File name: | sample_126.zip |
Full analysis: | https://app.any.run/tasks/51986585-d825-46c9-adda-71085ae9965b |
Verdict: | Malicious activity |
Analysis date: | June 12, 2019, 11:20:04 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 4B5EDB3C9D6FD125C1641707489BE5A5 |
SHA1: | 3F3A61C82AFD2F1CA7CE6CABBC65511D8D829ED5 |
SHA256: | 0835382BA5F66511C4521D2670F462E6D41DA8F64AFF1E7C8BD4BC6DA2D7D1C0 |
SSDEEP: | 12288:+XhY+Iyrru/6lKZ77PWGM6C5UN25ApsIT8fCrdZdQgmSZ4LmGL7cXVhuPNzmu:uIyWUKN7HMH5il8AdZdBP4LmGL7Tcu |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | sample_126/ |
---|---|
ZipUncompressedSize: | - |
ZipCompressedSize: | - |
ZipCRC: | 0x00000000 |
ZipModifyDate: | 2018:05:01 18:48:23 |
ZipCompression: | None |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3612 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\sample_126.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2468 | "C:\Users\admin\Desktop\sample_126.exe" | C:\Users\admin\Desktop\sample_126.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
2244 | "C:\Users\admin\AppData\Roaming\cstart.exe" | C:\Users\admin\AppData\Roaming\cstart.exe | — | sample_126.exe |
User: admin Company: Microsoft Integrity Level: MEDIUM Exit code: 0 Version: 1.00 | ||||
1240 | C:\Users\admin\AppData\Roaming\cmin.exe -o http://coinobot.2:[email protected]:8332 -g no | C:\Users\admin\AppData\Roaming\cmin.exe | cstart.exe | |
User: admin Company: Ufasoft Integrity Level: MEDIUM Description: bitcoin-miner Version: 7.0.2239.0 | ||||
3236 | C:\Users\admin\AppData\Roaming\gmin.exe -o http://us.ozco.in:8332 -u coinobot.2 -p 1234 -T | C:\Users\admin\AppData\Roaming\gmin.exe | — | cstart.exe |
User: admin Integrity Level: MEDIUM Exit code: 3221225781 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3612 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3612.44175\sample_126\sample_126.exe | — | |
MD5:— | SHA256:— | |||
2468 | sample_126.exe | C:\Users\admin\AppData\Roaming\poclbm120327.cl | text | |
MD5:0470182A132F73E9FEAACAB82F8274FE | SHA256:55851C4FC6457F7D83E15202CB2E0A894B363B3F15F505AB72991ED83F639BC3 | |||
2468 | sample_126.exe | C:\Users\admin\AppData\Roaming\diakgcn120427.cl | text | |
MD5:961444A36167A43CBA15DC65587F31A9 | SHA256:D393CD16ABF3CE58533DF73A7155EE74F3E7DCDEEFB5CAF16426FBD67E0D1507 | |||
2468 | sample_126.exe | C:\Users\admin\AppData\Roaming\cstart.exe | executable | |
MD5:0BD5BD12AF0978C157BB5154FECD64C2 | SHA256:355CB6B5BDAA077F7F8FA6BB4BF978932EC9CD43D26D599BEC5DADCBA88378E1 | |||
2468 | sample_126.exe | C:\Users\admin\AppData\Roaming\phatk120223.cl | text | |
MD5:8B3C553D0FBA4474261DD07D1FE57EAB | SHA256:B170C5AEBB94156FA7D84F67D3003611039BED163DB00B95A94C5FB6ED4B8C1C | |||
2468 | sample_126.exe | C:\Users\admin\AppData\Roaming\libcurl-4.dll | executable | |
MD5:7FEF219621CD9717A1D7FCC537DC9FBE | SHA256:F23D2ABF2C96813054DF51212F74FABBBB2D707A6B477CB2CF1D52D316A26302 | |||
2468 | sample_126.exe | C:\Users\admin\AppData\Roaming\libusb-1.0.dll | executable | |
MD5:7F2523DEC5FA92C70F3AB13765D799FF | SHA256:7CEB91390AC581B78BE8A18A6EEBF7F9124A2460C4F9849EE4C75EC303412062 | |||
2468 | sample_126.exe | C:\Users\admin\AppData\Roaming\cmin.exe | executable | |
MD5:2B632FC62EE59E436EB468D53C00BEDD | SHA256:7D6068F72C77001B637B41E4E0E04C82A1D235A7247EFF5BF000DC35A5A9E313 | |||
2468 | sample_126.exe | C:\Users\admin\AppData\Roaming\pthreadGC2.dll | executable | |
MD5:8BC13C002F91CFF22A17F5A5191C1292 | SHA256:97C1A2CABFE69B987732A1502DAC6CCE9C6E31F6F7E9142FC4BC8D92077F2DA3 | |||
2468 | sample_126.exe | C:\Users\admin\AppData\Roaming\diablo120328.cl | text | |
MD5:8BA9AB1F34BA302D7770BBE2F81560DB | SHA256:5A133391C497C15B581DAD364D30784B7E0C5A9C98DC4859A8BAE14D6E7B1A15 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1240 | cmin.exe | 185.53.178.9:8332 | us.ozco.in | Team Internet AG | DE | malicious |
Domain | IP | Reputation |
---|---|---|
us.ozco.in |
| malicious |