download: | VortexSwap_v2.rar |
Full analysis: | https://app.any.run/tasks/afc40174-6d7b-417b-a82c-ed1009ef2948 |
Verdict: | Malicious activity |
Analysis date: | October 05, 2022, 04:38:48 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 65FBEC1379998F5C7A62266BBE2A65F5 |
SHA1: | B878E2D90DA836B40483574799D9A27314ADD036 |
SHA256: | 9D2FD12CB9BA456F0803C731C375AABFF40FC44750F2F0021D7D82058DED60BD |
SSDEEP: | 24576:K+gQYrBuUMfhNXAltGeirqW/F0VXV97mce/eIRvwCR1Fmn6cLVK:KXQY9DIfrHtCXrmce/zYCR1c6mc |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3484 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\VortexSwap_v2.rar" | C:\Program Files\WinRAR\WinRAR.exe | — | Explorer.EXE |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.91.0 | ||||
3504 | "C:\Users\admin\Desktop\VortexSwap v2.exe" | C:\Users\admin\Desktop\VortexSwap v2.exe | Explorer.EXE | |
User: admin Integrity Level: MEDIUM Description: VortexSwap Exit code: 0 Version: 1.0.0.0 | ||||
2640 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3484.42192\VortexSwap v2\VortexSwap v2.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3484.42192\VortexSwap v2\VortexSwap v2.exe | WinRAR.exe | |
User: admin Integrity Level: MEDIUM Description: VortexSwap Exit code: 0 Version: 1.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2640 | VortexSwap v2.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3484.42192\VortexSwap v2\info.txt | text | |
MD5:A14079AE6025266B3252C7C013BBDF68 | SHA256:BC7DBC66E943374029A2C2981B88798EA2E9BC6823AC11995397193B0C26B8E6 | |||
3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.40137\VortexSwap v2\VortexSwap v2.exe | executable | |
MD5:68318B2A114CD94B3B609A2E3D66FF71 | SHA256:B48A8764029BB698BE4A5433D78F9E7C437531CE5A8773E089C43DE49660DE3D | |||
3504 | VortexSwap v2.exe | C:\Users\admin\Desktop\info.txt | text | |
MD5:A14079AE6025266B3252C7C013BBDF68 | SHA256:BC7DBC66E943374029A2C2981B88798EA2E9BC6823AC11995397193B0C26B8E6 | |||
3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3484.42192\VortexSwap v2\read.txt | text | |
MD5:7F3E12C7B382DB603D1371673CEFEBA0 | SHA256:8D321693FF4EC3E6E273F2390671FF412E014A60779AF7A68392E607F0B8A29C | |||
3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3484.42192\VortexSwap v2\RestSharp.dll | executable | |
MD5:43C1ED4D9AABD6855DDA3AECB8C6BB19 | SHA256:76DCE25D4A5AE6DE4CE4BACA0F8C59B0BF239DD856E1583439C3F49EBAC69C50 | |||
3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3484.42192\VortexSwap v2\BL_Extractor.exe | executable | |
MD5:513DFF162BE76ABD1CF438E762153FC8 | SHA256:264071ECBA56EBE4C784A204ADA90A2C50FB637361FD223F75F308DD9D8EA9B0 | |||
3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.43171\VortexSwap v2\BL_Extractor.exe | executable | |
MD5:513DFF162BE76ABD1CF438E762153FC8 | SHA256:264071ECBA56EBE4C784A204ADA90A2C50FB637361FD223F75F308DD9D8EA9B0 | |||
3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3484.42192\VortexSwap v2\settings.txt | text | |
MD5:5606133429A2A81870C1F6A80735A96B | SHA256:59A1D4D9D71375E94777379FB272F964E5C0051F8691C5C0DCD8BEB84853A1FD | |||
3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3484.42192\VortexSwap v2\VortexSwap v2.exe | executable | |
MD5:68318B2A114CD94B3B609A2E3D66FF71 | SHA256:B48A8764029BB698BE4A5433D78F9E7C437531CE5A8773E089C43DE49660DE3D | |||
3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3484.42192\VortexSwap v2\sessions.txt | text | |
MD5:2F889C7D8B5FA350C5DB05F6D9D86DA9 | SHA256:5D99064FA5E1A5D3C2E133F8E85A8FA0821757684DDD8BDED99D819CFEE8BCBB |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3504 | VortexSwap v2.exe | 104.20.67.143:443 | pastebin.com | CLOUDFLARENET | — | malicious |
2640 | VortexSwap v2.exe | 104.20.67.143:443 | pastebin.com | CLOUDFLARENET | — | malicious |
Domain | IP | Reputation |
---|---|---|
pastebin.com |
| shared |