File name: | order no UOIMM20190830.pdf.z |
Full analysis: | https://app.any.run/tasks/474e87e1-fb21-478f-a53c-f4e951150dc2 |
Verdict: | Malicious activity |
Threats: | Agent Tesla is spyware that collects information about the actions of its victims by recording keystrokes and user interactions. It is falsely marketed as a legitimate software on the dedicated website where this malware is sold. |
Analysis date: | October 09, 2019, 18:15:14 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32 |
MD5: | 489ED3838E316E3483BCF2E4152C7FA4 |
SHA1: | 551ABDF62D4FE310FE098F7E6A8A78921E3DFA21 |
SHA256: | 09745F677FDEBF9F23F710249449178BD7722B8D9B2D6344FEC4D120C27AEA40 |
SSDEEP: | 12288:fpbHoe1v1tvRaqOHeqPoaE/OUd/rPDNFXOhVn3TwCQRFH:fBoeNjRV/OGTPDNFe/3kR |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
ArchivedFileName: | order no UOIMM20190830.bat |
---|---|
PackingMethod: | Normal |
ModifyDate: | 2019:10:09 08:42:12 |
OperatingSystem: | Win32 |
UncompressedSize: | 868352 |
CompressedSize: | 524039 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2276 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\order no UOIMM20190830.pdf.z.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2920 | "C:\Users\admin\AppData\Local\Temp\Rar$DIa2276.44281\order no UOIMM20190830.bat" | C:\Users\admin\AppData\Local\Temp\Rar$DIa2276.44281\order no UOIMM20190830.bat | — | WinRAR.exe |
User: admin Company: apPLE Integrity Level: MEDIUM Description: COL Exit code: 0 Version: 1.00 | ||||
3864 | "C:\Users\admin\AppData\Local\Temp\Rar$DIa2276.44281\order no UOIMM20190830.bat" | C:\Users\admin\AppData\Local\Temp\Rar$DIa2276.44281\order no UOIMM20190830.bat | order no UOIMM20190830.bat | |
User: admin Company: apPLE Integrity Level: MEDIUM Description: COL Version: 1.00 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3864 | order no UOIMM20190830.bat | C:\Users\admin\AppData\Roaming\g3rhhin3.r4b\Chrome\Default\Cookies | — | |
MD5:— | SHA256:— | |||
3864 | order no UOIMM20190830.bat | C:\Users\admin\AppData\Roaming\g3rhhin3.r4b\Firefox\Profiles\qldyz51w.default\cookies.sqlite | — | |
MD5:— | SHA256:— | |||
2920 | order no UOIMM20190830.bat | C:\Users\admin\AppData\Local\Temp\~DFC1B9FFA080161F7D.TMP | binary | |
MD5:04C81CF9DCCD1492AA33CB7D3DC63B7C | SHA256:06408C99C1DD0DE7B03297291ECEDFF1666CAA889CF1425D06B125DD613197A5 | |||
3864 | order no UOIMM20190830.bat | C:\Users\admin\AppData\Roaming\g3rhhin3.r4b.zip | compressed | |
MD5:E617504378902AF64C6C667C3E1BD48F | SHA256:B28CA3C3ACE7D3F5D2DE65649DCA886A95DE07D408BF411C261E4DAA2B4F8D1C | |||
3864 | order no UOIMM20190830.bat | C:\Users\admin\AppData\Local\Temp\637062453593347500_cf07c1e4-9d8f-42b0-a711-a361983ed977.db | sqlite | |
MD5:0B3C43342CE2A99318AA0FE9E531C57B | SHA256:0CCB4915E00390685621DA3D75EBFD5EDADC94155A79C66415A7F4E9763D71B8 | |||
2276 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa2276.44281\order no UOIMM20190830.bat | executable | |
MD5:AFCD9F451FAE64120BFFF241590B838F | SHA256:84EAA33081729B86640ADA7CD6C8D01A5640FE2B67C7FA626504B2A1BDF13CEB | |||
3864 | order no UOIMM20190830.bat | C:\Users\admin\AppData\Local\VirtualStore\Windows\win.ini | text | |
MD5:D2A2412BDDBA16D60EC63BD9550D933F | SHA256:79FF2254E38192BE1626D05BEC6C82E10C85E1CF91DF7440C4C443380A1E877A | |||
2920 | order no UOIMM20190830.bat | C:\Users\admin\AppData\Local\VirtualStore\Windows\win.ini | text | |
MD5:D2A2412BDDBA16D60EC63BD9550D933F | SHA256:79FF2254E38192BE1626D05BEC6C82E10C85E1CF91DF7440C4C443380A1E877A |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3864 | order no UOIMM20190830.bat | 198.54.122.60:587 | mail.privateemail.com | Namecheap, Inc. | US | suspicious |
3864 | order no UOIMM20190830.bat | 18.214.132.216:80 | checkip.amazonaws.com | — | US | shared |
Domain | IP | Reputation |
---|---|---|
checkip.amazonaws.com |
| shared |
mail.privateemail.com |
| shared |
PID | Process | Class | Message |
---|---|---|---|
3864 | order no UOIMM20190830.bat | A Network Trojan was detected | MALWARE [PTsecurity] AgentTesla IP Check |