analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

VortexSwap_v2.rar

Full analysis: https://app.any.run/tasks/afc40174-6d7b-417b-a82c-ed1009ef2948
Verdict: Malicious activity
Analysis date: October 05, 2022, 04:38:48
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

65FBEC1379998F5C7A62266BBE2A65F5

SHA1:

B878E2D90DA836B40483574799D9A27314ADD036

SHA256:

9D2FD12CB9BA456F0803C731C375AABFF40FC44750F2F0021D7D82058DED60BD

SSDEEP:

24576:K+gQYrBuUMfhNXAltGeirqW/F0VXV97mce/eIRvwCR1Fmn6cLVK:KXQY9DIfrHtCXrmce/zYCR1c6mc

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • VortexSwap v2.exe (PID: 3504)
      • VortexSwap v2.exe (PID: 2640)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
42
Monitored processes
3
Malicious processes
1
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start start winrar.exe no specs vortexswap v2.exe vortexswap v2.exe

Process information

PID
CMD
Path
Indicators
Parent process
3484"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\VortexSwap_v2.rar"C:\Program Files\WinRAR\WinRAR.exeExplorer.EXE
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
3504"C:\Users\admin\Desktop\VortexSwap v2.exe" C:\Users\admin\Desktop\VortexSwap v2.exe
Explorer.EXE
User:
admin
Integrity Level:
MEDIUM
Description:
VortexSwap
Exit code:
0
Version:
1.0.0.0
2640"C:\Users\admin\AppData\Local\Temp\Rar$EXa3484.42192\VortexSwap v2\VortexSwap v2.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa3484.42192\VortexSwap v2\VortexSwap v2.exe
WinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Description:
VortexSwap
Exit code:
0
Version:
1.0.0.0
Total events
7 276
Read events
7 217
Write events
0
Delete events
0

Modification events

No data
Executable files
5
Suspicious files
0
Text files
5
Unknown types
0

Dropped files

PID
Process
Filename
Type
2640VortexSwap v2.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3484.42192\VortexSwap v2\info.txttext
MD5:A14079AE6025266B3252C7C013BBDF68
SHA256:BC7DBC66E943374029A2C2981B88798EA2E9BC6823AC11995397193B0C26B8E6
3484WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3484.40137\VortexSwap v2\VortexSwap v2.exeexecutable
MD5:68318B2A114CD94B3B609A2E3D66FF71
SHA256:B48A8764029BB698BE4A5433D78F9E7C437531CE5A8773E089C43DE49660DE3D
3504VortexSwap v2.exeC:\Users\admin\Desktop\info.txttext
MD5:A14079AE6025266B3252C7C013BBDF68
SHA256:BC7DBC66E943374029A2C2981B88798EA2E9BC6823AC11995397193B0C26B8E6
3484WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3484.42192\VortexSwap v2\read.txttext
MD5:7F3E12C7B382DB603D1371673CEFEBA0
SHA256:8D321693FF4EC3E6E273F2390671FF412E014A60779AF7A68392E607F0B8A29C
3484WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3484.42192\VortexSwap v2\RestSharp.dllexecutable
MD5:43C1ED4D9AABD6855DDA3AECB8C6BB19
SHA256:76DCE25D4A5AE6DE4CE4BACA0F8C59B0BF239DD856E1583439C3F49EBAC69C50
3484WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3484.42192\VortexSwap v2\BL_Extractor.exeexecutable
MD5:513DFF162BE76ABD1CF438E762153FC8
SHA256:264071ECBA56EBE4C784A204ADA90A2C50FB637361FD223F75F308DD9D8EA9B0
3484WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3484.43171\VortexSwap v2\BL_Extractor.exeexecutable
MD5:513DFF162BE76ABD1CF438E762153FC8
SHA256:264071ECBA56EBE4C784A204ADA90A2C50FB637361FD223F75F308DD9D8EA9B0
3484WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3484.42192\VortexSwap v2\settings.txttext
MD5:5606133429A2A81870C1F6A80735A96B
SHA256:59A1D4D9D71375E94777379FB272F964E5C0051F8691C5C0DCD8BEB84853A1FD
3484WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3484.42192\VortexSwap v2\VortexSwap v2.exeexecutable
MD5:68318B2A114CD94B3B609A2E3D66FF71
SHA256:B48A8764029BB698BE4A5433D78F9E7C437531CE5A8773E089C43DE49660DE3D
3484WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa3484.42192\VortexSwap v2\sessions.txttext
MD5:2F889C7D8B5FA350C5DB05F6D9D86DA9
SHA256:5D99064FA5E1A5D3C2E133F8E85A8FA0821757684DDD8BDED99D819CFEE8BCBB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
2
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3504
VortexSwap v2.exe
104.20.67.143:443
pastebin.com
CLOUDFLARENET
malicious
2640
VortexSwap v2.exe
104.20.67.143:443
pastebin.com
CLOUDFLARENET
malicious

DNS requests

Domain
IP
Reputation
pastebin.com
  • 104.20.67.143
  • 104.20.68.143
  • 172.67.34.170
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
VortexSwap_v2.rar