File name: | Debug.zip |
Full analysis: | https://app.any.run/tasks/78efb858-98e2-4ee0-9e75-e101e590f7e4 |
Verdict: | Malicious activity |
Analysis date: | November 29, 2020, 11:43:32 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | BAAE1C69E0B10F25F8AD1C74F663DE8D |
SHA1: | 820CE12DF752C3C6BEF7F218B6F8FD691E3891D2 |
SHA256: | 0FB625F48B1210057074B4C2F299B22398070A84D99CD78FE6FA36EA02D44160 |
SSDEEP: | 98304:+b5Rnf2LXixMr6itVYDPEaxs9mIWJ/lHksQvS:+nJxMr6iED/QmnNlHXQvS |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | Deflated |
ZipModifyDate: | 2019:03:02 21:19:13 |
ZipCRC: | 0x3396496d |
ZipCompressedSize: | 27970 |
ZipUncompressedSize: | 68608 |
ZipFileName: | GameOverlay.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
956 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Debug.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3448 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2988 | "C:\Users\admin\Desktop\Spyder1.3.0.exe" | C:\Users\admin\Desktop\Spyder1.3.0.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Exit code: 0 Version: 1.1.32.00 |
PID | Process | Filename | Type | |
---|---|---|---|---|
956 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Debug\GameOverlay.dll | executable | |
MD5:0CBC714C910D27F3A2C2F7AA29D63129 | SHA256:6F47F4119B15B706F8627941E23D42BEFFED21BE5B9D2D1D403E0F317D1349C8 | |||
956 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Debug\Spyder1.3.0.exe | executable | |
MD5:65F2EF96961ACBEFCA09E4A95FC27D2C | SHA256:25A3E5A06765DF6912606670C8569A6BBB34DCC1F0B02459F3EAF1EF51638E76 | |||
956 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Debug\System.Numerics.Vectors.dll | executable | |
MD5:482D88247171630099D81400DC0A1AA7 | SHA256:A044D77EDB6E8DB4053BF67CC671E7687C226C1B9B0963A81EBE359CE79DFDF7 | |||
956 | WinRAR.exe | C:\Users\admin\Desktop\GameOverlay.dll | executable | |
MD5:0CBC714C910D27F3A2C2F7AA29D63129 | SHA256:6F47F4119B15B706F8627941E23D42BEFFED21BE5B9D2D1D403E0F317D1349C8 | |||
956 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Debug\spyder.dll | executable | |
MD5:D37DA4AF6A94771D51D995D8683AFED4 | SHA256:978459919E8C7879F76889A4237703E4A7E58F5AAA02B4E1135DD940E8879C70 | |||
956 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Debug\SharpDX.Direct2D1.dll | executable | |
MD5:B992DFABF27B4C32C57D5CC2960CD8E3 | SHA256:9F4B5E240CB42CE903082F81633BBA0C781C1E684FD5903BC3915E3805B5E83E | |||
956 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Debug\System.Runtime.CompilerServices.Unsafe.dll | executable | |
MD5:457118C8AB56D3E31C28EF97AF2BA81A | SHA256:9B97A0904DDA270A8021E6E90AA8B083D8C3AFD0165B85DF21C0A090B8A0985C | |||
956 | WinRAR.exe | C:\Users\admin\Desktop\Spyder1.3.0.exe | executable | |
MD5:65F2EF96961ACBEFCA09E4A95FC27D2C | SHA256:25A3E5A06765DF6912606670C8569A6BBB34DCC1F0B02459F3EAF1EF51638E76 | |||
956 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Debug\MetroFramework.Design.dll | executable | |
MD5:AB4C3529694FC8D2427434825F71B2B8 | SHA256:0A4A96082E25767E4697033649B16C76A652E120757A2CECAB8092AD0D716B65 | |||
956 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Debug\MetroFramework.Fonts.dll | executable | |
MD5:65EF4B23060128743CEF937A43B82AA3 | SHA256:C843869AACA5135C2D47296985F35C71CA8AF4431288D04D481C4E46CC93EE26 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2988 | Spyder1.3.0.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrJdiQ%2Ficg9B19asFe73bPYs%2BreAQUdXGnGUgZvJ2d6kFH35TESHeZ03kCEFslzmkHxCZVZtM5DJmpVK0%3D | US | der | 313 b | whitelisted |
2988 | Spyder1.3.0.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca4.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTOpjOEf6LG1z52jqAxwDlTxoaOCgQUQAlhZ%2FC8g3FP3hIILG%2FU1Ct2PZYCEQD5g7jF84adhvw3B5kCUueb | US | der | 280 b | whitelisted |
2988 | Spyder1.3.0.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEBblhnjgcJQ5S9%2FbTvymO98%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2988 | Spyder1.3.0.exe | 162.159.129.233:443 | cdn.discordapp.com | Cloudflare Inc | — | shared |
2988 | Spyder1.3.0.exe | 151.139.128.14:80 | ocsp.comodoca.com | Highwinds Network Group, Inc. | US | suspicious |
Domain | IP | Reputation |
---|---|---|
cdn.discordapp.com |
| shared |
ocsp.comodoca.com |
| whitelisted |
ocsp.comodoca4.com |
| whitelisted |