download:

/moneyrobot2023/Crypto-Wallet-Cracker/releases/download/CryptoWalletCracker/Crypto.Wallet.Cracker.5.7.rar

Full analysis: https://app.any.run/tasks/fe8459a0-b0de-4e17-b472-0857d3476d2e
Verdict: Malicious activity
Analysis date: July 11, 2024, 19:04:28
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

008A71C31D17D13A097B128DDEC47035

SHA1:

D7A241EF4DDAA803E4A0342896AC2A9006EF5074

SHA256:

CADB67F5CA6A96B197517381AE03BA2FF7DC54C3ABAF8F6E464EBD423BB13A03

SSDEEP:

98304:eJXTUNmzG/Ftj2jGtgZR+Lh0cLlElfp/f2NGA+bs93wAq3YiIHiyJB3Q8UsR2kqv:13/wAFy

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 5404)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 652)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 6660)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 7616)
      • msiexec.exe (PID: 780)

    • Changes the autorun value in the registry

      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 7616)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 240)
      • Darkminer v6.exe (PID: 6856)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 6660)

    • Process drops legitimate windows executable

      • msiexec.exe (PID: 4536)
      • msiexec.exe (PID: 780)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 652)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 6660)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 7616)

    • Executes as Windows Service

      • VSSVC.exe (PID: 5908)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 780)

    • Reads the date of Windows installation

      • setup.exe (PID: 240)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 6660)

    • Starts a Microsoft application from unusual location

      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 6660)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 7616)

    • Executable content was dropped or overwritten

      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 652)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 6660)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 7616)

    • Searches for installed software

      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 6660)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 7616)

    • Starts itself from another location

      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 6660)

    • Creates a software uninstall entry

      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 7616)

    • Checks Windows Trust Settings

      • msiexec.exe (PID: 780)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 780)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 780)

  • INFO

    • Manual execution by a user

      • setup.exe (PID: 240)
      • notepad.exe (PID: 444)
      • Darkminer v6.exe (PID: 6856)
      • Darkminer v6.exe (PID: 4448)
      • notepad.exe (PID: 7552)
      • Darkminer v6.exe (PID: 3972)
      • Darkminer v6.exe (PID: 7484)

    • Checks supported languages

      • setup.exe (PID: 240)
      • msiexec.exe (PID: 780)
      • msiexec.exe (PID: 5576)
      • msiexec.exe (PID: 1912)
      • Darkminer v6.exe (PID: 6856)
      • identity_helper.exe (PID: 7608)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 6660)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 7616)
      • msiexec.exe (PID: 1140)
      • msiexec.exe (PID: 8124)
      • msiexec.exe (PID: 3232)
      • Darkminer v6.exe (PID: 4448)
      • msiexec.exe (PID: 6816)
      • Darkminer v6.exe (PID: 3972)
      • identity_helper.exe (PID: 3540)
      • Darkminer v6.exe (PID: 7484)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 652)

    • Create files in a temporary directory

      • setup.exe (PID: 240)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 652)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 6660)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 7616)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 5404)
      • msiexec.exe (PID: 4536)
      • msiexec.exe (PID: 780)
      • msedge.exe (PID: 2044)

    • Reads the computer name

      • setup.exe (PID: 240)
      • msiexec.exe (PID: 780)
      • msiexec.exe (PID: 5576)
      • msiexec.exe (PID: 1912)
      • Darkminer v6.exe (PID: 6856)
      • identity_helper.exe (PID: 7608)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 6660)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 7616)
      • msiexec.exe (PID: 1140)
      • msiexec.exe (PID: 3232)
      • msiexec.exe (PID: 8124)
      • Darkminer v6.exe (PID: 4448)
      • Darkminer v6.exe (PID: 3972)
      • identity_helper.exe (PID: 3540)
      • Darkminer v6.exe (PID: 7484)
      • msiexec.exe (PID: 6816)

    • Process checks computer location settings

      • setup.exe (PID: 240)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 6660)

    • Drops the executable file immediately after the start

      • msiexec.exe (PID: 4536)
      • msedge.exe (PID: 2044)
      • msedge.exe (PID: 7688)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 780)

    • Reads security settings of Internet Explorer

      • notepad.exe (PID: 444)
      • notepad.exe (PID: 7552)

    • Reads Microsoft Office registry keys

      • Darkminer v6.exe (PID: 6856)
      • msedge.exe (PID: 2044)
      • msedge.exe (PID: 884)

    • Reads the software policy settings

      • slui.exe (PID: 2416)
      • msiexec.exe (PID: 780)
      • slui.exe (PID: 8104)

    • Application launched itself

      • msedge.exe (PID: 2044)
      • msedge.exe (PID: 884)

    • The process uses the downloaded file

      • msedge.exe (PID: 4448)
      • msedge.exe (PID: 2044)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 780)

    • Creates files in the program directory

      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 7616)
      • Darkminer v6.exe (PID: 4448)

    • Reads the machine GUID from the registry

      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 7616)
      • msiexec.exe (PID: 780)

    • Checks proxy server information

      • slui.exe (PID: 8104)
      • Darkminer v6.exe (PID: 3972)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
237
Monitored processes
85
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe setup.exe no specs msiexec.exe msiexec.exe msiexec.exe no specs sppextcomobj.exe no specs slui.exe vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs notepad.exe no specs darkminer v6.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs windowsdesktop-runtime-6.0.32-win-x64.exe windowsdesktop-runtime-6.0.32-win-x64.exe windowsdesktop-runtime-6.0.32-win-x64.exe msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msedge.exe no specs msedge.exe no specs darkminer v6.exe msedge.exe no specs msedge.exe no specs rundll32.exe no specs darkminer v6.exe msedge.exe no specs notepad.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs darkminer v6.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
240"C:\Users\admin\Desktop\setup.exe" C:\Users\admin\Desktop\setup.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup
Exit code:
0
Version:
17.0.33606.225 built by: D17.6
Modules
Images
c:\users\admin\desktop\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
444"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\READ ME.txtC:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
448\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSrTasks.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
652"C:\Users\admin\Downloads\windowsdesktop-runtime-6.0.32-win-x64.exe" C:\Users\admin\Downloads\windowsdesktop-runtime-6.0.32-win-x64.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Windows Desktop Runtime - 6.0.32 (x64)
Exit code:
0
Version:
6.0.32.33814
Modules
Images
c:\users\admin\downloads\windowsdesktop-runtime-6.0.32-win-x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
780C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
884"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-windowC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1140C:\Windows\syswow64\MsiExec.exe -Embedding 0C9DA8363788122234DED78F229F7F5BC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
1452"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4672 --field-trial-handle=2344,i,9338777618442052094,6760593643018076686,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1708"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3868 --field-trial-handle=2344,i,9338777618442052094,6760593643018076686,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1912C:\Windows\syswow64\MsiExec.exe -Embedding DCFC645F6CA49C57C25316841FE891F9C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
Total events
48 589
Read events
47 174
Write events
1 347
Delete events
68

Modification events

(PID) Process:(5404) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(5404) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(5404) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(5404) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Crypto.Wallet.Cracker.5.7.rar
(PID) Process:(5404) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(5404) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(5404) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(5404) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(5404) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\3c\52C64B7E
Operation:writeName:@C:\WINDOWS\System32\msimsg.dll,-34
Value:
Windows Installer Package
(PID) Process:(240) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
539
Suspicious files
365
Text files
135
Unknown types
42

Dropped files

PID
Process
Filename
Type
780msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
5404WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5404.48965\Crypto Wallet Cracker 5.7.vdprojtext
MD5:53DB084C1868FFF4B2F086E529D8B838
SHA256:8EC19CEA3E1357CAC069825CE19F9399DC5B7776C4B498B86D0100F2C68E9608
780msiexec.exeC:\WINDOWS\TEMP\~DFD638E7F52551F992.TMPbinary
MD5:3C62EFC3D8FE418D426CD51BF662F186
SHA256:F33F4166E1DA9EDA9F8127D86EF3025C030C15CE1EA794D6F6C5FE99D4EDD15B
780msiexec.exeC:\Program Files (x86)\CWC\Crypto Wallet Cracker 5.7\mining_bitcoin_coin_cryptocurrency_money_icon_211007.icoimage
MD5:E43373361B937C1035A8D8F9366D8AD0
SHA256:270B31B91C23CAB04604D08DD08EE72EF08F83F8CC8E9450BAA2212B40FE00D1
780msiexec.exeC:\WINDOWS\Installer\MSI4ECE.tmpexecutable
MD5:B77A2A2768B9CC78A71BBFFB9812B978
SHA256:F74C97B1A53541B059D3BFAFE41A79005CE5065F8210D7DE9F1B600DC4E28AA0
5404WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5404.48965\setup.exeexecutable
MD5:486C49F2DD4E5683AF1D047FFDFB5EEB
SHA256:091583602D7B6EF59FE5028C536CE89EA98D98C5C2B35CB09454F011478ED29C
780msiexec.exeC:\System Volume Information\SPP\OnlineMetadataCache\{f63da1fd-5c3e-413f-841a-746c0c4f85a7}_OnDiskSnapshotPropbinary
MD5:CFA385B7EB4EC9E7320E4958FCA0DB43
SHA256:B9531E3BF92C266186D7235556167CFD9AB8D8C87B55EF4C7DE736F1E75ED5A5
5404WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5404.48965\KEY.txttext
MD5:EDC6C83A5C7015AA754683278B9D8805
SHA256:327A377BC13C8FA3EEEC3DB35824A409E3BC2F9D967C65A66996EA2960578C9E
780msiexec.exeC:\System Volume Information\SPP\snapshot-2binary
MD5:CFA385B7EB4EC9E7320E4958FCA0DB43
SHA256:B9531E3BF92C266186D7235556167CFD9AB8D8C87B55EF4C7DE736F1E75ED5A5
780msiexec.exeC:\WINDOWS\Installer\inprogressinstallinfo.ipibinary
MD5:3C62EFC3D8FE418D426CD51BF662F186
SHA256:F33F4166E1DA9EDA9F8127D86EF3025C030C15CE1EA794D6F6C5FE99D4EDD15B
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
32
TCP/UDP connections
123
DNS requests
91
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3676
MoUsoCoreWorker.exe
GET
200
2.16.164.81:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
3676
MoUsoCoreWorker.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6348
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
4656
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
3652
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
3040
OfficeClickToRun.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
2436
svchost.exe
HEAD
200
23.48.23.7:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/aad09a72-80db-4ffe-81ce-9b317e7d891b?P1=1721170965&P2=404&P3=2&P4=kUrlZK76GhRDgLjmEkQ%2fkNFrkKXSgsXfgmmNhD3ORqWuY50TDOscIq7nwEheaxqNfNhvpMfI63iodht3FaMFAQ%3d%3d
unknown
whitelisted
7108
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7108
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
2436
svchost.exe
GET
206
23.48.23.7:80
http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/aad09a72-80db-4ffe-81ce-9b317e7d891b?P1=1721170965&P2=404&P3=2&P4=kUrlZK76GhRDgLjmEkQ%2fkNFrkKXSgsXfgmmNhD3ORqWuY50TDOscIq7nwEheaxqNfNhvpMfI63iodht3FaMFAQ%3d%3d
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
4032
svchost.exe
239.255.255.250:1900
whitelisted
2340
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2124
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3676
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4656
SearchApp.exe
2.23.209.168:443
www.bing.com
Akamai International B.V.
GB
unknown
4656
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
3652
svchost.exe
40.126.31.67:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3652
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 51.104.136.2
  • 40.127.240.158
whitelisted
www.bing.com
  • 2.23.209.168
  • 2.23.209.150
  • 2.23.209.174
  • 2.23.209.154
  • 2.23.209.158
  • 2.23.209.156
  • 2.23.209.176
  • 2.23.209.166
  • 2.23.209.160
  • 92.123.104.20
  • 92.123.104.19
  • 92.123.104.18
  • 92.123.104.21
  • 92.123.104.10
  • 92.123.104.14
  • 92.123.104.13
  • 92.123.104.16
  • 92.123.104.26
  • 92.123.104.22
  • 92.123.104.30
  • 92.123.104.31
  • 92.123.104.35
  • 92.123.104.37
  • 92.123.104.38
  • 92.123.104.29
  • 92.123.104.32
  • 92.123.104.33
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
google.com
  • 142.250.186.46
whitelisted
login.live.com
  • 40.126.31.67
  • 20.190.159.2
  • 20.190.159.23
  • 40.126.31.73
  • 40.126.31.69
  • 20.190.159.4
  • 20.190.159.64
  • 20.190.159.73
whitelisted
go.microsoft.com
  • 184.28.89.167
  • 69.192.162.125
whitelisted
nexusrules.officeapps.live.com
  • 52.111.227.13
whitelisted
client.wns.windows.com
  • 40.113.103.199
whitelisted
crl.microsoft.com
  • 2.16.164.81
  • 2.16.164.43
  • 2.16.164.18
  • 2.16.164.114
  • 2.16.164.120
  • 2.16.164.97
  • 23.48.23.143
  • 23.48.23.147
whitelisted
www.microsoft.com
  • 88.221.169.152
  • 69.192.161.161
  • 23.35.229.160
whitelisted

Threats

PID
Process
Class
Message
3972
Darkminer v6.exe
A Network Trojan was detected
ET HUNTING Terse Unencrypted Request for Google - Likely Connectivity Check
Process
Message
Darkminer v6.exe
You must install .NET to run this application. App: C:\Program Files (x86)\CWC\Crypto Wallet Cracker 5.7\Darkminer v6.exe Architecture: x64 App host version: 6.0.20 .NET location: Not found Learn about runtime installation: https://aka.ms/dotnet/app-launch-failed Download the .NET runtime: https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=6.0.20
Darkminer v6.exe
Profiler was prevented from loading notification profiler due to app settings. Process ID (decimal): 4448. Message ID: [0x2509].
Darkminer v6.exe
Profiler was prevented from loading notification profiler due to app settings. Process ID (decimal): 3972. Message ID: [0x2509].
Darkminer v6.exe
Profiler was prevented from loading notification profiler due to app settings. Process ID (decimal): 7484. Message ID: [0x2509].
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/moneyrobot2023/Crypto-Wallet-Cracker/releases/download/CryptoWalletCracker/Crypto.Wallet.Cracker.5.7.rar