File name: | FxckingStresser cracked panel.rar |
Full analysis: | https://app.any.run/tasks/d2d36f0f-1b7b-40d6-b864-2b77d7958f26 |
Verdict: | Malicious activity |
Analysis date: | January 15, 2022, 00:58:44 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | E827F13DE733B96A07ED9D470915618B |
SHA1: | 492A45D508DD708AF3376C1B8DAF49FFB85132CB |
SHA256: | 7E4AFA0F50A853462614383CAB45E37BAF308461FFAC062D57A18AF58CF183C6 |
SSDEEP: | 24576:8rC2YTkNdJNreYFMEdhKZC/sf6tSyl4p9uTeockudDwNdDmCem4:dP0dbreYFMMw5f99pMSockuKNAfl |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2156 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\FxckingStresser cracked panel.rar" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.91.0 | ||||
3128 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\system32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211) | ||||
1976 | "C:\Users\admin\Desktop\FxckingStresser.exe" | C:\Users\admin\Desktop\FxckingStresser.exe | Explorer.EXE | |
User: admin Integrity Level: MEDIUM Description: FxckingStresser Version: 1.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2156 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2156.49108\FxckingStresser cracked panel\FxckingStresser.pdb | pdb | |
MD5:B0337E7435E3BFB500F3D4985AA46225 | SHA256:3679A10E8409334E10780376840E01C87ED924B4D56B58AF5B5B7FFB273D95A3 | |||
2156 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2156.49108\FxckingStresser cracked panel\FxckingStresser.exe | executable | |
MD5:DF246B2B5C9D29A9F41C4373ADD3DB30 | SHA256:E048C7CE272C7ADBFCB0314AB6F39E76310F950FB451AF101680E6C859D4719C | |||
2156 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2156.49108\FxckingStresser cracked panel\Newtonsoft.Json.dll | executable | |
MD5:A6BE9EFDAA744E9947F4EE18DE5423BD | SHA256:6CC0CBCD5C4709C6A1C97F5581C347D93E586E7CC0D64BFFB4D32C6E753476A4 | |||
2156 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2156.49108\FxckingStresser cracked panel\Teen.dll | executable | |
MD5:FB9D14387B89B30606D094AE8CD93EA0 | SHA256:68EAC14CA256F9871CC85FFC77C86B1D6378E6C900DFF34F8B697BE07B77446A |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1976 | FxckingStresser.exe | GET | — | 109.236.88.73:80 | http://109.236.88.73/love.php?key=!cola!&host=81.21.211.2&port=22&method=TCP&time=300 | NL | — | — | unknown |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1976 | FxckingStresser.exe | 109.236.88.73:80 | — | WorldStream B.V. | NL | unknown |