File name: | о заказе пароль 11.rar |
Full analysis: | https://app.any.run/tasks/c7bfa294-4213-494f-8529-68876c9fed9a |
Verdict: | Malicious activity |
Analysis date: | June 19, 2019, 14:23:46 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, flags: EncryptedBlockHeader |
MD5: | 1257822B6D3813F981348D07536DE65B |
SHA1: | 57CBF15E45C5B649B6616519D1930E57E9B0B9CB |
SHA256: | 133C66B369A3A93F041D6D7FD5C651371CD425552B1E575B58B17A853EC050A6 |
SSDEEP: | 24:H4FNNHFeUvc+6JNJVzXg6+8XaIVkPnWltuLfFwm3v4kz70Kzg/uP4AWqiEDM5Arl:CNNlNvwM63qIGnWl4LdpzJw1AWqBD4+l |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3144 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\о заказе пароль 11.rar" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3240 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\Rar$DIb3144.27445\Подробности заказа.js" | C:\Windows\System32\WScript.exe | WinRAR.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
1028 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\Rar$DIb3144.27686\Подробности заказа.js" | C:\Windows\System32\WScript.exe | WinRAR.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3144 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIb3144.27445\Подробности заказа.js | text | |
MD5:CD81ADE22D721306D8C91484B15FD262 | SHA256:A8FB3CA7A313CD4EBBE6C8A72C81D804E9E055C3D6612E710EC806FF6804B3DC | |||
3144 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIb3144.27686\Подробности заказа.js | text | |
MD5:CD81ADE22D721306D8C91484B15FD262 | SHA256:A8FB3CA7A313CD4EBBE6C8A72C81D804E9E055C3D6612E710EC806FF6804B3DC | |||
3240 | WScript.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat | dat | |
MD5:D7A950FEFD60DBAA01DF2D85FEFB3862 | SHA256:75D0B1743F61B76A35B1FEDD32378837805DE58D79FA950CB6E8164BFA72073A |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3240 | WScript.exe | GET | 404 | 109.234.165.77:80 | http://mboavision.rodevdesign.com/.well-known/acme-challenge/1c.jpg | FR | html | 350 b | malicious |
1028 | WScript.exe | GET | 404 | 109.234.165.77:80 | http://mboavision.rodevdesign.com/.well-known/acme-challenge/1c.jpg | FR | html | 350 b | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3240 | WScript.exe | 109.234.165.77:80 | mboavision.rodevdesign.com | o2switch SARL | FR | suspicious |
3240 | WScript.exe | 62.173.145.104:443 | easyplay.io | JSC Internet-Cosmos | RU | malicious |
1028 | WScript.exe | 109.234.165.77:80 | mboavision.rodevdesign.com | o2switch SARL | FR | suspicious |
1028 | WScript.exe | 62.173.145.104:443 | easyplay.io | JSC Internet-Cosmos | RU | malicious |
Domain | IP | Reputation |
---|---|---|
easyplay.io |
| malicious |
mboavision.rodevdesign.com |
| malicious |