File name: | EcoCrack 12 by Laiteux dist by Letteen.rar |
Full analysis: | https://app.any.run/tasks/1e2075f1-accc-4b98-8904-8f6539836ba9 |
Verdict: | Malicious activity |
Analysis date: | December 18, 2018, 07:40:17 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | B51C69C63D5BE336FBD199F46ABDD14D |
SHA1: | 046AB02524619EEEDCBEEDF5D9189C4084EE8F7A |
SHA256: | BDBB7CFE7DC79C03097CBEF77F03CE17CFF91B0FC970A163E76C81DF9B3B0C3D |
SSDEEP: | 24576:RJ2PnTz0lPD8T/YbrDj2TbIkJ69uFQAhxTT6OP53zeogjRBL:RsPTwh8TQbb2fIko9umATTT6OPNexzL |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2708 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\EcoCrack 12 by Laiteux dist by Letteen.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
1932 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2800 | "C:\Users\admin\Desktop\EcoCrack.exe" | C:\Users\admin\Desktop\EcoCrack.exe | explorer.exe | |
User: admin Integrity Level: HIGH Description: EcoCrack Exit code: 3221225786 Version: 1.0.0.0 | ||||
2476 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\ReadMe [ MORE CONFIGS FOR LOL ... ].txt | C:\Windows\system32\NOTEPAD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3576 | "C:\Program Files\Opera\opera.exe" | C:\Program Files\Opera\opera.exe | explorer.exe | |
User: admin Company: Opera Software Integrity Level: MEDIUM Description: Opera Internet Browser Exit code: 0 Version: 1748 | ||||
2508 | "C:\Program Files\Google\Chrome\Application\chrome.exe" | C:\Program Files\Google\Chrome\Application\chrome.exe | explorer.exe | |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Exit code: 3221225547 Version: 68.0.3440.106 | ||||
2492 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x6f5200b0,0x6f5200c0,0x6f5200cc | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 68.0.3440.106 | ||||
3096 | "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:1 | C:\Program Files\Windows Media Player\wmplayer.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Media Player Exit code: 0 Version: 12.0.7600.16385 (win7_rtm.090713-1255) | ||||
3168 | "C:\Windows\explorer.exe" | C:\Windows\explorer.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3144 | "C:\Program Files\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:1 | C:\Program Files\Windows Media Player\setup_wm.exe | — | wmplayer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Windows Media Configuration Utility Exit code: 0 Version: 12.0.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2708 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2708.35895\configs\Fortnite.txt | text | |
MD5:8AD4F1742A41E20ADEA00B5D38F0E59B | SHA256:06EF55098EB7049048EFACCECEC4C7D68B8D65B64868EB55E66DCB381FE23F4E | |||
2708 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2708.35895\configs\Email.txt | text | |
MD5:157C99DAF49151668C78C8B5AF4D9EAE | SHA256:8A9FC2225ECF99AC55DCB1282E33F250A7C6387EB380B6789D79BD3653240BBE | |||
2708 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2708.35895\configs\HideMyAss.txt | text | |
MD5:8C9C76C417D0A786DF733470E74CD694 | SHA256:77B942D91E41028E760BC4E0A8B0EAD9586668739ACCC3D807DE254DCDEED057 | |||
2708 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2708.35895\configs\AdFocUS.txt | text | |
MD5:A4B5F19DFE09980A034223930F706BB7 | SHA256:D0E56F8EEC1DE7CDB54A794882DE5D37B6F87030825C4D4C6CD8D2B035228464 | |||
2708 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2708.35895\configs\League_of_Legends_EUN.txt | text | |
MD5:44F5870C66CD01E43436AA95D19258D5 | SHA256:0853ED9FF849C3C0383E52C867C3FE70CE711DC33A700B2AD95395BEA6C58B85 | |||
2708 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2708.35895\configs\CMore.txt | text | |
MD5:950FC5F9CA5A7BC88D806E1C865D0E5E | SHA256:EC60C1009158F6E62D5C3D31165B791A41BF5FA3CD88042A859BB22F17B2794A | |||
2708 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2708.35895\configs\Adfoc.us.txt | text | |
MD5:73EB8E56CC83D88AA58B3C62A36EF34E | SHA256:374AC58DCA174567612B3A6F14272AA7136F9031DBBA526471CE3FF9D17854F6 | |||
2708 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2708.35895\configs\Hypixel.txt | text | |
MD5:49A288F05CC31BFF19F2E46292D3B8DA | SHA256:194BF33A9E849CFD8B2082BE9F679DF106345D50843E31D71C23320A140AC3C2 | |||
2708 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2708.35895\configs\IPVanish_Fast.txt | text | |
MD5:C3E90FD779F53B790510B63AF198A47B | SHA256:E844757F3774277B31BDB1B499C5CC1FCEABF65C37F03E4C5FA39825258D30B2 | |||
2708 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2708.35895\configs\Crunchyroll.txt | text | |
MD5:8FAE1D7840A5570FD0ED4699B2106B97 | SHA256:D651D9CAFAD42D567AAB12AAD7D005F4C94694F511F963038CAA0D89651AA890 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3576 | opera.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAOXQPQlVpLtFek%2BmcpabOk%3D | US | der | 471 b | whitelisted |
3576 | opera.exe | GET | 200 | 66.225.197.197:80 | http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl | US | der | 543 b | whitelisted |
2640 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2508 | chrome.exe | 172.217.168.10:443 | safebrowsing.googleapis.com | Google Inc. | US | whitelisted |
2800 | EcoCrack.exe | 104.20.209.21:443 | pastebin.com | Cloudflare Inc | US | shared |
2508 | chrome.exe | 172.217.168.45:443 | accounts.google.com | Google Inc. | US | whitelisted |
2508 | chrome.exe | 172.217.168.35:443 | ssl.gstatic.com | Google Inc. | US | whitelisted |
2508 | chrome.exe | 216.58.215.227:443 | clientservices.googleapis.com | Google Inc. | US | whitelisted |
2508 | chrome.exe | 172.217.17.35:443 | www.google.de | Google Inc. | US | whitelisted |
3576 | opera.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3576 | opera.exe | 82.145.215.40:443 | certs.opera.com | Opera Software AS | — | whitelisted |
3576 | opera.exe | 66.225.197.197:80 | crl4.digicert.com | CacheNetworks, Inc. | US | whitelisted |
2640 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
pastebin.com |
| shared |
www.google.de |
| whitelisted |
clientservices.googleapis.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
safebrowsing.googleapis.com |
| whitelisted |
accounts.google.com |
| shared |
ssl.gstatic.com |
| whitelisted |
certs.opera.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
crl4.digicert.com |
| whitelisted |