analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

Acrylic WiFi Professional 3.0.5770.30583 + Crack {B4tman}.rar

Full analysis: https://app.any.run/tasks/28a3a840-7a54-4b6e-b78f-cda6e0098f3a
Verdict: Malicious activity
Analysis date: December 06, 2019, 15:59:35
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32, flags: Solid
MD5:

6430D2F8A762170295455304A6C48997

SHA1:

186CF76397B5095F8D1020BE07454005B0C1034A

SHA256:

F685FD37EDB362DB46D69F7E9D76092B12CD07045541CF1D1F41E4409276E3C1

SSDEEP:

196608:EWAVf2aE4rcFO8h3I10Hk80UfXrwW3FVzcXeQ3tWIhH:VgfXEguI10Hk80UfXlMXEIhH

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • Setup.exe (PID: 1428)
      • Setup.exe (PID: 3140)
      • Acrylic.exe (PID: 928)
    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 3124)
      • explorer.exe (PID: 352)
      • Acrylic.exe (PID: 928)
    • Starts Visual C# compiler

      • Acrylic.exe (PID: 928)
    • Changes settings of System certificates

      • Acrylic.exe (PID: 928)
  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1712)
      • Setup.tmp (PID: 2400)
      • Setup.exe (PID: 3140)
      • Setup.exe (PID: 1428)
      • Setup.tmp (PID: 2284)
      • DllHost.exe (PID: 1024)
    • Reads Windows owner or organization settings

      • Setup.tmp (PID: 2400)
      • Setup.tmp (PID: 2284)
    • Reads the Windows organization settings

      • Setup.tmp (PID: 2400)
      • Setup.tmp (PID: 2284)
    • Creates files in the user directory

      • Acrylic.exe (PID: 928)
      • Setup.tmp (PID: 2284)
    • Reads Internet Cache Settings

      • Acrylic.exe (PID: 928)
    • Executed via COM

      • DllHost.exe (PID: 1024)
    • Reads internet explorer settings

      • Acrylic.exe (PID: 928)
    • Reads Environment values

      • Acrylic.exe (PID: 928)
    • Changes IE settings (feature browser emulation)

      • Acrylic.exe (PID: 928)
    • Adds / modifies Windows certificates

      • Acrylic.exe (PID: 928)
  • INFO

    • Application was dropped or rewritten from another process

      • Setup.tmp (PID: 2400)
      • Setup.tmp (PID: 2284)
    • Loads dropped or rewritten executable

      • Setup.tmp (PID: 2400)
      • Setup.tmp (PID: 2284)
    • Creates a software uninstall entry

      • Setup.tmp (PID: 2284)
    • Creates files in the program directory

      • Setup.tmp (PID: 2284)
    • Reads settings of System Certificates

      • Acrylic.exe (PID: 928)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

ArchivedFileName: Acrylic WiFi Professional 3.0.5770.30583 + Crack {B4tman}\informacion.txt
PackingMethod: Best Compression
ModifyDate: 2014:01:22 11:40:24
OperatingSystem: Win32
UncompressedSize: 110
CompressedSize: 247
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
58
Monitored processes
15
Malicious processes
6
Suspicious processes
1

Behavior graph

Click at the process to see the details
drop and start start drop and start drop and start drop and start winrar.exe searchprotocolhost.exe no specs setup.exe setup.tmp setup.exe setup.tmp acrylic.exe explorer.exe no specs csc.exe no specs cvtres.exe no specs Copy/Move/Rename/Delete/Link Object csc.exe no specs cvtres.exe no specs csc.exe no specs cvtres.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1712"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Acrylic WiFi Professional 3.0.5770.30583 + Crack {B4tman}.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
3124"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Version:
7.00.7600.16385 (win7_rtm.090713-1255)
3140"C:\Users\admin\AppData\Local\Temp\Rar$EXa1712.999\Acrylic WiFi Professional 3.0.5770.30583 + Crack {B4tman}\Setup.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXa1712.999\Acrylic WiFi Professional 3.0.5770.30583 + Crack {B4tman}\Setup.exe
WinRAR.exe
User:
admin
Company:
Tarlogic Security S.L.
Integrity Level:
MEDIUM
Description:
Acrylic Wi-Fi Professional Setup
Exit code:
0
Version:
2400"C:\Users\admin\AppData\Local\Temp\is-T3QBR.tmp\Setup.tmp" /SL5="$40182,8014445,265216,C:\Users\admin\AppData\Local\Temp\Rar$EXa1712.999\Acrylic WiFi Professional 3.0.5770.30583 + Crack {B4tman}\Setup.exe" C:\Users\admin\AppData\Local\Temp\is-T3QBR.tmp\Setup.tmp
Setup.exe
User:
admin
Integrity Level:
MEDIUM
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
1428"C:\Users\admin\AppData\Local\Temp\Rar$EXa1712.999\Acrylic WiFi Professional 3.0.5770.30583 + Crack {B4tman}\Setup.exe" /DIR="C:\Program Files\Acrylic Wi-Fi Professional" /ELEVATEC:\Users\admin\AppData\Local\Temp\Rar$EXa1712.999\Acrylic WiFi Professional 3.0.5770.30583 + Crack {B4tman}\Setup.exe
Setup.tmp
User:
admin
Company:
Tarlogic Security S.L.
Integrity Level:
HIGH
Description:
Acrylic Wi-Fi Professional Setup
Exit code:
0
Version:
2284"C:\Users\admin\AppData\Local\Temp\is-IB9P3.tmp\Setup.tmp" /SL5="$50182,8014445,265216,C:\Users\admin\AppData\Local\Temp\Rar$EXa1712.999\Acrylic WiFi Professional 3.0.5770.30583 + Crack {B4tman}\Setup.exe" /DIR="C:\Program Files\Acrylic Wi-Fi Professional" /ELEVATEC:\Users\admin\AppData\Local\Temp\is-IB9P3.tmp\Setup.tmp
Setup.exe
User:
admin
Integrity Level:
HIGH
Description:
Setup/Uninstall
Exit code:
0
Version:
51.1052.0.0
928"C:\Program Files\Acrylic Wi-Fi Professional\Acrylic.exe"C:\Program Files\Acrylic Wi-Fi Professional\Acrylic.exe
Setup.tmp
User:
admin
Company:
Tarlogic Security S.L.
Integrity Level:
HIGH
Description:
Acrylic Wi-Fi Professional
Version:
3.0
352C:\Windows\Explorer.EXEC:\Windows\explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
2064"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\admin\AppData\Local\Temp\od30s34j\od30s34j.cmdline"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeAcrylic.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Visual C# Command Line Compiler
Exit code:
0
Version:
4.7.3062.0 built by: NET472REL1
2180C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\admin\AppData\Local\Temp\RES7A3B.tmp" "c:\Users\admin\AppData\Local\Temp\od30s34j\CSC313947A0449347E2BB553053B9AEF765.TMP"C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.execsc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft® Resource File To COFF Object Conversion Utility
Exit code:
0
Version:
12.00.52519.0 built by: VSWINSERVICING
Total events
7 085
Read events
6 222
Write events
0
Delete events
0

Modification events

No data
Executable files
66
Suspicious files
6
Text files
67
Unknown types
8

Dropped files

PID
Process
Filename
Type
352explorer.exeC:\Users\admin\Desktop\Crack
MD5:
SHA256:
2284Setup.tmpC:\Program Files\Acrylic Wi-Fi Professional\is-Q041G.tmp
MD5:
SHA256:
2284Setup.tmpC:\Program Files\Acrylic Wi-Fi Professional\is-Q4M65.tmp
MD5:
SHA256:
2284Setup.tmpC:\Program Files\Acrylic Wi-Fi Professional\is-92L0L.tmp
MD5:
SHA256:
2284Setup.tmpC:\Program Files\Acrylic Wi-Fi Professional\Libs\is-M7BLE.tmp
MD5:
SHA256:
1712WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1712.583\Acrylic WiFi Professional 3.0.5770.30583 + Crack {B4tman}\Crack\Crack - Shortcut.lnklnk
MD5:4CA64417C07089D3BE63A26C1A73BA5E
SHA256:6EA32D58B2862C2D8BF444F41006C2F797928B8EA4295C175F55F253055FE53B
1712WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1712.999\Acrylic WiFi Professional 3.0.5770.30583 + Crack {B4tman}\Install Notes.txttext
MD5:40AE546196DDFB730E9D3090AF42CD5E
SHA256:35F0509197B3C9B716CB6447FB2BA2BD0AFB93F07DE94E22BE2ABDC65EFAE056
2284Setup.tmpC:\Program Files\Acrylic Wi-Fi Professional\Libs\is-L1JEL.tmp
MD5:
SHA256:
1712WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1712.999\Acrylic WiFi Professional 3.0.5770.30583 + Crack {B4tman}\Crack\Crack - Shortcut.lnklnk
MD5:4CA64417C07089D3BE63A26C1A73BA5E
SHA256:6EA32D58B2862C2D8BF444F41006C2F797928B8EA4295C175F55F253055FE53B
1712WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXa1712.999\Acrylic WiFi Professional 3.0.5770.30583 + Crack {B4tman}\Crack\Tarlogic.Common.dllexecutable
MD5:9FBA608B32E546CC88764D55F99EEE18
SHA256:65C55AF892871554FBC47BABBE9EE081F11DF70D2252F84EAAD63ADE02B6A01F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
2
TCP/UDP connections
7
DNS requests
6
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
928
Acrylic.exe
GET
200
2.16.186.82:80
http://aia.startssl.com/certs/ca.crt
unknown
der
1.95 Kb
whitelisted
928
Acrylic.exe
GET
200
13.107.4.50:80
http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
US
compressed
57.4 Kb
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
928
Acrylic.exe
13.107.4.50:80
www.download.windowsupdate.com
Microsoft Corporation
US
whitelisted
928
Acrylic.exe
172.217.21.232:443
www.googletagmanager.com
Google Inc.
US
whitelisted
928
Acrylic.exe
54.74.23.184:443
licensing.acrylicwifi.com
Amazon.com, Inc.
IE
unknown
928
Acrylic.exe
104.20.80.202:443
www.acrylicwifi.com
Cloudflare Inc
US
unknown
928
Acrylic.exe
104.31.67.129:443
www.owisam.org
Cloudflare Inc
US
unknown
928
Acrylic.exe
2.16.186.82:80
aia.startssl.com
Akamai International B.V.
whitelisted

DNS requests

Domain
IP
Reputation
aia.startssl.com
  • 2.16.186.82
  • 2.16.186.114
whitelisted
www.download.windowsupdate.com
  • 13.107.4.50
whitelisted
licensing.acrylicwifi.com
  • 54.74.23.184
unknown
www.acrylicwifi.com
  • 104.20.80.202
  • 104.20.79.202
unknown
www.owisam.org
  • 104.31.67.129
  • 104.31.66.129
unknown
www.googletagmanager.com
  • 172.217.21.232
whitelisted

Threats

No threats detected
No debug info