File name: | a7994f9aa26ba3ea2efb963904671f7fe448df042b3341ec3502cbc7c5e67ed77ea0888b |
Full analysis: | https://app.any.run/tasks/61486891-37b6-41e0-adf3-e5a114ddfa40 |
Verdict: | Malicious activity |
Analysis date: | September 30, 2020, 10:59:29 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | A7994F9AA26BA3EA2EFB963904671F7F |
SHA1: | E448DF042B3341EC3502CBC7C5E67ED77EA0888B |
SHA256: | 0F01F469DC49ACE8969FA49E0B4E32FC55E0A359AAB3F360112967BEBF1A6D93 |
SSDEEP: | 12288:EnlkG1Lfgk6i4SDa2SsvJf+f25YQbEC5j/dbbLyE5:EnlkGpVa2X1EU95bdbSE5 |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2496 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\a7994f9aa26ba3ea2efb963904671f7fe448df042b3341ec3502cbc7c5e67ed77ea0888b.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3776 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2496.43506\我司已汇$23856 (Our remitted $ 23856).exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2496.43506\我司已汇$23856 (Our remitted $ 23856).exe | WinRAR.exe | |
User: admin Company: C.S.D Team Integrity Level: MEDIUM Description: Folder Protector Exit code: 3762507597 Version: 18.3.0.3 | ||||
2768 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2496.43840\我司已汇$23856 (Our remitted $ 23856).exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2496.43840\我司已汇$23856 (Our remitted $ 23856).exe | WinRAR.exe | |
User: admin Company: C.S.D Team Integrity Level: MEDIUM Description: Folder Protector Exit code: 3762507597 Version: 18.3.0.3 | ||||
2436 | "C:\Users\admin\Desktop\我司已汇$23856 (Our remitted $ 23856).exe" | C:\Users\admin\Desktop\我司已汇$23856 (Our remitted $ 23856).exe | explorer.exe | |
User: admin Company: C.S.D Team Integrity Level: MEDIUM Description: Folder Protector Version: 18.3.0.3 | ||||
3228 | "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\UfqJVSjbq" /XML "C:\Users\admin\AppData\Local\Temp\tmpD965.tmp" | C:\Windows\System32\schtasks.exe | — | 我司已汇$23856 (Our remitted $ 23856).exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2140 | dw20.exe -x -s 860 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe | — | 我司已汇$23856 (Our remitted $ 23856).exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft .NET Error Reporting Shim Exit code: 0 Version: 2.0.50727.4927 (NetFXspW7.050727-4900) | ||||
1244 | "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\UfqJVSjbq" /XML "C:\Users\admin\AppData\Local\Temp\tmpE309.tmp" | C:\Windows\System32\schtasks.exe | — | 我司已汇$23856 (Our remitted $ 23856).exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2928 | dw20.exe -x -s 856 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe | — | 我司已汇$23856 (Our remitted $ 23856).exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft .NET Error Reporting Shim Exit code: 0 Version: 2.0.50727.4927 (NetFXspW7.050727-4900) | ||||
1928 | "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\UfqJVSjbq" /XML "C:\Users\admin\AppData\Local\Temp\tmp629A.tmp" | C:\Windows\System32\schtasks.exe | — | 我司已汇$23856 (Our remitted $ 23856).exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2304 | dw20.exe -x -s 856 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe | — | 我司已汇$23856 (Our remitted $ 23856).exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft .NET Error Reporting Shim Version: 2.0.50727.4927 (NetFXspW7.050727-4900) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3776 | 我司已汇$23856 (Our remitted $ 23856).exe | C:\Users\admin\AppData\Local\Temp\tmpD965.tmp | — | |
MD5:— | SHA256:— | |||
2768 | 我司已汇$23856 (Our remitted $ 23856).exe | C:\Users\admin\AppData\Local\Temp\tmpE309.tmp | — | |
MD5:— | SHA256:— | |||
2436 | 我司已汇$23856 (Our remitted $ 23856).exe | C:\Users\admin\AppData\Local\Temp\tmp629A.tmp | xml | |
MD5:63B699549964D0FB1B258117E66EEBE7 | SHA256:6BE24CF0434279D8424EE3977A04E8E96E30AB5CC62E00F396FD622F228BBD03 | |||
2928 | dw20.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_LXWYYB2L4QXOP4KY_3ca99b877b602331fdc5fd9646ca1ce96b8bd261_0b6c3e29\Report.wer | binary | |
MD5:390FCBA1879292420EC70806519CA096 | SHA256:B09A19D73B7B9E094958020DD21C6126BD3162F3370F4B323F92EBD5B62BE942 | |||
2496 | WinRAR.exe | C:\Users\admin\Desktop\我司已汇$23856 (Our remitted $ 23856).exe | executable | |
MD5:FB8A81FAE852CC6B612279CB7B032EBC | SHA256:8715C56FFA7A44E7E01E022FBBE65A09CF11B18DE43910DFB731DB3E019E60E6 | |||
3776 | 我司已汇$23856 (Our remitted $ 23856).exe | C:\Users\admin\AppData\Roaming\UfqJVSjbq.exe | executable | |
MD5:FB8A81FAE852CC6B612279CB7B032EBC | SHA256:8715C56FFA7A44E7E01E022FBBE65A09CF11B18DE43910DFB731DB3E019E60E6 | |||
2140 | dw20.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_LXWYYB2L4QXOP4KY_3ca99b877b602331fdc5fd9646ca1ce96b8bd261_0840523e\Report.wer | binary | |
MD5:5D832C416E6D5903BBAE440A522B7B59 | SHA256:C2099459909AE2954C3F4BC3888B622F1FF69BED185209F6E22A9ADC8A0DCDF3 | |||
2496 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2496.43506\我司已汇$23856 (Our remitted $ 23856).exe | executable | |
MD5:FB8A81FAE852CC6B612279CB7B032EBC | SHA256:8715C56FFA7A44E7E01E022FBBE65A09CF11B18DE43910DFB731DB3E019E60E6 | |||
2496 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2496.43840\我司已汇$23856 (Our remitted $ 23856).exe | executable | |
MD5:FB8A81FAE852CC6B612279CB7B032EBC | SHA256:8715C56FFA7A44E7E01E022FBBE65A09CF11B18DE43910DFB731DB3E019E60E6 |