download: | %5BCRACKED%5D+MALWAREBYTES+GEN+%26+CHECKER+BY+FUSEFIRE++v1.5+Latest.zip |
Full analysis: | https://app.any.run/tasks/72d0c5f2-f902-42c1-9ad4-d0bd95b71771 |
Verdict: | Malicious activity |
Threats: | njRAT is a remote access trojan. It is one of the most widely accessible RATs on the market that features an abundance of educational information. Interested attackers can even find tutorials on YouTube. This allows it to become one of the most popular RATs in the world. |
Analysis date: | August 13, 2019, 23:21:04 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 9212A43DB5F9DB9A25E130D1196A91D7 |
SHA1: | C9B4E1626412CA8DC35301A1E059ECADFBA291F8 |
SHA256: | B91C53DE48F50C72047984422916DB47F0A7924DBD7C6B5BEE9AE545DA2A3175 |
SSDEEP: | 24576:SRS800efb8RkCq5ltJFn8m9XTKWiRdasA4scnV0CZ:2Sse4RkCM/DP9XT76V0u |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | [CRACKED] MALWAREBYTES GEN & CHECKER BY FUSEFIRE v1.5 Latest/AgileDotNet.VMRuntime.dll |
---|---|
ZipUncompressedSize: | 50688 |
ZipCompressedSize: | 19760 |
ZipCRC: | 0x12f77af8 |
ZipModifyDate: | 2019:05:08 22:30:25 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2740 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\c5faed5c-b8ac-470f-bde6-199d9763eee1.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2748 | "C:\Users\admin\Desktop\[CRACKED] MALWAREBYTES GEN & CHECKER BY FUSEFIRE v1.5 Latest\Malwarebytes by FuseFire.exe" | C:\Users\admin\Desktop\[CRACKED] MALWAREBYTES GEN & CHECKER BY FUSEFIRE v1.5 Latest\Malwarebytes by FuseFire.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Explorateur Windows Version: ... | ||||
2072 | "C:\Users\admin\AppData\Local\Temp\Malwarebytes by FuseFire.exe" | C:\Users\admin\AppData\Local\Temp\Malwarebytes by FuseFire.exe | Malwarebytes by FuseFire.exe | |
User: admin Integrity Level: MEDIUM Description: Malwarebytes by FuseFire Exit code: 3762504530 Version: 1.0.0.0 | ||||
1400 | C:\Windows\system32\WerFault.exe -u -p 2072 -s 708 | C:\Windows\system32\WerFault.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Problem Reporting Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2160 | "C:\Users\admin\Desktop\[CRACKED] MALWAREBYTES GEN & CHECKER BY FUSEFIRE v1.5 Latest\Malwarebytes by FuseFire.exe" | C:\Users\admin\Desktop\[CRACKED] MALWAREBYTES GEN & CHECKER BY FUSEFIRE v1.5 Latest\Malwarebytes by FuseFire.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Explorateur Windows Exit code: 1 Version: ... | ||||
2396 | "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Malwarebytes by FuseFire.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft .NET Assembly Registration Utility Version: 2.0.50727.5420 (Win7SP1.050727-5400) | ||||
2664 | netsh firewall add allowedprogram "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" "RegAsm.exe" ENABLE | C:\Windows\system32\netsh.exe | — | RegAsm.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Network Command Shell Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
(PID) Process: | (2740) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (2740) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (2740) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (2740) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\c5faed5c-b8ac-470f-bde6-199d9763eee1.zip | |||
(PID) Process: | (2740) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (2740) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (2740) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (2740) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (2740) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin |
Operation: | write | Name: | Placement |
Value: 2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000 | |||
(PID) Process: | (2740) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\General |
Operation: | write | Name: | LastFolder |
Value: C:\Users\admin\AppData\Local\Temp |
PID | Process | Filename | Type | |
---|---|---|---|---|
2740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2740.3774\[CRACKED] MALWAREBYTES GEN & CHECKER BY FUSEFIRE v1.5 Latest\AgileDotNet.VMRuntime.dll | — | |
MD5:— | SHA256:— | |||
2740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2740.3774\[CRACKED] MALWAREBYTES GEN & CHECKER BY FUSEFIRE v1.5 Latest\Colorful.Console.dll | — | |
MD5:— | SHA256:— | |||
2740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2740.3774\[CRACKED] MALWAREBYTES GEN & CHECKER BY FUSEFIRE v1.5 Latest\Hits\Business.txt | — | |
MD5:— | SHA256:— | |||
2740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2740.3774\[CRACKED] MALWAREBYTES GEN & CHECKER BY FUSEFIRE v1.5 Latest\Hits\Business_RAW.txt | — | |
MD5:— | SHA256:— | |||
2740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2740.3774\[CRACKED] MALWAREBYTES GEN & CHECKER BY FUSEFIRE v1.5 Latest\Keys.txt | — | |
MD5:— | SHA256:— | |||
2740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2740.3774\[CRACKED] MALWAREBYTES GEN & CHECKER BY FUSEFIRE v1.5 Latest\Malwarebytes by FuseFire.exe | — | |
MD5:— | SHA256:— | |||
2740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2740.3774\[CRACKED] MALWAREBYTES GEN & CHECKER BY FUSEFIRE v1.5 Latest\Proxies.txt | — | |
MD5:— | SHA256:— | |||
2740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2740.3774\[CRACKED] MALWAREBYTES GEN & CHECKER BY FUSEFIRE v1.5 Latest\RestSharp.dll | — | |
MD5:— | SHA256:— | |||
1400 | WerFault.exe | C:\Users\admin\AppData\Local\CrashDumps\Malwarebytes by FuseFire.exe.2072.dmp | — | |
MD5:— | SHA256:— | |||
2748 | Malwarebytes by FuseFire.exe | C:\Users\admin\Windows Update\Windows Host | executable | |
MD5:ECC447784E86F97482CDEF5CD7982269 | SHA256:E209E4F55611B5B91E98FA51E698D4C12CCDCC0C7443A0EF7288E7E9E03C1F34 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2396 | RegAsm.exe | 172.111.154.46:5557 | noway74.ddns.net | AltusHost B.V. | GB | malicious |
Domain | IP | Reputation |
---|---|---|
noway74.ddns.net |
| malicious |
dns.msftncsi.com |
| shared |