File name:

Storm Iptv.rar

Full analysis: https://app.any.run/tasks/507be5e2-80a1-4f61-801d-df4f851c86f8
Verdict: Malicious activity
Analysis date: May 08, 2024, 15:40:47
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
discord
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

862D5732D180C533754FCB92C3DACEEC

SHA1:

909FE334C89F82ED2E225966FCDD62833040B395

SHA256:

C29C5FAD1138371A63C6C36ABD6102978C0924523383BE4A447E6CF2D595F064

SSDEEP:

98304:8LkPHgUV3WT3evbV3w4Cd9zvXfPgeuKquDfY/CW0271fe5XPD3msVu+mBHWUQB4D:DBLBKB2YuXxNGW/eyIKk0A5+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3976)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 3976)

    • Reads security settings of Internet Explorer

      • STORM.exe (PID: 2312)

    • Reads the Internet Settings

      • STORM.exe (PID: 2312)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3976)

    • Reads the computer name

      • STORM.exe (PID: 2312)
      • wmpnscfg.exe (PID: 2808)

    • Checks supported languages

      • STORM.exe (PID: 2312)
      • wmpnscfg.exe (PID: 2808)

    • Manual execution by a user

      • STORM.exe (PID: 2312)
      • wmpnscfg.exe (PID: 2808)

    • Reads the machine GUID from the registry

      • STORM.exe (PID: 2312)

    • Reads Environment values

      • STORM.exe (PID: 2312)

    • Creates files or folders in the user directory

      • STORM.exe (PID: 2312)

    • Create files in a temporary directory

      • STORM.exe (PID: 2312)

    • Application launched itself

      • msedge.exe (PID: 2060)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
48
Monitored processes
13
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe storm.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wmpnscfg.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
948"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2404 --field-trial-handle=1368,i,13131505826353410022,8715200704963217626,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1676"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1664 --field-trial-handle=1368,i,13131505826353410022,8715200704963217626,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1928"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1272 --field-trial-handle=1368,i,13131505826353410022,8715200704963217626,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1948"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x5fa1f598,0x5fa1f5a8,0x5fa1f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2060"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/e6qRtgAC:\Program Files\Microsoft\Edge\Application\msedge.exe
STORM.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2080"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1428 --field-trial-handle=1368,i,13131505826353410022,8715200704963217626,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2312"C:\Users\admin\Desktop\Storm Iptv\storm\STORM.exe" C:\Users\admin\Desktop\Storm Iptv\storm\STORM.exe
explorer.exe
User:
admin
Company:
TheStorm.app
Integrity Level:
MEDIUM
Description:
STORM
Version:
2.4.1.2
Modules
Images
c:\users\admin\desktop\storm iptv\storm\storm.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2320"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3276 --field-trial-handle=1368,i,13131505826353410022,8715200704963217626,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2340"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2216 --field-trial-handle=1368,i,13131505826353410022,8715200704963217626,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2372"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1568 --field-trial-handle=1368,i,13131505826353410022,8715200704963217626,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
8 595
Read events
8 553
Write events
40
Delete events
2

Modification events

(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3976) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Storm Iptv.rar
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
30
Suspicious files
67
Text files
27
Unknown types
0

Dropped files

PID
Process
Filename
Type
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.17430\Storm Iptv\mac11.txt
MD5:
SHA256:
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.17430\Storm Iptv\storm\ActiproSoftware.Shared.Wpf.dllexecutable
MD5:5AAD14C15C6501C8F3FFA4E72C2BD9BA
SHA256:D3961FDBD61EE1DB957EE71C3EBA489A56CFEF83EA8116737AA0ED8665E37E9D
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.17430\Storm Iptv\socks 4 vip.txttext
MD5:A2EE532B95E7447B356ABDF270CA67C6
SHA256:4E58B6F0AB4D4FB5AAA856E49CE022F1CCDE698C424372F2BA7A643FBDC3A859
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.17430\Storm Iptv\storm\BouncyCastle.Crypto.dllexecutable
MD5:3CF6BF0E0A27F3665EDD6362D137E4CC
SHA256:1985B85BB44BE6C6EAF35E02EF11E23A890E809B8EC2E53210A4AD5A85B26C70
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.17430\Storm Iptv\storm\CHANGELOGtext
MD5:D3802AEF27CC14AE2A179BD9E48CA923
SHA256:2CB53D638ADB4B3CA01CD242E87D1B46C5E83ACC76A37138E5BF35A39BA308C8
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.17430\Storm Iptv\storm\amd64\Microsoft.VC100.CRT\msvcp100.dllexecutable
MD5:D029339C0F59CF662094EDDF8C42B2B5
SHA256:934D882EFD3C0F3F1EFBC238EF87708F3879F5BB456D30AF62F3368D58B6AA4C
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.17430\Storm Iptv\storm\ActiproSoftware.SyntaxEditor.Wpf.dllexecutable
MD5:D594A3BA76DFFE16F0CD200CAA114587
SHA256:CE01BCC6D5E8FB70216D78CE5FF605665F88CAC736F2F5F061A9981112CD365B
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.17430\Storm Iptv\storm\amd64\Noesis.Javascript.dllexecutable
MD5:5493D00C68C5ADED359B8F8732BECA0E
SHA256:1EA7BEDCCB4C1DC6D6A32CCFA6A860762FE5D670D988FF0A89126F66A68BB439
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.17430\Storm Iptv\storm\BrotliSharpLib.dllexecutable
MD5:0E48255CC10D5E368A70B92C6141E8C0
SHA256:A2211F77B5C1C2E9C7EC9BB947B9E38CF87333504E6E4CB5BD50E4097F73C03C
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.17430\Storm Iptv\storm\Configurations\master_stalker-.ini.sccfg.initext
MD5:6BF60FA6CB5146F14B0F8A8D1D6FB238
SHA256:214B50E6CCC3999F9A1D9EB1B4820869F36ED4F3370039DED7B3B7C9F57A4F6B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
13
DNS requests
10
Threats
4

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
unknown
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
2312
STORM.exe
49.13.77.253:443
thestorm.app
Hetzner Online GmbH
DE
unknown
2080
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2060
msedge.exe
239.255.255.250:1900
unknown
2080
msedge.exe
162.159.136.234:443
discord.gg
CLOUDFLARENET
shared
2080
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2080
msedge.exe
162.159.136.232:443
discord.com
CLOUDFLARENET
shared

DNS requests

Domain
IP
Reputation
thestorm.app
  • 49.13.77.253
whitelisted
dns.msftncsi.com
  • 131.107.255.255
shared
config.edge.skype.com
  • 13.107.42.16
whitelisted
discord.gg
  • 162.159.136.234
  • 162.159.134.234
  • 162.159.130.234
  • 162.159.133.234
  • 162.159.135.234
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
discord.com
  • 162.159.136.232
  • 162.159.135.232
  • 162.159.138.232
  • 162.159.137.232
  • 162.159.128.233
whitelisted

Threats

PID
Process
Class
Message
2080
msedge.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
2080
msedge.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
2080
msedge.exe
Misc activity
ET INFO Observed Discord Domain (discord .com in TLS SNI)
2080
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Storm Iptv.rar