File name: | Fedex.com Brute by Plyshka.zip |
Full analysis: | https://app.any.run/tasks/2c116153-4e02-47a2-abf1-d7225bbdce76 |
Verdict: | Malicious activity |
Analysis date: | September 19, 2019, 08:24:19 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 9F874EFC402D835BE7D29BCD2A7262C2 |
SHA1: | 2D61EA82BBC757AEF9968BF6BE9E8BF9DD14718D |
SHA256: | 0CBD55FAE3822CF80720C4CA65F6AE9CA9C05F50443B3B8F795DA962A8811748 |
SSDEEP: | 98304:n8yTBsUqZ784itxYu9h2hKwbI2oG/i4eqiE01Oms97:TGPS4i7b3yKK5i4epE0ls97 |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | Fedex.com Brute by Plyshka/ |
---|---|
ZipUncompressedSize: | - |
ZipCompressedSize: | - |
ZipCRC: | 0x00000000 |
ZipModifyDate: | 2019:09:19 11:23:25 |
ZipCompression: | None |
ZipBitFlag: | 0x0002 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3052 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Fedex.com Brute by Plyshka.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
1728 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
3096 | "C:\Users\admin\Desktop\Fedex.com Brute by Plyshka\Fedex.com Brute by Plyshka.exe" | C:\Users\admin\Desktop\Fedex.com Brute by Plyshka\Fedex.com Brute by Plyshka.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Version: 1.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3052 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3052.48854\Fedex.com Brute by Plyshka\10000.txt | binary | |
MD5:17386329C8ECC7C0FAB3B318C7A67BF3 | SHA256:31CAA6F1512FED254C4583D37662CF2268C2D5D022AD625E189E5E3FB14E6FFD | |||
3096 | Fedex.com Brute by Plyshka.exe | C:\Users\admin\Desktop\Fedex.com Brute by Plyshka\Rezult\Rezult(9.25.15 AM)\Remains Accounts.txt | text | |
MD5:B3DDE0065E2D8D7CA76C061081639EC3 | SHA256:EA7CF7E80C687909B888E9EF3B9E01140FBC747826A343AC2A2D5229177C981F | |||
3052 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3052.48854\Fedex.com Brute by Plyshka\Fedex.com Brute by Plyshka.exe | executable | |
MD5:C63A30854A88D6F1CF3F18795221C79E | SHA256:35765E370F93BC0750EA8E0EA024FAB21C35DA10FAFCACEBE50EC21050837010 | |||
3052 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3052.48854\Fedex.com Brute by Plyshka\p.txt | text | |
MD5:1AB58AC0D5FB38EF3120475CDC4D2C26 | SHA256:20D28E8394F0346AA7F30BAB45AA73AF69AE387435EC90E0240C9047D624B683 | |||
3052 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3052.48854\Fedex.com Brute by Plyshka\ssleay32.dll | executable | |
MD5:9B3921B65E656FCD9D27423F8283033C | SHA256:89DCCAC92BC457B9180C0389B824AACEBF4A934EE2F0B37F4A6E3865799ECC6A | |||
3052 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3052.48854\Fedex.com Brute by Plyshka\libeay32.dll | executable | |
MD5:ABEF7052E350DB0C7882CFED969066E1 | SHA256:5B4E6E7FF551A2A48F1BAB0AC27421930A6215A9F5E52E95297C8BA31484D1F5 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3096 | Fedex.com Brute by Plyshka.exe | 202.137.10.179:57338 | — | Linknet ASN | ID | suspicious |
3096 | Fedex.com Brute by Plyshka.exe | 193.117.138.126:46875 | — | Telstra Europe Ltd | GB | suspicious |
3096 | Fedex.com Brute by Plyshka.exe | 31.193.124.70:53281 | — | Elitel Ltd. | RU | unknown |
3096 | Fedex.com Brute by Plyshka.exe | 131.196.192.31:36213 | — | GUARANICARD S.A. | PY | unknown |
3096 | Fedex.com Brute by Plyshka.exe | 103.212.93.241:48818 | — | SOFT CALL CUST-O-CARE PRIVATE LIMITED | IN | unknown |
3096 | Fedex.com Brute by Plyshka.exe | 43.228.222.114:59804 | — | Gigantic Internet Services Pvt. Ltd. | IN | suspicious |
3096 | Fedex.com Brute by Plyshka.exe | 43.231.76.129:4145 | — | Gateway Online Access Limited | BD | suspicious |
3096 | Fedex.com Brute by Plyshka.exe | 103.86.192.238:4145 | — | SPEED LINK | BD | unknown |
3096 | Fedex.com Brute by Plyshka.exe | 144.76.163.25:29812 | — | Hetzner Online GmbH | DE | unknown |
3096 | Fedex.com Brute by Plyshka.exe | 187.102.16.70:51327 | — | Guanhaes Internet LTDA-ME | BR | suspicious |
PID | Process | Class | Message |
---|---|---|---|
3096 | Fedex.com Brute by Plyshka.exe | Generic Protocol Command Decode | SURICATA Applayer Detect protocol only one direction |
3096 | Fedex.com Brute by Plyshka.exe | Generic Protocol Command Decode | SURICATA Applayer Detect protocol only one direction |
3096 | Fedex.com Brute by Plyshka.exe | Generic Protocol Command Decode | SURICATA Applayer Detect protocol only one direction |
3096 | Fedex.com Brute by Plyshka.exe | Generic Protocol Command Decode | SURICATA Applayer Detect protocol only one direction |