File name: | 1.rar |
Full analysis: | https://app.any.run/tasks/0dbe4d17-aa95-4f03-be4d-e3eee953278e |
Verdict: | Malicious activity |
Threats: | njRAT is a remote access trojan. It is one of the most widely accessible RATs on the market that features an abundance of educational information. Interested attackers can even find tutorials on YouTube. This allows it to become one of the most popular RATs in the world. |
Analysis date: | April 25, 2019, 17:16:26 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 39F7364B33E2D41DFFDEA06B4A39DE5A |
SHA1: | F01E0BA9367B2ED8C76D9029DDBBA270E4316D42 |
SHA256: | F4BA20CFA3D260B55A3F8FEC42ACDA144C088D200140A2F978CF3113A48020BA |
SSDEEP: | 196608:mA62Qzv4IxwlJoRdNYi3gFCKTdfVXFITHru2ISWxHNAi/+PHkRBzKUv+Ie:j62QdxwGz3ggOdNXKXubvAhcaUv+P |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
940 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\1.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3092 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2160 | "C:\Users\admin\Desktop\Cracking Netflix GiftCards\Checkers\2019- Netflix Giftcard checker ( working )\2018 Gift card checker\NetFlix GC Checker by xRisky.exe" | C:\Users\admin\Desktop\Cracking Netflix GiftCards\Checkers\2019- Netflix Giftcard checker ( working )\2018 Gift card checker\NetFlix GC Checker by xRisky.exe | — | explorer.exe |
User: admin Company: NetFlix GC Checker by xRisky Integrity Level: MEDIUM Description: NetFlix GC Checker by xRisky Exit code: 4294967295 Version: 1.0.0.0 | ||||
3968 | "C:\Users\admin\Desktop\Cracking Netflix GiftCards\Checkers\2019- Netflix Giftcard checker ( working )\GoldFlix Checker.exe" | C:\Users\admin\Desktop\Cracking Netflix GiftCards\Checkers\2019- Netflix Giftcard checker ( working )\GoldFlix Checker.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Description: WindowsApplication1 Exit code: 0 Version: 1.0.0.0 | ||||
2596 | "C:\Users\admin\Desktop\Cracking Netflix GiftCards\Checkers\2019- Netflix Giftcard checker ( working )\GoldFlix Checker.exe" | C:\Users\admin\Desktop\Cracking Netflix GiftCards\Checkers\2019- Netflix Giftcard checker ( working )\GoldFlix Checker.exe | explorer.exe | |
User: admin Integrity Level: HIGH Description: WindowsApplication1 Exit code: 0 Version: 1.0.0.0 | ||||
3784 | "C:\Windows\winconfig.exe" | C:\Windows\winconfig.exe | GoldFlix Checker.exe | |
User: admin Integrity Level: HIGH Description: WindowsApplication1 Version: 1.0.0.0 | ||||
768 | netsh firewall add allowedprogram "C:\Windows\winconfig.exe" "winconfig.exe" ENABLE | C:\Windows\system32\netsh.exe | — | winconfig.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Network Command Shell Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
940 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa940.12245\Cracking Netflix GiftCards\Combo\Cards2.txt | — | |
MD5:— | SHA256:— | |||
940 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa940.12245\Cracking Netflix GiftCards\HQ Proxy\HQ for Netflix.url | — | |
MD5:— | SHA256:— | |||
940 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa940.12245\Cracking Netflix GiftCards\HQ Proxy\SOCKS 4 for netflix.txt | — | |
MD5:— | SHA256:— | |||
940 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa940.12245\Cracking Netflix GiftCards\Checkers\2019- Netflix Giftcard checker ( working )\2018 Gift card checker\NetFlix GC Checker by xRisky.exe | executable | |
MD5:C20FE813CE74AFAAECC2963ED2F38399 | SHA256:0A33AC7F5C5A236E63FF5CC404F39364D6F571601C85484C24E5B4B33B3D5B70 | |||
940 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa940.12245\Cracking Netflix GiftCards\Checkers\2019- Netflix Giftcard checker ( working )\Working.PNG | image | |
MD5:2B25ACAA6A34EEF1AE779E6E1C69B1A5 | SHA256:DE2F22F9106FA745BD831E12AAF732B9264634DD666868A264AF79C457E68F77 | |||
940 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa940.12245\Cracking Netflix GiftCards\Checkers\2019- Netflix Giftcard checker ( working )\Read before use ( WHY NOT LAUNCH ).txt | text | |
MD5:B07BBB689C7984899FA3185952426A0E | SHA256:90B509E2141815468B6A3192C6FD432A3F630B14DC4892FB7B8D7DD1819129B8 | |||
940 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa940.12245\Cracking Netflix GiftCards\Checkers\2019- Netflix Giftcard checker ( working )\Youtube Tutorial.url | text | |
MD5:9FB855B58E65838E920535A1F85D6436 | SHA256:7B7C8B236B26A90A5D3A5088725512658BDB3088AD124E38C883A8344955628F | |||
940 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa940.12245\Cracking Netflix GiftCards\Combo\Cards1.txt | text | |
MD5:E66728F8F7B9F6F748AD1D31A0CC3CAB | SHA256:C2D02BDFFF17F7D973FC2E538D8CFE37AC41FC742BB46FCF6E4D86700417056C | |||
940 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa940.12245\Cracking Netflix GiftCards\Checkers\2019- Netflix Giftcard checker ( working )\VirusTotal.txt | text | |
MD5:50473E81C12A69B1914E45206A6C7E31 | SHA256:89E9633664AD0CF1CEA8E244C632057F20572B53CDBB8311676F4A7F0DC02B4F | |||
940 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa940.12245\Cracking Netflix GiftCards\Checkers\2019- Netflix Giftcard checker ( working )\GoldFlix Checker.exe | executable | |
MD5:19F1E1913D37B8698E4FC1BB350D754A | SHA256:9D9C257A3F669BABDA5BBBB3D143A7575F17BEE0425F90F80F2EF7BD807BFBC5 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3784 | winconfig.exe | 41.225.112.130:1411 | hccr.sytes.net | GLOBALNET-AS | TN | unknown |
Domain | IP | Reputation |
---|---|---|
hccr.sytes.net |
| malicious |
dns.msftncsi.com |
| shared |