595\Deezer Accounts Checker By X-SLAYER.exe
MD5:
SHA256:
3544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3544.34595\DomaineBigData AntiPublic By X-SLAYER v0.1.exe
MD5:
SHA256:
3544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3544.34595\Facebook Cover TimeLine Banner By X-SLAYER.exe
MD5:
SHA256:
3544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3544.34595\File Upload Accounts Checker By X-SLAYER.exe
MD5:
SHA256:
3544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3544.34595\GearBest AccountsChecker By X-SLAYER.exe
MD5:
SHA256:
3544WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3544.34595\imgure Uploader.exe
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info