File name: | 69460ECBBDBFD75E24D17F2EC9CEA018.zip |
Full analysis: | https://app.any.run/tasks/56b2cc37-609d-4d9d-a142-6fb2d8d7ebe1 |
Verdict: | Malicious activity |
Analysis date: | March 30, 2020, 15:44:04 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 28AEEC0ECE912604640B565B3516425D |
SHA1: | 80BF49485E4BDFFF9759A361A87585F89F1063D9 |
SHA256: | 010007346778C5FFAFF4B237B641011108717E2A50578C02E8E33DE08C3CB18A |
SSDEEP: | 12288:bm0K08wzy0GKH+GoMm49svP7AJEGtgMN132Wo7ES+vxx:brVzcw+c6vP7AZOZr+vxx |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | filedata |
---|---|
ZipUncompressedSize: | 672256 |
ZipCompressedSize: | 456438 |
ZipCRC: | 0x255178e7 |
ZipModifyDate: | 2020:03:27 09:48:04 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0002 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3612 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\69460ECBBDBFD75E24D17F2EC9CEA018.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3548 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
372 | C:\Windows\Explorer.EXE | C:\Windows\explorer.exe | — | — |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2976 | "C:\Windows\system32\cmd.exe" | C:\Windows\system32\cmd.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2684 | rundll32.exe filedata.dll | C:\Windows\system32\rundll32.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3404 | rundll32.exe filedata.dll, DLLRegisterServer | C:\Windows\system32\rundll32.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3560 | rundll32.exe filedata.dll, DllRegisterServer | C:\Windows\system32\rundll32.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
372 | explorer.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1b4dd67f29cb1962.automaticDestinations-ms | automaticdestinations-ms | |
MD5:81D6CE71FA74EAE1DBB6CAE81AFB0739 | SHA256:F737A9638BE8A5D09A7E5EF0827E80A7EB7AA00F81F1B4E6C8C784153F418099 | |||
3612 | WinRAR.exe | C:\Users\admin\Desktop\filedata | executable | |
MD5:69460ECBBDBFD75E24D17F2EC9CEA018 | SHA256:B9F64C2237F8A56DAA5F8E1E1A9A3A2D4EB3E1EB9CD25A23E3B6FE2DC4F8081D | |||
372 | explorer.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\69460ECBBDBFD75E24D17F2EC9CEA018.zip.lnk | lnk | |
MD5:E3A4E7FADDC9FB67A6DA578BDF9F5B40 | SHA256:7FB7872BAFF4D4F0D55B0DDE9C75300A22B4B7DBD5657A7E4B52E2030886EDDD | |||
372 | explorer.exe | C:\Users\admin\Desktop\filedata.dll | executable | |
MD5:69460ECBBDBFD75E24D17F2EC9CEA018 | SHA256:B9F64C2237F8A56DAA5F8E1E1A9A3A2D4EB3E1EB9CD25A23E3B6FE2DC4F8081D | |||
372 | explorer.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\290532160612e071.automaticDestinations-ms | automaticdestinations-ms | |
MD5:9E8454CFC772FC9DC5A2F5FE283C6A46 | SHA256:FF588223F9F52ECA889A025A399F283125D8D3DFDCBF9401E4C2DBF3D1595A39 |