analyze malware
- Huge database of samples and IOCs
- Custom VM setup
- Unlimited submissions
- Interactive approach
| File name: | TCM.rar |
| Full analysis: | https://app.any.run/tasks/5227bf57-e4cb-421d-b583-a8b81df3ead8 |
| Verdict: | Malicious activity |
| Analysis date: | December 18, 2018, 18:06:19 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | application/x-rar |
| File info: | RAR archive data, v5 |
| MD5: | 7DC33EFCFD0FFEF566861246E2742341 |
| SHA1: | A5EF256CF5EEAB56C7421524642FE1F9A682F809 |
| SHA256: | CAF30FE53C3F776CAC6F33558427F1DE4F85AC9CD7B437167C04D22AD802AEAF |
| SSDEEP: | 24576:VfX/EzLLZQJJItMoGtrO8d4W6KFV1XRJyyfNAr9Kin1VGdjcy8NHDs6pEAq45iIB:9idOiM5xiiSr7n1VGtxC/pEp6 |
MALICIOUS
Application was dropped or rewritten from another process
- TCM Fortnite Tool.exe (PID: 3132)
- TCM Fortnite Tool.exe (PID: 3228)
Loads dropped or rewritten executable
- TCM Fortnite Tool.exe (PID: 3132)
- TCM Fortnite Tool.exe (PID: 3228)
SUSPICIOUS
Executable content was dropped or overwritten
- WinRAR.exe (PID: 2852)
- TCM Fortnite Tool.exe (PID: 3132)
INFO
No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .rar | | | RAR compressed archive (v5.0) (61.5) |
|---|---|---|
| .rar | | | RAR compressed archive (gen) (38.4) |
Total processes
31
Monitored processes
3
Malicious processes
2
Suspicious processes
1
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process |
|---|---|---|---|---|
| 2852 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\TCM.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
| 3132 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2852.41788\TCM\TCM Fortnite Tool.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2852.41788\TCM\TCM Fortnite Tool.exe | WinRAR.exe | |
User: admin Integrity Level: MEDIUM Description: TCM Fortnite Tool Version: 1.0.0.0 | ||||
| 3228 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2852.46352\TCM\TCM Fortnite Tool.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2852.46352\TCM\TCM Fortnite Tool.exe | WinRAR.exe | |
User: admin Integrity Level: MEDIUM Description: TCM Fortnite Tool Version: 1.0.0.0 | ||||
Total events
513
Read events
469
Write events
0
Delete events
0
Modification events
Executable files
15
Suspicious files
0
Text files
0
Unknown types
2
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2852 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2852.41788\TCM\HtmlAgilityPack.dll | executable | |
MD5:45223650CFF5E89E56C1BDD4CB7FB786 | SHA256:8019602AF8F267C4E09489B3D80B514B2498A495D0FA3D7D74C2EB86B1E25781 | |||
| 2852 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2852.41788\TCM\TrayNotification.dll | executable | |
MD5:10EB787D7E694D39A4E89F94DA681029 | SHA256:6D877012DB1A84A9A7A6682DD3EE27D9B10A647C79F82E6694C98FEC44BAD759 | |||
| 2852 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2852.46352\TCM\NotificationSound\beep.wav | wav | |
MD5:248DDC4190B35F7DAE7F2C851F7F0E2C | SHA256:8A57FAA5E59D2DD499F103E8188217FFB13331E153DC2A726B5247001336C0D5 | |||
| 2852 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2852.41788\TCM\TCM Fortnite Tool.exe | executable | |
MD5:648D7DF6AD3509529EF9FF0C7FA210BA | SHA256:927CB64AF4BCBF920AF6AC63A3E1EF2EA58342D9F142FB0EF4567A98926DA8F1 | |||
| 2852 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2852.46352\TCM\HtmlAgilityPack.dll | executable | |
MD5:45223650CFF5E89E56C1BDD4CB7FB786 | SHA256:8019602AF8F267C4E09489B3D80B514B2498A495D0FA3D7D74C2EB86B1E25781 | |||
| 2852 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2852.46352\TCM\TCM Fortnite Tool.exe | executable | |
MD5:648D7DF6AD3509529EF9FF0C7FA210BA | SHA256:927CB64AF4BCBF920AF6AC63A3E1EF2EA58342D9F142FB0EF4567A98926DA8F1 | |||
| 2852 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2852.41788\TCM\NotificationSound\beep.wav | wav | |
MD5:248DDC4190B35F7DAE7F2C851F7F0E2C | SHA256:8A57FAA5E59D2DD499F103E8188217FFB13331E153DC2A726B5247001336C0D5 | |||
| 2852 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2852.46352\TCM\TrayNotification.dll | executable | |
MD5:10EB787D7E694D39A4E89F94DA681029 | SHA256:6D877012DB1A84A9A7A6682DD3EE27D9B10A647C79F82E6694C98FEC44BAD759 | |||
| 2852 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2852.41788\TCM\Bunifu_UI_v1.5.3.dll | executable | |
MD5:2ECB51AB00C5F340380ECF849291DBCF | SHA256:F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF | |||
| 2852 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2852.46352\TCM\xNet.dll | executable | |
MD5:158DEFD55A804AA8D4D67BFDF7A4AF9C | SHA256:6C7EC4CC31A2CE0B97703B7A42E3448E9B87D96DDA12761CA24D8787AC27CFF1 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
2
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
3228 | TCM Fortnite Tool.exe | 104.18.32.242:443 | www.gamersocial.co | Cloudflare Inc | US | shared |
3132 | TCM Fortnite Tool.exe | 104.18.32.242:443 | www.gamersocial.co | Cloudflare Inc | US | shared |
DNS requests
Domain | IP | Reputation |
|---|---|---|
www.gamersocial.co |
| malicious |
gamersocial.co |
| malicious |