File name: | Masaüstü.zip |
Full analysis: | https://app.any.run/tasks/f3fcd788-6a52-43ba-bfbd-d0783e4909a5 |
Verdict: | Malicious activity |
Analysis date: | October 05, 2022, 06:59:19 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 958FDD16B1E9C8AFF868BA8FF1F263B8 |
SHA1: | 20EDD3A8831818954B1280A2A8BABDA7BBC42C18 |
SHA256: | 0A5C2C19DC97377D811DFF9E8397DE7FE1CB3967103823A89CC928E0D4207B0D |
SSDEEP: | 98304:8MUGU7xNNiJdXz8o3X/kJMbSmFFOtOLplRPNnxg+:8MIXGdz8onoMbhFOKp/NR |
.zip | | | ZIP compressed archive (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1188 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Masaüstü.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | Explorer.EXE |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
1236 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa1188.33439\setup.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa1188.33439\setup.exe | — | WinRAR.exe |
User: admin Company: Zbshareware Lab Integrity Level: MEDIUM Description: USB Disk Security Setup Exit code: 0 Version: 6.0.0.126 | ||||
3400 | "C:\Users\admin\AppData\Local\Temp\is-V4BIA.tmp\setup.tmp" /SL5="$40184,4058717,147456,C:\Users\admin\AppData\Local\Temp\Rar$EXa1188.33439\setup.exe" | C:\Users\admin\AppData\Local\Temp\is-V4BIA.tmp\setup.tmp | — | setup.exe |
User: admin Integrity Level: MEDIUM Description: Setup/Uninstall Exit code: 0 Version: 51.1052.0.0 | ||||
3804 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa1188.33439\setup.exe" /SPAWNWND=$40168 /NOTIFYWND=$40184 | C:\Users\admin\AppData\Local\Temp\Rar$EXa1188.33439\setup.exe | setup.tmp | |
User: admin Company: Zbshareware Lab Integrity Level: HIGH Description: USB Disk Security Setup Exit code: 0 Version: 6.0.0.126 | ||||
2364 | "C:\Users\admin\AppData\Local\Temp\is-HH2MQ.tmp\setup.tmp" /SL5="$50164,4058717,147456,C:\Users\admin\AppData\Local\Temp\Rar$EXa1188.33439\setup.exe" /SPAWNWND=$40168 /NOTIFYWND=$40184 | C:\Users\admin\AppData\Local\Temp\is-HH2MQ.tmp\setup.tmp | setup.exe | |
User: admin Integrity Level: HIGH Description: Setup/Uninstall Exit code: 0 Version: 51.1052.0.0 | ||||
3616 | C:\Windows\system32\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09} | C:\Windows\system32\DllHost.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: COM Surrogate Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
500 | "C:\Program Files\USB Disk Security\USBGuard.exe" | C:\Program Files\USB Disk Security\USBGuard.exe | — | Explorer.EXE |
User: admin Company: Zbshareware Lab Integrity Level: MEDIUM Description: USB Disk Security Version: 6.0.0.126 | ||||
2548 | "C:\Program Files\USB Disk Security\USBGuardUpdate.exe" | C:\Program Files\USB Disk Security\USBGuardUpdate.exe | — | USBGuard.exe |
User: admin Company: Indigo Rose Corporation Integrity Level: MEDIUM Description: TrueUpdate Client Exit code: 3221226540 Version: 3.5.4.1 | ||||
2256 | "C:\Program Files\USB Disk Security\USBGuardUpdate.exe" | C:\Program Files\USB Disk Security\USBGuardUpdate.exe | USBGuard.exe | |
User: admin Company: Indigo Rose Corporation Integrity Level: HIGH Description: TrueUpdate Client Exit code: 12 Version: 3.5.4.1 | ||||
4068 | "C:\Program Files\USB Disk Security\usb_disk_security.ts3" "/TUCPS:USBGuardUpdate.exe" "/DATFILE:C:\Program Files\USB Disk Security\USBGuardUpdate.dat" /TURC | C:\Program Files\USB Disk Security\usb_disk_security.ts3 | — | USBGuardUpdate.exe |
User: admin Company: Indigo Rose Corporation Integrity Level: HIGH Description: TrueUpdate Client Exit code: 0 Version: 3.5.4.1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1188 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1188.33142\cr\USBGuard.exe | executable | |
MD5:0F484CEBC0E6724B157E644787B66B68 | SHA256:8A3945930F517B3E03FF8917C5D87DE970B57816DA0150935EF35E71DABD96D4 | |||
1188 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa1188.33439\cr\USBGuard.exe | executable | |
MD5:0F484CEBC0E6724B157E644787B66B68 | SHA256:8A3945930F517B3E03FF8917C5D87DE970B57816DA0150935EF35E71DABD96D4 | |||
2364 | setup.tmp | C:\Users\admin\AppData\Local\Temp\is-GTU01.tmp\_isetup\_shfoldr.dll | executable | |
MD5:92DC6EF532FBB4A5C3201469A5B5EB63 | SHA256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87 | |||
1188 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa1188.33439\setup.exe | executable | |
MD5:4A489A620A56AFE39811238592FECE8D | SHA256:970085CBD687C9518C8F885CE14B65F85A3F2D9FF9624482AC716A7731BFF2D4 | |||
2364 | setup.tmp | C:\Program Files\USB Disk Security\is-6A7L0.tmp | executable | |
MD5:B0323264705099F7F2A433B45E9D0F8F | SHA256:AE48F4CD1BC78DB899A4F69C694F0FAC52EED91372DB165B46C141E6A3DF7C6B | |||
2364 | setup.tmp | C:\Program Files\USB Disk Security\USBGuard.exe | executable | |
MD5:B0323264705099F7F2A433B45E9D0F8F | SHA256:AE48F4CD1BC78DB899A4F69C694F0FAC52EED91372DB165B46C141E6A3DF7C6B | |||
3804 | setup.exe | C:\Users\admin\AppData\Local\Temp\is-HH2MQ.tmp\setup.tmp | executable | |
MD5:417D7F059F4C679865C76370F713D5B4 | SHA256:FB406BFFD287CD20159902B1C6710F75FB60AD887AAF7C363564255B72A282DF | |||
1236 | setup.exe | C:\Users\admin\AppData\Local\Temp\is-V4BIA.tmp\setup.tmp | executable | |
MD5:417D7F059F4C679865C76370F713D5B4 | SHA256:FB406BFFD287CD20159902B1C6710F75FB60AD887AAF7C363564255B72A282DF | |||
2364 | setup.tmp | C:\Program Files\USB Disk Security\is-B5KU5.tmp | executable | |
MD5:0941314C042769C1B05038D7D2ACCBEC | SHA256:36C84E6BD6EEC2DC5231B81EA7688F1CE0D30FF8B1703AC938B5417455FC170B | |||
2364 | setup.tmp | C:\Program Files\USB Disk Security\unins000.exe | executable | |
MD5:0941314C042769C1B05038D7D2ACCBEC | SHA256:36C84E6BD6EEC2DC5231B81EA7688F1CE0D30FF8B1703AC938B5417455FC170B |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2256 | USBGuardUpdate.exe | GET | 200 | 50.116.10.192:80 | http://www.zbshareware.net/updatenew/update6/single/usb_disk_security.ts2 | US | compressed | 67.5 Kb | suspicious |
3848 | USBGuardUpdate.exe | GET | 200 | 50.116.10.192:80 | http://www.zbshareware.com/updatenew/update6/single/usb_disk_security.ts1 | US | binary | 6.41 Kb | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2256 | USBGuardUpdate.exe | 50.116.10.192:80 | www.zbshareware.net | Linode, LLC | US | suspicious |
3848 | USBGuardUpdate.exe | 50.116.10.192:80 | www.zbshareware.net | Linode, LLC | US | suspicious |
Domain | IP | Reputation |
---|---|---|
www.zbshareware.net |
| suspicious |
www.zbshareware.com |
| malicious |
PID | Process | Class | Message |
---|---|---|---|
2256 | USBGuardUpdate.exe | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |