download: | Paypal+Cracker.zip |
Full analysis: | https://app.any.run/tasks/a2d7e734-df29-469b-ada6-58622a762ee6 |
Verdict: | Malicious activity |
Threats: | njRAT is a remote access trojan. It is one of the most widely accessible RATs on the market that features an abundance of educational information. Interested attackers can even find tutorials on YouTube. This allows it to become one of the most popular RATs in the world. |
Analysis date: | August 13, 2019, 23:01:54 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 6671E4F58EEBFA0C29858BC57E76A69B |
SHA1: | 7D6171B20F780738D3FC41283A0244D111390455 |
SHA256: | FF5F86F71B7A29BAB8BE623E439ACEFF392EDC2AEDF8E4D36DD68CAAA691345F |
SSDEEP: | 24576:X0is+FJhjrqOcXdmJ59iyTxF2+DzNTVOJDbp:xnq+5LD2YVOVbp |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | Paypal Cracker.exe |
---|---|
ZipUncompressedSize: | 2396672 |
ZipCompressedSize: | 1235637 |
ZipCRC: | 0x188f2010 |
ZipModifyDate: | 2019:05:09 18:25:18 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2308 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Paypal+Cracker.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2812 | "C:\Users\admin\Desktop\Paypal Cracker.exe" | C:\Users\admin\Desktop\Paypal Cracker.exe | explorer.exe | |
User: admin Company: Microsoft Integrity Level: MEDIUM Description: Paypal Cracker By Z4M4N3 Version: ... | ||||
3680 | "C:\Users\admin\AppData\Local\Temp\Paypal Cracker.exe" | C:\Users\admin\AppData\Local\Temp\Paypal Cracker.exe | — | Paypal Cracker.exe |
User: admin Company: Microsoft Integrity Level: MEDIUM Description: Paypal Cracker By Z4M4N3 Exit code: 0 Version: 1.0.0.0 | ||||
3632 | "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe | Paypal Cracker.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft .NET Assembly Registration Utility Version: 2.0.50727.5420 (Win7SP1.050727-5400) | ||||
3408 | netsh firewall add allowedprogram "C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe" "RegAsm.exe" ENABLE | C:\Windows\system32\netsh.exe | — | RegAsm.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Network Command Shell Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
(PID) Process: | (2308) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (2308) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (2308) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (2308) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\Paypal+Cracker.zip | |||
(PID) Process: | (2308) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (2308) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (2308) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (2308) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (2308) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin |
Operation: | write | Name: | Placement |
Value: 2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000 | |||
(PID) Process: | (2308) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\General |
Operation: | write | Name: | LastFolder |
Value: C:\Users\admin\AppData\Local\Temp |
PID | Process | Filename | Type | |
---|---|---|---|---|
2308 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2308.33956\Paypal Cracker.exe | — | |
MD5:— | SHA256:— | |||
2812 | Paypal Cracker.exe | C:\Users\admin\AppData\Roaming\Windows Defender\relog.vbs | text | |
MD5:300A27CE23D51D750305EA4DC422F36C | SHA256:50F3AF2A9779C3B01385B0A3898B925340CF441367A61CCD29A7F34B73B663BC | |||
2812 | Paypal Cracker.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\relog.url | text | |
MD5:6675ED0EC57D6AE7C5DE6773E77A858F | SHA256:D9BB9DB5C6490587FA1BA14D43C18FE19AD28AA7C104CB0BB4ACD0F37896E1D1 | |||
2812 | Paypal Cracker.exe | C:\Users\admin\AppData\Local\Temp\Paypal Cracker.exe | executable | |
MD5:278C57693A1650C84867225C63FA5D1A | SHA256:87FEB6BAD4C90435AFC1651A4B62A1FD3273F20052B2B2D6DE70BDA574E1A9BA | |||
2812 | Paypal Cracker.exe | C:\Users\admin\AppData\Roaming\Windows Defender\Antimalware Service Executable | executable | |
MD5:4B53FF26E08AFA2622706B69360A8BF8 | SHA256:321577EE59B181B5D6B4A3132C13F3DB58AF66DFD0258ECE77989A5BF737A7CD |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3632 | RegAsm.exe | 172.111.154.46:5557 | noway74.ddns.net | AltusHost B.V. | GB | malicious |
Domain | IP | Reputation |
---|---|---|
noway74.ddns.net |
| malicious |
dns.msftncsi.com |
| shared |