download:

/moneyrobot2023/Crypto-Wallet-Cracker/releases/download/CryptoWalletCracker/Crypto.Wallet.Cracker.5.7.rar

Full analysis: https://app.any.run/tasks/fe8459a0-b0de-4e17-b472-0857d3476d2e
Verdict: Malicious activity
Analysis date: July 11, 2024, 19:04:28
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v5
MD5:

008A71C31D17D13A097B128DDEC47035

SHA1:

D7A241EF4DDAA803E4A0342896AC2A9006EF5074

SHA256:

CADB67F5CA6A96B197517381AE03BA2FF7DC54C3ABAF8F6E464EBD423BB13A03

SSDEEP:

98304:eJXTUNmzG/Ftj2jGtgZR+Lh0cLlElfp/f2NGA+bs93wAq3YiIHiyJB3Q8UsR2kqv:13/wAFy

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • WinRAR.exe (PID: 5404)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 652)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 6660)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 7616)
      • msiexec.exe (PID: 780)

    • Changes the autorun value in the registry

      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 7616)

  • SUSPICIOUS

    • Reads security settings of Internet Explorer

      • setup.exe (PID: 240)
      • Darkminer v6.exe (PID: 6856)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 6660)

    • Reads the date of Windows installation

      • setup.exe (PID: 240)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 6660)

    • Process drops legitimate windows executable

      • msiexec.exe (PID: 4536)
      • msiexec.exe (PID: 780)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 652)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 6660)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 7616)

    • Reads the Windows owner or organization settings

      • msiexec.exe (PID: 780)

    • Executes as Windows Service

      • VSSVC.exe (PID: 5908)

    • Starts a Microsoft application from unusual location

      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 6660)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 7616)

    • Executable content was dropped or overwritten

      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 652)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 6660)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 7616)

    • Searches for installed software

      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 6660)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 7616)

    • Starts itself from another location

      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 6660)

    • Checks Windows Trust Settings

      • msiexec.exe (PID: 780)

    • Creates a software uninstall entry

      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 7616)

    • The process creates files with name similar to system file names

      • msiexec.exe (PID: 780)

    • The process drops C-runtime libraries

      • msiexec.exe (PID: 780)

  • INFO

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 5404)
      • msiexec.exe (PID: 780)
      • msiexec.exe (PID: 4536)
      • msedge.exe (PID: 2044)

    • Reads the computer name

      • setup.exe (PID: 240)
      • msiexec.exe (PID: 780)
      • msiexec.exe (PID: 5576)
      • msiexec.exe (PID: 1912)
      • Darkminer v6.exe (PID: 6856)
      • identity_helper.exe (PID: 7608)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 6660)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 7616)
      • msiexec.exe (PID: 1140)
      • msiexec.exe (PID: 8124)
      • msiexec.exe (PID: 3232)
      • msiexec.exe (PID: 6816)
      • Darkminer v6.exe (PID: 4448)
      • Darkminer v6.exe (PID: 3972)
      • identity_helper.exe (PID: 3540)
      • Darkminer v6.exe (PID: 7484)

    • Checks supported languages

      • setup.exe (PID: 240)
      • msiexec.exe (PID: 780)
      • msiexec.exe (PID: 5576)
      • msiexec.exe (PID: 1912)
      • Darkminer v6.exe (PID: 6856)
      • identity_helper.exe (PID: 7608)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 652)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 6660)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 7616)
      • msiexec.exe (PID: 1140)
      • msiexec.exe (PID: 8124)
      • msiexec.exe (PID: 3232)
      • msiexec.exe (PID: 6816)
      • Darkminer v6.exe (PID: 3972)
      • Darkminer v6.exe (PID: 4448)
      • identity_helper.exe (PID: 3540)
      • Darkminer v6.exe (PID: 7484)

    • Manual execution by a user

      • setup.exe (PID: 240)
      • Darkminer v6.exe (PID: 6856)
      • notepad.exe (PID: 444)
      • Darkminer v6.exe (PID: 4448)
      • Darkminer v6.exe (PID: 3972)
      • notepad.exe (PID: 7552)
      • Darkminer v6.exe (PID: 7484)

    • Process checks computer location settings

      • setup.exe (PID: 240)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 6660)

    • Drops the executable file immediately after the start

      • msiexec.exe (PID: 4536)
      • msedge.exe (PID: 2044)
      • msedge.exe (PID: 7688)

    • Create files in a temporary directory

      • setup.exe (PID: 240)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 652)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 6660)
      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 7616)

    • Creates files or folders in the user directory

      • msiexec.exe (PID: 780)

    • Reads security settings of Internet Explorer

      • notepad.exe (PID: 444)
      • notepad.exe (PID: 7552)

    • Reads Microsoft Office registry keys

      • Darkminer v6.exe (PID: 6856)
      • msedge.exe (PID: 2044)
      • msedge.exe (PID: 884)

    • Application launched itself

      • msedge.exe (PID: 2044)
      • msedge.exe (PID: 884)

    • Reads the software policy settings

      • slui.exe (PID: 2416)
      • msiexec.exe (PID: 780)
      • slui.exe (PID: 8104)

    • Creates a software uninstall entry

      • msiexec.exe (PID: 780)

    • The process uses the downloaded file

      • msedge.exe (PID: 2044)
      • msedge.exe (PID: 4448)

    • Reads the machine GUID from the registry

      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 7616)
      • msiexec.exe (PID: 780)

    • Creates files in the program directory

      • windowsdesktop-runtime-6.0.32-win-x64.exe (PID: 7616)
      • Darkminer v6.exe (PID: 4448)

    • Checks proxy server information

      • slui.exe (PID: 8104)
      • Darkminer v6.exe (PID: 3972)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v5.0) (61.5)
.rar | RAR compressed archive (gen) (38.4)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
237
Monitored processes
85
Malicious processes
5
Suspicious processes
1

Behavior graph

Click at the process to see the details
start winrar.exe setup.exe no specs msiexec.exe msiexec.exe msiexec.exe no specs sppextcomobj.exe no specs slui.exe vssvc.exe no specs srtasks.exe no specs conhost.exe no specs msiexec.exe no specs notepad.exe no specs darkminer v6.exe msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs slui.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs windowsdesktop-runtime-6.0.32-win-x64.exe windowsdesktop-runtime-6.0.32-win-x64.exe windowsdesktop-runtime-6.0.32-win-x64.exe msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msiexec.exe no specs msedge.exe no specs msedge.exe no specs darkminer v6.exe msedge.exe no specs msedge.exe no specs rundll32.exe no specs darkminer v6.exe msedge.exe no specs notepad.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs msedge.exe msedge.exe no specs msedge.exe no specs identity_helper.exe no specs identity_helper.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs msedge.exe no specs darkminer v6.exe msedge.exe no specs msedge.exe no specs msedge.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
240"C:\Users\admin\Desktop\setup.exe" C:\Users\admin\Desktop\setup.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup
Exit code:
0
Version:
17.0.33606.225 built by: D17.6
Modules
Images
c:\users\admin\desktop\setup.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\acgenral.dll
444"C:\WINDOWS\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\READ ME.txtC:\Windows\System32\notepad.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\user32.dll
448\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1C:\Windows\System32\conhost.exeSrTasks.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Console Window Host
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\conhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\shcore.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll
652"C:\Users\admin\Downloads\windowsdesktop-runtime-6.0.32-win-x64.exe" C:\Users\admin\Downloads\windowsdesktop-runtime-6.0.32-win-x64.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Windows Desktop Runtime - 6.0.32 (x64)
Exit code:
0
Version:
6.0.32.33814
Modules
Images
c:\users\admin\downloads\windowsdesktop-runtime-6.0.32-win-x64.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\advapi32.dll
780C:\WINDOWS\system32\msiexec.exe /VC:\Windows\System32\msiexec.exe
services.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows® installer
Version:
5.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\aclayers.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
884"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-windowC:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
msedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1140C:\Windows\syswow64\MsiExec.exe -Embedding 0C9DA8363788122234DED78F229F7F5BC:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
1452"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4672 --field-trial-handle=2344,i,9338777618442052094,6760593643018076686,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1708"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3868 --field-trial-handle=2344,i,9338777618442052094,6760593643018076686,262144 --variations-seed-version /prefetch:8C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exemsedge.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Microsoft Edge
Exit code:
0
Version:
122.0.2365.59
Modules
Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
1912C:\Windows\syswow64\MsiExec.exe -Embedding DCFC645F6CA49C57C25316841FE891F9C:\Windows\SysWOW64\msiexec.exemsiexec.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows® installer
Exit code:
0
Version:
5.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\msiexec.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
Total events
48 589
Read events
47 174
Write events
1 347
Delete events
68

Modification events

(PID) Process:(5404) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(5404) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(5404) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(5404) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Crypto.Wallet.Cracker.5.7.rar
(PID) Process:(5404) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(5404) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(5404) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(5404) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(5404) WinRAR.exeKey:HKEY_CLASSES_ROOT\Local Settings\MuiCache\3c\52C64B7E
Operation:writeName:@C:\WINDOWS\System32\msimsg.dll,-34
Value:
Windows Installer Package
(PID) Process:(240) setup.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
539
Suspicious files
365
Text files
135
Unknown types
42

Dropped files

PID
Process
Filename
Type
780msiexec.exeC:\System Volume Information\SPP\metadata-2
MD5:
SHA256:
5404WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5404.48965\READ ME.txttext
MD5:18F6774AA1263C8614DBD1B1E90BF6C4
SHA256:59D13E2D62865E2CB78FA8F86D09FC86DD4DEEF6867D45FC51F298F8044D6E54
5404WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5404.48965\KEY.txttext
MD5:EDC6C83A5C7015AA754683278B9D8805
SHA256:327A377BC13C8FA3EEEC3DB35824A409E3BC2F9D967C65A66996EA2960578C9E
5404WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5404.48965\NOT WORKING.txttext
MD5:A3B440CE4EE60130EA4EFB29769D537B
SHA256:36EFD1584ECBE4DFD1C2105CBA29D32587CB12EACF2D4352735A42685762DFF8
5404WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5404.48965\Crypto Wallet Cracker 5.7.msiexecutable
MD5:D079A25349110B85CBC324CC64313734
SHA256:4549C2D57A976A63061881C6CCF1D76DF24AD098D2B00CD5244C664338E8A0AF
4536msiexec.exeC:\Users\admin\AppData\Local\Temp\MSIE8A.tmpexecutable
MD5:B77A2A2768B9CC78A71BBFFB9812B978
SHA256:F74C97B1A53541B059D3BFAFE41A79005CE5065F8210D7DE9F1B600DC4E28AA0
5404WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5404.48965\setup.exeexecutable
MD5:486C49F2DD4E5683AF1D047FFDFB5EEB
SHA256:091583602D7B6EF59FE5028C536CE89EA98D98C5C2B35CB09454F011478ED29C
4536msiexec.exeC:\Users\admin\AppData\Local\Temp\MSIE3B.tmpexecutable
MD5:B77A2A2768B9CC78A71BBFFB9812B978
SHA256:F74C97B1A53541B059D3BFAFE41A79005CE5065F8210D7DE9F1B600DC4E28AA0
5404WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa5404.48965\Crypto Wallet Cracker 5.7.vdprojtext
MD5:53DB084C1868FFF4B2F086E529D8B838
SHA256:8EC19CEA3E1357CAC069825CE19F9399DC5B7776C4B498B86D0100F2C68E9608
780msiexec.exeC:\WINDOWS\Installer\MSI4ECE.tmpexecutable
MD5:B77A2A2768B9CC78A71BBFFB9812B978
SHA256:F74C97B1A53541B059D3BFAFE41A79005CE5065F8210D7DE9F1B600DC4E28AA0
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
32
TCP/UDP connections
123
DNS requests
91
Threats
1

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
4656
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
3652
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
3676
MoUsoCoreWorker.exe
GET
200
2.16.164.81:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
3676
MoUsoCoreWorker.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
6348
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
7108
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
7108
SIHClient.exe
GET
200
88.221.169.152:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
6436
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
2044
msedge.exe
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
2044
msedge.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
4032
svchost.exe
239.255.255.250:1900
whitelisted
2340
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
2124
RUXIMICS.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3676
MoUsoCoreWorker.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
4656
SearchApp.exe
2.23.209.168:443
www.bing.com
Akamai International B.V.
GB
unknown
4656
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
3652
svchost.exe
40.126.31.67:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3652
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.124.78.146
  • 51.104.136.2
  • 40.127.240.158
whitelisted
www.bing.com
  • 2.23.209.168
  • 2.23.209.150
  • 2.23.209.174
  • 2.23.209.154
  • 2.23.209.158
  • 2.23.209.156
  • 2.23.209.176
  • 2.23.209.166
  • 2.23.209.160
  • 92.123.104.20
  • 92.123.104.19
  • 92.123.104.18
  • 92.123.104.21
  • 92.123.104.10
  • 92.123.104.14
  • 92.123.104.13
  • 92.123.104.16
  • 92.123.104.26
  • 92.123.104.22
  • 92.123.104.30
  • 92.123.104.31
  • 92.123.104.35
  • 92.123.104.37
  • 92.123.104.38
  • 92.123.104.29
  • 92.123.104.32
  • 92.123.104.33
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
google.com
  • 142.250.186.46
whitelisted
login.live.com
  • 40.126.31.67
  • 20.190.159.2
  • 20.190.159.23
  • 40.126.31.73
  • 40.126.31.69
  • 20.190.159.4
  • 20.190.159.64
  • 20.190.159.73
whitelisted
go.microsoft.com
  • 184.28.89.167
  • 69.192.162.125
whitelisted
nexusrules.officeapps.live.com
  • 52.111.227.13
whitelisted
client.wns.windows.com
  • 40.113.103.199
whitelisted
crl.microsoft.com
  • 2.16.164.81
  • 2.16.164.43
  • 2.16.164.18
  • 2.16.164.114
  • 2.16.164.120
  • 2.16.164.97
  • 23.48.23.143
  • 23.48.23.147
whitelisted
www.microsoft.com
  • 88.221.169.152
  • 69.192.161.161
  • 23.35.229.160
whitelisted

Threats

PID
Process
Class
Message
3972
Darkminer v6.exe
A Network Trojan was detected
ET HUNTING Terse Unencrypted Request for Google - Likely Connectivity Check
Process
Message
Darkminer v6.exe
You must install .NET to run this application. App: C:\Program Files (x86)\CWC\Crypto Wallet Cracker 5.7\Darkminer v6.exe Architecture: x64 App host version: 6.0.20 .NET location: Not found Learn about runtime installation: https://aka.ms/dotnet/app-launch-failed Download the .NET runtime: https://aka.ms/dotnet-core-applaunch?missing_runtime=true&arch=x64&rid=win10-x64&apphost_version=6.0.20
Darkminer v6.exe
Profiler was prevented from loading notification profiler due to app settings. Process ID (decimal): 4448. Message ID: [0x2509].
Darkminer v6.exe
Profiler was prevented from loading notification profiler due to app settings. Process ID (decimal): 3972. Message ID: [0x2509].
Darkminer v6.exe
Profiler was prevented from loading notification profiler due to app settings. Process ID (decimal): 7484. Message ID: [0x2509].
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
/moneyrobot2023/Crypto-Wallet-Cracker/releases/download/CryptoWalletCracker/Crypto.Wallet.Cracker.5.7.rar