File name: | Wizzy 1.0 [STABLE].rar |
Full analysis: | https://app.any.run/tasks/0a64fa3e-93be-4fe1-8529-944d1c259201 |
Verdict: | Malicious activity |
Analysis date: | May 30, 2020, 05:48:29 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 7B4BB001EF638D383DB5D25D98422DE1 |
SHA1: | A1A60921C9085CBCA879F74682FE17609831751D |
SHA256: | EE548018D5AD976A9080021F2699D612601EF5E30CFE62FC6150F599C247C244 |
SSDEEP: | 24576:zcvUw05mZTVxCgZa+FoGYoA2HvFS7gH9fJGPH/2SpSI3iRaAV2tG6/ad:zcMw05mBCE3fVpdqgdwv9UIzAVhf |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2832 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Wizzy 1.0 [STABLE].rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3340 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2832.6827\Wizzy 1.0 [STABLE]\Wizzy.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2832.6827\Wizzy 1.0 [STABLE]\Wizzy.exe | WinRAR.exe | |
User: admin Company: iL0nked is nice Integrity Level: MEDIUM Description: Wizzy Version: 1.0.0.0 | ||||
4036 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\Rar$DIa2832.7297\New Text Document (3).txt | C:\Windows\system32\NOTEPAD.EXE | — | WinRAR.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2832 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2832.6827\Wizzy 1.0 [STABLE]\Discord.Net.Rest.dll | executable | |
MD5:88918944E9F9CBA802986ACC328561D7 | SHA256:734D1CD614E1B75536AA75AB30538C7EBBBE2AA2887DDC14DB4514811451780B | |||
2832 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2832.6827\Wizzy 1.0 [STABLE]\Discord.Net.WebSocket.dll | executable | |
MD5:971281F3F2490C8F4908627D5F61987F | SHA256:B8163917A337A9638DBB8FCA5278D68B8AD2BA420E67810E17F9A78F69698708 | |||
2832 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa2832.7297\New Text Document (3).txt | text | |
MD5:24A4AA3C5DDB19475856706F835CE74C | SHA256:4366B327EF0ED8E7ED8419532FDC09015A269EC4253C31FA621FA96E17B6A8C0 | |||
2832 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2832.6827\Wizzy 1.0 [STABLE]\Wizzy.exe | executable | |
MD5:45E82A752360E0FCB01AF666D4CF0236 | SHA256:E0753B95AA5A366729D15547CFE3E7A2FAEE051FDD69AC828F5F8416807E3A7A | |||
2832 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2832.6827\Wizzy 1.0 [STABLE]\New Text Document (3).txt | text | |
MD5:24A4AA3C5DDB19475856706F835CE74C | SHA256:4366B327EF0ED8E7ED8419532FDC09015A269EC4253C31FA621FA96E17B6A8C0 | |||
2832 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2832.6827\Wizzy 1.0 [STABLE]\System.Collections.Immutable.dll | executable | |
MD5:AAD3B7C5828E16B4C8071E5AD64B3F7D | SHA256:A8E9CE5D4DB1897A939E60860154617300B0DFA4C4D3E10341F21AF0DE4BBFD5 | |||
2832 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2832.6827\Wizzy 1.0 [STABLE]\Discord.Net.Core.dll | executable | |
MD5:40E996C611EDB53F37B4FBB69C4A5DD2 | SHA256:B89083E8DAE8B40ACBFB383844F30A3020925ACFAB4A97333DF8DEC1B5F97334 | |||
2832 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2832.6827\Wizzy 1.0 [STABLE]\readme.txt | text | |
MD5:D20ED81AE5B258CA643662F3157E2037 | SHA256:EE3BCB5719C625AB79EC62117D4419F2ABF3EA1ADF62D3B090E4084E42399FE2 | |||
2832 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2832.6827\Wizzy 1.0 [STABLE]\Settings.json | text | |
MD5:3B16BAAE1105255B292132784D6FBB97 | SHA256:07C430FF9D8DAD380C21C891E763BA0C2DEFD0F7FE9B8E2642973D30FED75AF2 | |||
2832 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2832.6827\Wizzy 1.0 [STABLE]\WizzySettings.dll | executable | |
MD5:8C4287195E98DD1F722AA3881F46471A | SHA256:EAF70C365A11CE6D7CF9C3257B8B8FD607AA9D30FE5A9080351C3AAA7642B60F |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3340 | Wizzy.exe | 162.159.130.233:443 | discordapp.com | Cloudflare Inc | — | shared |
Domain | IP | Reputation |
---|---|---|
discordapp.com |
| whitelisted |