analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

FxckingStresser cracked panel.rar

Full analysis: https://app.any.run/tasks/d2d36f0f-1b7b-40d6-b864-2b77d7958f26
Verdict: Malicious activity
Analysis date: January 15, 2022, 00:58:44
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

E827F13DE733B96A07ED9D470915618B

SHA1:

492A45D508DD708AF3376C1B8DAF49FFB85132CB

SHA256:

7E4AFA0F50A853462614383CAB45E37BAF308461FFAC062D57A18AF58CF183C6

SSDEEP:

24576:8rC2YTkNdJNreYFMEdhKZC/sf6tSyl4p9uTeockudDwNdDmCem4:dP0dbreYFMMw5f99pMSockuKNAfl

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • FxckingStresser.exe (PID: 1976)
    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 3128)
      • FxckingStresser.exe (PID: 1976)
  • SUSPICIOUS

    • Checks supported languages

      • FxckingStresser.exe (PID: 1976)
      • WinRAR.exe (PID: 2156)
    • Reads the computer name

      • FxckingStresser.exe (PID: 1976)
      • WinRAR.exe (PID: 2156)
    • Drops a file that was compiled in debug mode

      • WinRAR.exe (PID: 2156)
    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2156)
    • Reads Microsoft Outlook installation path

      • FxckingStresser.exe (PID: 1976)
    • Reads internet explorer settings

      • FxckingStresser.exe (PID: 1976)
  • INFO

    • Manual execution by user

      • FxckingStresser.exe (PID: 1976)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
3
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe searchprotocolhost.exe no specs fxckingstresser.exe

Process information

PID
CMD
Path
Indicators
Parent process
2156"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\FxckingStresser cracked panel.rar"C:\Program Files\WinRAR\WinRAR.exe
Explorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
3128"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\system32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Version:
7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211)
1976"C:\Users\admin\Desktop\FxckingStresser.exe" C:\Users\admin\Desktop\FxckingStresser.exe
Explorer.EXE
User:
admin
Integrity Level:
MEDIUM
Description:
FxckingStresser
Version:
1.0.0.0
Total events
1 632
Read events
1 587
Write events
0
Delete events
0

Modification events

No data
Executable files
3
Suspicious files
0
Text files
0
Unknown types
1

Dropped files

PID
Process
Filename
Type
2156WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2156.49108\FxckingStresser cracked panel\FxckingStresser.pdbpdb
MD5:B0337E7435E3BFB500F3D4985AA46225
SHA256:3679A10E8409334E10780376840E01C87ED924B4D56B58AF5B5B7FFB273D95A3
2156WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2156.49108\FxckingStresser cracked panel\FxckingStresser.exeexecutable
MD5:DF246B2B5C9D29A9F41C4373ADD3DB30
SHA256:E048C7CE272C7ADBFCB0314AB6F39E76310F950FB451AF101680E6C859D4719C
2156WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2156.49108\FxckingStresser cracked panel\Newtonsoft.Json.dllexecutable
MD5:A6BE9EFDAA744E9947F4EE18DE5423BD
SHA256:6CC0CBCD5C4709C6A1C97F5581C347D93E586E7CC0D64BFFB4D32C6E753476A4
2156WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2156.49108\FxckingStresser cracked panel\Teen.dllexecutable
MD5:FB9D14387B89B30606D094AE8CD93EA0
SHA256:68EAC14CA256F9871CC85FFC77C86B1D6378E6C900DFF34F8B697BE07B77446A
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
1
DNS requests
0
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
1976
FxckingStresser.exe
GET
109.236.88.73:80
http://109.236.88.73/love.php?key=!cola!&host=81.21.211.2&port=22&method=TCP&time=300
NL
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
1976
FxckingStresser.exe
109.236.88.73:80
WorldStream B.V.
NL
unknown

DNS requests

No data

Threats

No threats detected
No debug info