analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

NordVpn Checker V1.2 by Alpha_.rar

Full analysis: https://app.any.run/tasks/9d8a31a3-a972-49cc-b228-654cce63f9ca
Verdict: Malicious activity
Analysis date: December 18, 2018, 17:16:23
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

CB7A87CF81D46DAB1914BCFA8F5F69BF

SHA1:

FC140FC4D5CEA073B4907B0A08FA12E4D71E0CE3

SHA256:

B2FDCE30FF9B8D0D96482F6DF2A299F02F968A56D3CD7F36E5B830E7AB26C6EF

SSDEEP:

6144:3BLwcHeHudN2pedpxAMZWJMRBMuy8JpqP2X+A:3B82emN8osMwJ+Muy8JMP2X+A

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 1248)
    • Application was dropped or rewritten from another process

      • NordVpn Checker v1.2 By Alphacrack.exe (PID: 2556)
  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 2936)
  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
33
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe searchprotocolhost.exe no specs nordvpn checker v1.2 by alphacrack.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2936"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\NordVpn Checker V1.2 by Alpha_.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
1248"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Exit code:
0
Version:
7.00.7600.16385 (win7_rtm.090713-1255)
2556"C:\Users\admin\Desktop\NordVpn Checker v1.2 By Alphacrack.exe" C:\Users\admin\Desktop\NordVpn Checker v1.2 By Alphacrack.exeexplorer.exe
User:
admin
Company:
Samad.Dz
Integrity Level:
MEDIUM
Description:
NordVpn Checker v1.1
Exit code:
0
Version:
1.1.0.0
Total events
1 275
Read events
1 221
Write events
0
Delete events
0

Modification events

No data
Executable files
2
Suspicious files
0
Text files
2
Unknown types
1

Dropped files

PID
Process
Filename
Type
2936WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2936.42855\NordVpn V1.2 Checker by Alpha_\NordVpn V1.2 Checker by Alphacrack\Read Me.txttext
MD5:38E8017DB44CFC28EF656042B397C67F
SHA256:15F7D67449997E2CCE85B9ACC70F495B970A09A0FA705C8B034A11E148CE1CA8
2936WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2936.42855\NordVpn V1.2 Checker by Alpha_\NordVpn V1.2 Checker by Alphacrack\Result [00_28_26]\Bads.txttext
MD5:D2D9CB20DC33ED1E6BF4F7496C6D33EB
SHA256:5C4B5118761E972A1CF46524E86536E21D3076C4407F5BA9AAF8D73C3C26749D
2936WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2936.42855\NordVpn V1.2 Checker by Alpha_\NordVpn V1.2 Checker by Alphacrack\NordVpn Checker v1.2.pdbpdb
MD5:4827199D809C62E59B83249DE44DB2CF
SHA256:214688513C8C4ED11EEEA382747DA2036BC71E5967222B90BF7935027C5D3751
2936WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2936.42855\NordVpn V1.2 Checker by Alpha_\NordVpn V1.2 Checker by Alphacrack\NordVpn Checker v1.2 By Alphacrack.exeexecutable
MD5:2BA8D5C1BC7C08D411DF8990DFA8C6AB
SHA256:5C2F1EED5150B52D828AB4272F2F28B9DCD14A0A7482F3F0EFEDE4F4179C6C15
2936WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2936.42855\NordVpn V1.2 Checker by Alpha_\NordVpn V1.2 Checker by Alphacrack\Leaf.Net.dllexecutable
MD5:C98DE72CD4374C4210EB5C0102E1C2AF
SHA256:77EBB46EB03ACE07790B535020DBD1170C5C5EEFC249F55FE27C9F19561BEB8B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info