File name:

141347_-1600665868-Alicia-En-El-Pais-De-Las-Maravillas--2010---BluRay-MicroHD.torrent

Full analysis: https://app.any.run/tasks/ca8eed54-a11a-4a8d-aabe-04cd5631ff1e
Verdict: Malicious activity
Analysis date: July 11, 2024, 07:06:01
OS: Ubuntu 22.04.2
MIME: application/x-bittorrent
File info: BitTorrent file
MD5:

299BA9C5ED4D0B52CC8A90B01BF1177B

SHA1:

2A013A4FDCEA6412E161B95D896F4C85266393AF

SHA256:

ED454B0168D20685B8EFCB15E16CBA14D2FB1FDB3D5EA7EB77B07F49DFFE0C93

SSDEEP:

768:Pwost7NX2RfjgukCHMFcOVWJWXfKAZPhUE1JCP:IbNGRfj7kIMFLVWcXSAZZBo

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Reads /proc/mounts (likely used to find writable filesystems)

      • transmission-gtk (PID: 12919)

    • Reads network configuration

      • sudo (PID: 12918)

    • Gets active network interfaces

      • sudo (PID: 12918)

    • Executes commands using command-line interpreter

      • gnome-terminal-server (PID: 12954)

    • Executes the "rm" command to delete files or directories

      • sudo (PID: 12989)
      • sudo (PID: 12998)
      • sudo (PID: 12992)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.torrent | Torrent (trackerless) (57.6)
.torrent | Torrent (42.3)

EXIF

Torrent

Announce: http://share.camoe.cn:8080/announce
AnnounceList1: http://share.camoe.cn:8080/announce
AnnounceList2: udp://tracker.torrent.eu.org:451/announce
AnnounceList3: http://t.nyaatracker.com:80/announce
AnnounceList4: udp://thetracker.org:80/announce
AnnounceList5: udp://bt.xxx-tracker.com:2710/announce
AnnounceList6: udp://tracker.vanitycore.co:6969/announce
AnnounceList7: http://tracker.tfile.me:80/announce
AnnounceList8: udp://tracker.tiny-vps.com:6969/announce
AnnounceList9: http://retracker.telecom.by:80/announce
AnnounceList10: http://tracker.electro-torrent.pl:80/announce
AnnounceList11: udp://tracker.justseed.it:1337/announce
AnnounceList12: udp://tracker.leechers-paradise.org:6969/announce
AnnounceList13: udp://tracker.opentrackr.org:1337/announce
AnnounceList14: udp://tracker.coppersurfer.tk:6969/announce
AnnounceList15: udp://open.stealth.si:80/announce
AnnounceList16: http://retracker.mgts.by:80/announce
AnnounceList17: udp://tracker.cypherpunks.ru:6969/announce
AnnounceList18: udp://tracker.cyberia.is:6969/announce
AnnounceList19: udp://retracker.lanta-net.ru:2710/announce
AnnounceList20: udp://tracker.internetwarriors.net:1337/announce
AnnounceList21: udp://tracker.swateam.org.uk:2710/announce
Creator: uTorrent/1770
CreateDate: 2020:09:20 06:52:17+00:00
Encoding: UTF-8
File1Length: 990 MiB
File1Path: Alicia En El Pais De Las Maravillas (2010) [BluRay 720p X264 MKV][AC3 5.1 Castellano][www.PctFenix.com].part1.rar
File2Length: 990 MiB
File2Path: Alicia En El Pais De Las Maravillas (2010) [BluRay 720p X264 MKV][AC3 5.1 Castellano][www.PctFenix.com].part2.rar
File3Length: 990 MiB
File3Path: Alicia En El Pais De Las Maravillas (2010) [BluRay 720p X264 MKV][AC3 5.1 Castellano][www.PctFenix.com].part3.rar
File4Length: 990 MiB
File4Path: Alicia En El Pais De Las Maravillas (2010) [BluRay 720p X264 MKV][AC3 5.1 Castellano][www.PctFenix.com].part4.rar
File5Length: 990 MiB
File5Path: Alicia En El Pais De Las Maravillas (2010) [BluRay 720p X264 MKV][AC3 5.1 Castellano][www.PctFenix.com].part5.rar
File6Length: 515 MiB
File6Path: Alicia En El Pais De Las Maravillas (2010) [BluRay 720p X264 MKV][AC3 5.1 Castellano][www.PctFenix.com].part6.rar
File7Length: 111 bytes
File7Path: PCTFENIX COM.url
File8Length: 111 bytes
File8Path: PCTMIX COM.url
File9Length: 112 bytes
File9Path: PCTRELOAD COM.url
Name: Alicia En El Pais De Las Maravillas (2010) [BluRay 720p X264 MKV][AC3 5.1 Castellano][www.PctFenix.com]
PieceLength: 4194304
Pieces: (Binary data 27340 bytes, use -b option to extract)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
286
Monitored processes
72
Malicious processes
0
Suspicious processes
1

Behavior graph

Click at the process to see the details
sh no specs file no specs sh no specs sudo no specs transmission-gtk locale-check no specs systemctl no specs systemctl no specs systemctl no specs systemctl no specs systemctl no specs gnome-terminal no specs gnome-terminal.real no specs gnome-terminal-server no specs bash no specs lesspipe no specs basename no specs dash no specs dircolors no specs dirname no specs sudo no specs sudo no specs rm no specs sudo no specs sudo no specs rm no specs sudo no specs sudo no specs rm no specs ibus-mozc-gnome-initial-setup.sh no specs dpkg-query no specs grep no specs env no specs grep no specs grep no specs mkdir no specs seq no specs dconf no specs sleep no specs sleep no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs dash no specs systemd no specs bash no specs update-notifier no specs update-notifier no specs bash no specs bash no specs gnome-shell no specs update-notifier no specs

Process information

PID
CMD
Path
Indicators
Parent process
12915sh -c "file --mime-type /tmp/141347_-1600665868-Alicia-En-El-Pais-De-Las-Maravillas--2010---BluRay-MicroHD\.torrent"/bin/shany-guest-agent
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
12916file --mime-type /tmp/141347_-1600665868-Alicia-En-El-Pais-De-Las-Maravillas--2010---BluRay-MicroHD.torrent/usr/bin/filesh
User:
root
Integrity Level:
UNKNOWN
Exit code:
0
12917/bin/sh -c "DISPLAY=:0 sudo -iu user transmission-gtk /tmp/141347_-1600665868-Alicia-En-El-Pais-De-Las-Maravillas--2010---BluRay-MicroHD\.torrent "/bin/shany-guest-agent
User:
user
Integrity Level:
UNKNOWN
Exit code:
1195
12918sudo -iu user transmission-gtk /tmp/141347_-1600665868-Alicia-En-El-Pais-De-Las-Maravillas--2010---BluRay-MicroHD.torrent/usr/bin/sudosh
User:
user
Integrity Level:
UNKNOWN
Exit code:
1195
12919transmission-gtk /tmp/141347_-1600665868-Alicia-En-El-Pais-De-Las-Maravillas--2010---BluRay-MicroHD.torrent/usr/bin/transmission-gtk
sudo
User:
user
Integrity Level:
UNKNOWN
Exit code:
12919
12920/usr/bin/locale-check C.UTF-8/usr/bin/locale-checktransmission-gtk
User:
user
Integrity Level:
UNKNOWN
Exit code:
0
12939systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
482
12940systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
482
12941systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
482
12942systemctl --user --global is-enabled snap.snapd-desktop-integration.snapd-desktop-integration.service/usr/bin/systemctlsnapd
User:
root
Integrity Level:
UNKNOWN
Exit code:
482
Executable files
0
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
13003ibus-mozc-gnome-initial-setup.sh/home/user/.local/share/ibus-mozc-gnome-initial-setup.logtext
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
1
TCP/UDP connections
13
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
204
185.125.190.48:80
http://connectivity-check.ubuntu.com/
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
185.125.190.98:80
connectivity-check.ubuntu.com
Canonical Group Limited
GB
unknown
470
avahi-daemon
224.0.0.251:5353
unknown
185.125.190.49:80
connectivity-check.ubuntu.com
Canonical Group Limited
GB
unknown
185.125.190.48:80
connectivity-check.ubuntu.com
Canonical Group Limited
GB
unknown
212.102.56.178:443
odrs.gnome.org
Datacamp Limited
DE
unknown
12919
transmission-gtk
192.168.100.2:5351
whitelisted
12919
transmission-gtk
239.255.255.250:1900
whitelisted
485
snapd
185.125.188.59:443
api.snapcraft.io
Canonical Group Limited
GB
unknown
485
snapd
185.125.188.54:443
api.snapcraft.io
Canonical Group Limited
GB
unknown
485
snapd
185.125.188.55:443
api.snapcraft.io
Canonical Group Limited
GB
malicious

DNS requests

Domain
IP
Reputation
connectivity-check.ubuntu.com
  • 185.125.190.98
  • 91.189.91.98
  • 185.125.190.18
  • 91.189.91.97
  • 185.125.190.97
  • 185.125.190.96
  • 91.189.91.96
  • 91.189.91.49
  • 185.125.190.49
  • 91.189.91.48
  • 185.125.190.48
  • 185.125.190.17
  • 2620:2d:4000:1::96
  • 2001:67c:1562::23
  • 2620:2d:4000:1::2a
  • 2620:2d:4000:1::22
  • 2620:2d:4002:1::197
  • 2620:2d:4000:1::2b
  • 2620:2d:4002:1::198
  • 2620:2d:4002:1::196
  • 2620:2d:4000:1::98
  • 2620:2d:4000:1::23
  • 2620:2d:4000:1::97
  • 2001:67c:1562::24
whitelisted
google.com
  • 142.250.186.78
  • 2a00:1450:4001:81d::200e
whitelisted
odrs.gnome.org
  • 212.102.56.178
  • 195.181.175.41
  • 212.102.56.182
  • 156.146.33.141
  • 195.181.175.15
  • 156.146.33.137
  • 156.146.33.14
  • 2a02:6ea0:c700::22
  • 2a02:6ea0:c700::17
  • 2a02:6ea0:c700::18
  • 2a02:6ea0:c700::101
  • 2a02:6ea0:c700::11
  • 2a02:6ea0:c700::21
  • 2a02:6ea0:c700::10
whitelisted
api.snapcraft.io
  • 185.125.188.59
  • 185.125.188.55
  • 185.125.188.54
  • 185.125.188.58
whitelisted
173.100.168.192.in-addr.arpa
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
141347_-1600665868-Alicia-En-El-Pais-De-Las-Maravillas--2010---BluRay-MicroHD.torrent