File name:

Storm Iptv.rar

Full analysis: https://app.any.run/tasks/507be5e2-80a1-4f61-801d-df4f851c86f8
Verdict: Malicious activity
Analysis date: May 08, 2024, 15:40:47
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
discord
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

862D5732D180C533754FCB92C3DACEEC

SHA1:

909FE334C89F82ED2E225966FCDD62833040B395

SHA256:

C29C5FAD1138371A63C6C36ABD6102978C0924523383BE4A447E6CF2D595F064

SSDEEP:

98304:8LkPHgUV3WT3evbV3w4Cd9zvXfPgeuKquDfY/CW0271fe5XPD3msVu+mBHWUQB4D:DBLBKB2YuXxNGW/eyIKk0A5+

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 3976)

  • SUSPICIOUS

    • Process drops legitimate windows executable

      • WinRAR.exe (PID: 3976)

    • Reads security settings of Internet Explorer

      • STORM.exe (PID: 2312)

    • Reads the Internet Settings

      • STORM.exe (PID: 2312)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 3976)

    • Checks supported languages

      • STORM.exe (PID: 2312)
      • wmpnscfg.exe (PID: 2808)

    • Reads the computer name

      • STORM.exe (PID: 2312)
      • wmpnscfg.exe (PID: 2808)

    • Manual execution by a user

      • STORM.exe (PID: 2312)
      • wmpnscfg.exe (PID: 2808)

    • Reads the machine GUID from the registry

      • STORM.exe (PID: 2312)

    • Reads Environment values

      • STORM.exe (PID: 2312)

    • Create files in a temporary directory

      • STORM.exe (PID: 2312)

    • Creates files or folders in the user directory

      • STORM.exe (PID: 2312)

    • Application launched itself

      • msedge.exe (PID: 2060)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
48
Monitored processes
13
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe storm.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs wmpnscfg.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
948"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2404 --field-trial-handle=1368,i,13131505826353410022,8715200704963217626,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1676"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1664 --field-trial-handle=1368,i,13131505826353410022,8715200704963217626,131072 /prefetch:8C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1928"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1272 --field-trial-handle=1368,i,13131505826353410022,8715200704963217626,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
1948"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=109.0.5414.149 "--annotation=exe=C:\Program Files\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win32 "--annotation=prod=Microsoft Edge" --annotation=ver=109.0.1518.115 --initial-client-data=0xc8,0xcc,0xd0,0x9c,0xd8,0x5fa1f598,0x5fa1f5a8,0x5fa1f5b4C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2060"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/e6qRtgAC:\Program Files\Microsoft\Edge\Application\msedge.exe
STORM.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2080"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1428 --field-trial-handle=1368,i,13131505826353410022,8715200704963217626,131072 /prefetch:3C:\Program Files\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2312"C:\Users\admin\Desktop\Storm Iptv\storm\STORM.exe" C:\Users\admin\Desktop\Storm Iptv\storm\STORM.exe
explorer.exe
User:
admin
Company:
TheStorm.app
Integrity Level:
MEDIUM
Description:
STORM
Version:
2.4.1.2
Modules
Images
c:\users\admin\desktop\storm iptv\storm\storm.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\mscoree.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\microsoft.net\framework\v4.0.30319\mscoreei.dll
2320"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3276 --field-trial-handle=1368,i,13131505826353410022,8715200704963217626,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2340"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=renderer --first-renderer-process --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2216 --field-trial-handle=1368,i,13131505826353410022,8715200704963217626,131072 /prefetch:1C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2372"C:\Program Files\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1568 --field-trial-handle=1368,i,13131505826353410022,8715200704963217626,131072 /prefetch:2C:\Program Files\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Version:
109.0.1518.115
Modules
Images
c:\program files\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\microsoft\edge\application\109.0.1518.115\msedge_elf.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
Total events
8 595
Read events
8 553
Write events
40
Delete events
2

Modification events

(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(3976) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E
Operation:writeName:LanguageList
Value:
en-US
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:3
Value:
C:\Users\admin\Desktop\phacker.zip
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:2
Value:
C:\Users\admin\Desktop\Win7-KB3191566-x86.zip
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Storm Iptv.rar
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(3976) WinRAR.exeKey:HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
Executable files
30
Suspicious files
67
Text files
27
Unknown types
0

Dropped files

PID
Process
Filename
Type
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.17430\Storm Iptv\mac11.txt
MD5:
SHA256:
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.17430\Storm Iptv\storm\BrotliSharpLib.dllexecutable
MD5:0E48255CC10D5E368A70B92C6141E8C0
SHA256:A2211F77B5C1C2E9C7EC9BB947B9E38CF87333504E6E4CB5BD50E4097F73C03C
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.17430\Storm Iptv\storm\ActiproSoftware.Text.Wpf.dllexecutable
MD5:A7B38E5B4E2281944387510719A1F47D
SHA256:083439373C2D930DBB3037D326C918D9221811AD0D03343F67EA3B25C1563B74
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.17430\Storm Iptv\socks 4 vip.txttext
MD5:A2EE532B95E7447B356ABDF270CA67C6
SHA256:4E58B6F0AB4D4FB5AAA856E49CE022F1CCDE698C424372F2BA7A643FBDC3A859
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.17430\Storm Iptv\storm\amd64\Microsoft.VC100.CRT\msvcr100.dllexecutable
MD5:366FD6F3A451351B5DF2D7C4ECF4C73A
SHA256:AE3CB6C6AFBA9A4AA5C85F66023C35338CA579B30326DD02918F9D55259503D5
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.17430\Storm Iptv\storm\amd64\Microsoft.VC100.CRT\msvcp100.dllexecutable
MD5:D029339C0F59CF662094EDDF8C42B2B5
SHA256:934D882EFD3C0F3F1EFBC238EF87708F3879F5BB456D30AF62F3368D58B6AA4C
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.17430\Storm Iptv\storm\CHANGELOGtext
MD5:D3802AEF27CC14AE2A179BD9E48CA923
SHA256:2CB53D638ADB4B3CA01CD242E87D1B46C5E83ACC76A37138E5BF35A39BA308C8
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.17430\Storm Iptv\storm\ActiproSoftware.Shared.Wpf.dllexecutable
MD5:5AAD14C15C6501C8F3FFA4E72C2BD9BA
SHA256:D3961FDBD61EE1DB957EE71C3EBA489A56CFEF83EA8116737AA0ED8665E37E9D
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.17430\Storm Iptv\storm\LiteDB.dllexecutable
MD5:25B242D00C6C32E1F437EB2064EA2E29
SHA256:E72ACDDF47586BC0999D598E3BD125A254BB6F4AE151C076993304F6E31FBBED
3976WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa3976.17430\Storm Iptv\storm\Log_20200427-0130_4200d026-883e-4f13-b9f9-2282f0ced260.logbinary
MD5:40A334ACCB96F7642C0451338B30A324
SHA256:EA9C7E239FCFDA287C34DFE1AA59B1A50505687E580F2A58E7CD1D7B94DE7E50
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
13
DNS requests
10
Threats
4

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
unknown
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
2312
STORM.exe
49.13.77.253:443
thestorm.app
Hetzner Online GmbH
DE
unknown
2080
msedge.exe
13.107.42.16:443
config.edge.skype.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
whitelisted
2060
msedge.exe
239.255.255.250:1900
unknown
2080
msedge.exe
162.159.136.234:443
discord.gg
CLOUDFLARENET
shared
2080
msedge.exe
204.79.197.239:443
edge.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
US
unknown
2080
msedge.exe
162.159.136.232:443
discord.com
CLOUDFLARENET
shared

DNS requests

Domain
IP
Reputation
thestorm.app
  • 49.13.77.253
whitelisted
dns.msftncsi.com
  • 131.107.255.255
shared
config.edge.skype.com
  • 13.107.42.16
whitelisted
discord.gg
  • 162.159.136.234
  • 162.159.134.234
  • 162.159.130.234
  • 162.159.133.234
  • 162.159.135.234
whitelisted
edge.microsoft.com
  • 204.79.197.239
  • 13.107.21.239
whitelisted
discord.com
  • 162.159.136.232
  • 162.159.135.232
  • 162.159.138.232
  • 162.159.137.232
  • 162.159.128.233
whitelisted

Threats

PID
Process
Class
Message
2080
msedge.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
2080
msedge.exe
Misc activity
ET INFO Observed Discord Domain in DNS Lookup (discord .com)
2080
msedge.exe
Misc activity
ET INFO Observed Discord Domain (discord .com in TLS SNI)
2080
msedge.exe
Not Suspicious Traffic
INFO [ANY.RUN] Cloudflare Network Error Logging (NEL)
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Storm Iptv.rar