File name: | NUDEGENv1.rar |
Full analysis: | https://app.any.run/tasks/93580d7f-1834-4e9c-8b84-31e7f09ae918 |
Verdict: | Malicious activity |
Analysis date: | December 06, 2022, 04:40:15 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 1E3A0C5C27C6595AC590971B95AE7F5C |
SHA1: | 9FC4643D44A1B335E52CB2A23A5BFC71B420C85F |
SHA256: | 1375C723651804E051CA27DDB576BE0290DF54B66478F65B1CD32AAED1CF0DC3 |
SSDEEP: | 49152:w0/p+QlXDCn8uMtkNj4pDkglodtgjuel3/I:XB+QlXw8Ej8Ogjuehg |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1580 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\NUDEGENv1.rar" | C:\Program Files\WinRAR\WinRAR.exe | — | Explorer.EXE |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
588 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa1580.11078\NUDEGENv1\generator.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa1580.11078\NUDEGENv1\generator.exe | — | WinRAR.exe |
User: admin Company: GitHub Integrity Level: MEDIUM Description: Update Exit code: 4294967295 Version: 1.1.1.0 | ||||
1984 | "C:\Users\admin\Desktop\generator.exe" | C:\Users\admin\Desktop\generator.exe | — | Explorer.EXE |
User: admin Company: GitHub Integrity Level: MEDIUM Description: Update Exit code: 4294967295 Version: 1.1.1.0 | ||||
3224 | "C:\Users\admin\Desktop\generator.exe" | C:\Users\admin\Desktop\generator.exe | Explorer.EXE | |
User: admin Company: GitHub Integrity Level: HIGH Description: Update Exit code: 4294967295 Version: 1.1.1.0 | ||||
3520 | "C:\Program Files\Notepad++\notepad++.exe" "C:\Users\admin\Desktop\generator.exe" | C:\Program Files\Notepad++\notepad++.exe | Explorer.EXE | |
User: admin Company: Don HO [email protected] Integrity Level: MEDIUM Description: Notepad++ : a free (GNU) source code editor Exit code: 0 Version: 7.91 |
(PID) Process: | (1580) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (1580) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (1580) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (1580) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
(PID) Process: | (1580) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
(PID) Process: | (1580) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\NUDEGENv1.rar | |||
(PID) Process: | (1580) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (1580) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (1580) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (1580) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1580 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa1580.11078\NUDEGENv1\gen.dll | executable | |
MD5:A7B3584918F9161116D28505A8D8329A | SHA256:A42EC801376FA03E5E1B5A230D9BB8046E4392996127BAB89B6D444F9B2FB6DC | |||
1580 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1580.14114\NUDEGENv1\gen.dll | executable | |
MD5:A7B3584918F9161116D28505A8D8329A | SHA256:A42EC801376FA03E5E1B5A230D9BB8046E4392996127BAB89B6D444F9B2FB6DC | |||
1580 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa1580.11078\NUDEGENv1\generator.exe | executable | |
MD5:9038C0B06DB6883E4507FDD2499CF173 | SHA256:89342D702E06329BB55204EBFE2686E92255DB3BD955F9D5E37FDAD571B2A37B | |||
1580 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1580.14114\NUDEGENv1\generator.exe | executable | |
MD5:9038C0B06DB6883E4507FDD2499CF173 | SHA256:89342D702E06329BB55204EBFE2686E92255DB3BD955F9D5E37FDAD571B2A37B | |||
3520 | notepad++.exe | C:\Users\admin\AppData\Roaming\Notepad++\session.xml | text | |
MD5:4E7894FCD1037D4007AFCC408611976F | SHA256:6533F4B3DD8C5B3903B3D3E8ADE2DA498EA6FE6B79E479B6E49FBD7C18DEED10 | |||
3520 | notepad++.exe | C:\Users\admin\AppData\Roaming\Notepad++\config.xml | xml | |
MD5:75DAF0C838CA0F9DAA89D4074A504E1B | SHA256:97901B6DEF410AA997B0E91A0FD0947EB3A26B7D5C83FD7228FDE04F981AC53C |
Process | Message |
---|---|
notepad++.exe | VerifyLibrary: C:\Program Files\Notepad++\SciLexer.dll
|
notepad++.exe | VerifyLibrary: certificate revocation checking is disabled
|
notepad++.exe | ED255D9151912E40DF048A56288E969A8D0DAFA3
|
notepad++.exe | VerifyLibrary: C:\Program Files\Notepad++\updater\gup.exe
|
notepad++.exe | VerifyLibrary: certificate revocation checking is disabled
|
notepad++.exe | ED255D9151912E40DF048A56288E969A8D0DAFA3
|
notepad++.exe | VerifyLibrary: C:\Program Files\Notepad++\plugins\Config\nppPluginList.dll
|
notepad++.exe | VerifyLibrary: certificate revocation checking is disabled
|
notepad++.exe | ED255D9151912E40DF048A56288E969A8D0DAFA3
|
notepad++.exe | VerifyLibrary: C:\Program Files\Notepad++\updater\gup.exe
|