File name: | LoL Hack & Cheat Map Hacks.zip |
Full analysis: | https://app.any.run/tasks/a914dc2b-1af1-421e-8b29-a56e34adc128 |
Verdict: | Malicious activity |
Threats: | Remote access trojans (RATs) are a type of malware that enables attackers to establish complete to partial control over infected computers. Such malicious programs often have a modular design, offering a wide range of functionalities for conducting illicit activities on compromised systems. Some of the most common features of RATs include access to the users’ data, webcam, and keystrokes. This malware is often distributed through phishing emails and links. |
Analysis date: | May 30, 2020, 16:43:37 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v1.0 to extract |
MD5: | 905EE80F7DECE73CE41303AE28FA57C2 |
SHA1: | 623135CBB9B84310FF71F858A23544BA410BAAF3 |
SHA256: | F784624F9315DB399E168F5D30D26321381426CD794321AE513179C5E1A9B3E2 |
SSDEEP: | 49152:C+SQRwTd5xSljq8ZcabNAo63/CVGC8dscUPu:C+SOEd3Sxq8Z5b83/gGrQu |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 10 |
---|---|
ZipBitFlag: | - |
ZipCompression: | None |
ZipModifyDate: | 2020:05:28 21:46:21 |
ZipCRC: | 0x00000000 |
ZipCompressedSize: | - |
ZipUncompressedSize: | - |
ZipFileName: | LoL Hack & Cheat Map Hacks/ |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
764 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\LoL Hack & Cheat Map Hacks.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3900 | "C:\Users\admin\Desktop\LoL Hack & Cheat Map Hacks\LoL Hack & Cheat Map Hacks.exe" | C:\Users\admin\Desktop\LoL Hack & Cheat Map Hacks\LoL Hack & Cheat Map Hacks.exe | explorer.exe | |
User: admin Company: The ICU Project Integrity Level: MEDIUM Description: ICU Data DLL Exit code: 0 Version: 53, 1, 0, 0 | ||||
1964 | C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503} | C:\Windows\system32\DllHost.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: COM Surrogate Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
884 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\LoL Hack & Cheat Map Hacks\READMY.txt | C:\Windows\system32\NOTEPAD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
788 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe | C:\Windows\Microsoft.NET\Framework\v4.0.30319\AddInProcess.exe | LoL Hack & Cheat Map Hacks.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: AddInProcess.exe Version: 4.7.3062.0 built by: NET472REL1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
764 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa764.37126\LoL Hack & Cheat Map Hacks\1.png | image | |
MD5:C1B1475114AA5015586A8C1C15729208 | SHA256:D10062FBADF2118527CD141A3F19A6C41253FB5D9830F6F2F9CBDF9BEE8AD0D1 | |||
764 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa764.37126\LoL Hack & Cheat Map Hacks\HackLoader.dll | binary | |
MD5:1AD3BCE06CF3686BE434DA960AE3AE77 | SHA256:C02FB93A05B0E18D0383BE41A9FFBDB39EE1F263E454E844575D586AAB2E7E1D | |||
764 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa764.37126\LoL Hack & Cheat Map Hacks\READMY.txt | text | |
MD5:EEDC3CEBCF78691286D76A2B8A426230 | SHA256:742C0AB27037B78AFE65296BDCB02C50293A9BC801578C7897B0A1C595910515 | |||
764 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa764.37126\LoL Hack & Cheat Map Hacks\LoL Hack & Cheat Map Hacks.exe | executable | |
MD5:D68F26C72EFD6060E466A352B737453C | SHA256:9686318E6EEB2859FA987194B429A9EA167BD075C905C525FD908409D36A0999 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
788 | AddInProcess.exe | POST | — | 81.177.136.230:80 | http://81.177.136.230/IRemotePanel | RU | — | — | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3900 | LoL Hack & Cheat Map Hacks.exe | 81.177.141.121:443 | wryx7t.uenothingrealy.ru | JSC RTComm.RU | RU | unknown |
788 | AddInProcess.exe | 81.177.136.230:80 | — | JSC RTComm.RU | RU | malicious |
Domain | IP | Reputation |
---|---|---|
wryx7t.uenothingrealy.ru |
| unknown |
PID | Process | Class | Message |
---|---|---|---|
788 | AddInProcess.exe | A Network Trojan was detected | SPYWARE [PTsecurity] RedLine |