analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

GrimFlix_.sx.zip

Full analysis: https://app.any.run/tasks/55447045-0df6-464f-b2d3-e2fe06c50dcc
Verdict: Malicious activity
Analysis date: March 21, 2019, 22:32:53
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v1.0 to extract
MD5:

7F3074CAFAB6B6AE8469F6A511C1963A

SHA1:

B018C4532A6C2366FC73993A48AB245623AA5C4A

SHA256:

F9C6E46CA9AAB7C992B0745AF201DCEBA80FE42F84FDEA874BE5383271F82A66

SSDEEP:

12288:D6QCWGHHu3uWinj9P6NcXVDwAgaWtRbaFrZvlMpUa2C7FJo4nKikqD1nb5F:5xGHHSU9ec9wpDNALBLmJDnNBhj

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 3600)
      • GrimFlix.exe (PID: 2672)
    • Application was dropped or rewritten from another process

      • GrimFlix.exe (PID: 2672)
      • NetflixGCGen.exe (PID: 3536)
  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1508)
    • Reads Environment values

      • GrimFlix.exe (PID: 2672)
  • INFO

    • Application was crashed

      • GrimFlix.exe (PID: 2672)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: GrimFlix [Crack.sx]/
ZipUncompressedSize: -
ZipCompressedSize: -
ZipCRC: 0x00000000
ZipModifyDate: 2019:03:12 12:33:22
ZipCompression: None
ZipBitFlag: -
ZipRequiredVersion: 10
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
4
Malicious processes
1
Suspicious processes
2

Behavior graph

Click at the process to see the details
start winrar.exe searchprotocolhost.exe no specs grimflix.exe netflixgcgen.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1508"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\GrimFlix_.sx.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.60.0
3600"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Version:
7.00.7600.16385 (win7_rtm.090713-1255)
2672"C:\Users\admin\Desktop\GrimFlix [Crack.sx]\GrimFlix.exe" C:\Users\admin\Desktop\GrimFlix [Crack.sx]\GrimFlix.exe
explorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
GrimFlix
Version:
1.0.0.0
3536"C:\Users\admin\Desktop\GrimFlix [Crack.sx]\NetflixGCGen.exe" C:\Users\admin\Desktop\GrimFlix [Crack.sx]\NetflixGCGen.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Description:
NetflixGCGen
Exit code:
3221225786
Version:
1.0.0.0
Total events
838
Read events
806
Write events
0
Delete events
0

Modification events

No data
Executable files
5
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
1508WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1508.9803\GrimFlix [Crack.sx]\NetflixGCGen.exeexecutable
MD5:AA41DD2EF894272356193D8A7A5D7A82
SHA256:0E36DF03F3C292EB728EE80B951EEDD39105A8B38A5F88C06AC029DA3426C549
3536NetflixGCGen.exeC:\Users\admin\Desktop\GrimFlix [Crack.sx]\666 netflix_keys.txttext
MD5:B641D087D20DB06538226B6787E0F84C
SHA256:6B654396E7C672B71DC20FD093CE3326BACF6C2FECD3D8B7B27CCB404823282C
1508WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1508.9803\GrimFlix [Crack.sx]\GrimFlix.exeexecutable
MD5:6B38FA9DA0B4E7499DDEE2A79C923908
SHA256:86FD4791695208D8F91D7BAB41ED6A37CBB817ABA25A29502784F3AED209B31E
1508WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1508.9803\GrimFlix [Crack.sx]\Leaf.xNet.dllexecutable
MD5:5A3961C35995D5514C55A52DDF07BFE5
SHA256:2AE3F4BD9D5C3C516547518CEB46C03900EBF2F1E70C9C9F62F35B2AB97572FE
1508WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1508.9803\GrimFlix [Crack.sx]\Newtonsoft.Json.dllexecutable
MD5:D827DD8A8C4B2A2CFA23C7F90F3CCE95
SHA256:B66749B81E1489FCD8D754B2AD39EBE0DB681344E392A3F49DC9235643BDBD06
1508WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa1508.9803\GrimFlix [Crack.sx]\Colorful.Console.dllexecutable
MD5:5F3D2CFBC21591B8FEEF1EFA3E59A4D0
SHA256:F31D4FD7E729FC6CF4ECAB972B6B1EE897918A325B1CA572030966F831E768FB
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
1
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2672
GrimFlix.exe
104.20.209.21:443
pastebin.com
Cloudflare Inc
US
shared

DNS requests

Domain
IP
Reputation
pastebin.com
  • 104.20.209.21
shared

Threats

No threats detected
No debug info