File name: | Desktop.rar |
Full analysis: | https://app.any.run/tasks/1be426c6-33ba-4ad4-9ce0-b7410e99e5c9 |
Verdict: | Malicious activity |
Analysis date: | January 18, 2019, 13:33:00 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | ED56EF81342380D616ADDBD11DEF972F |
SHA1: | BC85D7CC8C81BDCA9674022C35FEFC5810BF7B3E |
SHA256: | 102C6409B237288006F63F5EB2FD1B9FE785D219419FB231162DDDD9FC66D165 |
SSDEEP: | 98304:boAMMZBE7gOIWSq0P7RhWt/c/1lLMDgORgPmwqVZ8iRH9y12hb1OT:0k3jOIWSqoits3MUE6hdil9j1+ |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3096 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Desktop.rar" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2184 | "C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver "-an=C:\Users\admin\Desktop\radC8EB1.tmp.zip" -ad -- "C:\Users\admin\Desktop\Ancalog Exploit Builder AchillePower.rar.zip" C:\Users\admin\Desktop\ | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2700 | "C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Desktop\Ancalog Exploit Builder AchillePower.rar\Ancalog Exploit Builder AchillePower.rar" "C:\Users\admin\Desktop\Ancalog Exploit Builder AchillePower.rar\" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
968 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2640 | "C:\Users\admin\Desktop\Ancalog Exploit Builder AchillePower.rar\Ancalog Exploit Builder AchillePower\AncalogBuilder.exe" | C:\Users\admin\Desktop\Ancalog Exploit Builder AchillePower.rar\Ancalog Exploit Builder AchillePower\AncalogBuilder.exe | explorer.exe | |
User: admin Company: BreakingSecurity.net Integrity Level: MEDIUM Exit code: 0 Version: 1.01.0001 | ||||
3912 | "C:\Users\admin\AppData\Local\Temp\AncalogBuilder.exe" 0 | C:\Users\admin\AppData\Local\Temp\AncalogBuilder.exe | — | AncalogBuilder.exe |
User: admin Company: ancalog.tech Integrity Level: MEDIUM Description: Ancalog Multi Exploit Builder Exit code: 3221226540 Version: 1.0.0.0 | ||||
2628 | "C:\Users\admin\AppData\Local\Temp\AncalogBuilder.exe" 0 | C:\Users\admin\AppData\Local\Temp\AncalogBuilder.exe | AncalogBuilder.exe | |
User: admin Company: ancalog.tech Integrity Level: HIGH Description: Ancalog Multi Exploit Builder Version: 1.0.0.0 | ||||
2392 | "C:\Users\admin\AppData\Local\Temp\svchost.exe" 0 | C:\Users\admin\AppData\Local\Temp\svchost.exe | — | AncalogBuilder.exe |
User: admin Integrity Level: MEDIUM Description: Phulli Version: 1.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3096 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3096.40598\radC8EB1.tmp.zip | — | |
MD5:— | SHA256:— | |||
3096 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3096.40598\Ancalog Exploit Builder AchillePower.rar.zip | — | |
MD5:— | SHA256:— | |||
2700 | WinRAR.exe | C:\Users\admin\Desktop\Ancalog Exploit Builder AchillePower.rar\Ancalog Exploit Builder AchillePower\AncalogBuilder.exe | executable | |
MD5:4E611617301CADF48FD06B53365E552B | SHA256:8B6BBAD12F5DB9AD5755A54246C06078AB8EF6E8F1AA227B0F5015EC30A8C5B5 | |||
2700 | WinRAR.exe | C:\Users\admin\Desktop\Ancalog Exploit Builder AchillePower.rar\Ancalog Exploit Builder AchillePower\cap.bin | text | |
MD5:5E2B17017AED8BE1B212625D48825ABC | SHA256:6E9C4DEF2AA98928EA26437746521A84A697EFFCCA8E372BD85C9C07E5CD2A1B | |||
2700 | WinRAR.exe | C:\Users\admin\Desktop\Ancalog Exploit Builder AchillePower.rar\Ancalog Exploit Builder AchillePower\hhc.exe | executable | |
MD5:7A7935B7BDE566AC60B5EF995B9DAF83 | SHA256:3E96894609819AE3D595FF6E0FBE9CE6C9AC17BDEDA256B994831992F668CB99 | |||
2700 | WinRAR.exe | C:\Users\admin\Desktop\Ancalog Exploit Builder AchillePower.rar\Ancalog Exploit Builder AchillePower\doc.bin | binary | |
MD5:ABD49B3F19DAF992FB42FF1E7D88EA18 | SHA256:9A035A84892C1EA10129259E8A694ACD4BF58EFE3D8D84AFEE5409975A98E344 | |||
2700 | WinRAR.exe | C:\Users\admin\Desktop\Ancalog Exploit Builder AchillePower.rar\Ancalog Exploit Builder AchillePower\fl.dll | document | |
MD5:CBCD96D3065F9041189A47623B4E19E3 | SHA256:D940A58BA67C0AEB5F64C251BE9F06D717FAD435B4C31FB82A397EE03A70F278 | |||
2700 | WinRAR.exe | C:\Users\admin\Desktop\Ancalog Exploit Builder AchillePower.rar\Ancalog Exploit Builder AchillePower\info.txt | text | |
MD5:C5EA7DD54A818165A1037BD448E34486 | SHA256:7414487BE5C1A1158A97CBF9F9934FB7C2AEDFD4289498D483E579C507136A0C | |||
2700 | WinRAR.exe | C:\Users\admin\Desktop\Ancalog Exploit Builder AchillePower.rar\Ancalog Exploit Builder AchillePower\exp.dll | xml | |
MD5:A535A7FE2B64CACF4D84CCDCBB644A76 | SHA256:2656DD6689ABE758A9A4B72E7ADBA1A2CEBA9FEAA375700C794A9E7C8BC618E1 | |||
2184 | WinRAR.exe | C:\Users\admin\Desktop\radC8EB1.tmp\rad24126.tmp | executable | |
MD5:EEE6B8FFF025CAFAD98579657B7BCCD0 | SHA256:14E44C02A55DE7BA6BCE25648AE343104F90213F2F2D2C382E9C738DE151CD50 |