File name: | locker_x86.rar |
Full analysis: | https://app.any.run/tasks/f9bfcd79-2c14-402f-8e75-88a1c3300506 |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 06:19:48 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32 |
MD5: | DA7FEB66C95A1E6A97D58A0B296999C4 |
SHA1: | 7897B6025609E916CD38AD3E6453C9BD824D05F8 |
SHA256: | 1392CAAA6D82780AA8E771F2F8CCA8B33BF87EBBFA66FA65762F27C8360E43A7 |
SSDEEP: | 384:Lya2wNEbcAyBjMxGR6kWBsPhbHGAOXBPQIZrtahQ5QGOgM3:LBC/ypwGYBsJsBQEwdxgG |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
ArchivedFileName: | locker_x86.exe |
---|---|
PackingMethod: | Normal |
ModifyDate: | 2022:06:27 10:18:05 |
OperatingSystem: | Win32 |
UncompressedSize: | 44544 |
CompressedSize: | 17171 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2688 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\locker_x86.rar" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
1400 | "cmd.exe" /s /k pushd "C:\Users\admin\Desktop" | C:\Windows\system32\cmd.exe | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 3221225547 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3752 | locker_x86.exe dsds lock | C:\Users\admin\Desktop\locker_x86.exe | — | cmd.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
2676 | locker_x86.exe fabianwosar locker | C:\Users\admin\Desktop\locker_x86.exe | — | cmd.exe |
User: admin Integrity Level: MEDIUM Exit code: 3221225786 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2676 | locker_x86.exe | C:\Users\admin\Desktop\googleupon.png.locker | text | |
MD5:8398D65150CD549897D2AB3281845124 | SHA256:C6E1A13E28AC286F3E656B2CBBEB2192508C9F352F6D62ED3A9AE7F773EE1809 | |||
2676 | locker_x86.exe | C:\Users\admin\Desktop\securegift.rtf.locker | text | |
MD5:5BD79436B1D8C9AB44859F2F4FC652A8 | SHA256:731B26E58E132F980D5C56AD4EDDE41F52EE36C39EA549F77D912CEFD8BC6DC4 | |||
2676 | locker_x86.exe | C:\Users\admin\Desktop\wayscentral.png.locker | text | |
MD5:D65D98C65435B85CF85BB016D725D234 | SHA256:F972DB446BF20FD80FB355DA197AC35A3D95DA340E1078E44E9EE9136FE362D5 | |||
2676 | locker_x86.exe | C:\Users\admin\Desktop\cheapengineering.rtf.locker | text | |
MD5:2B881BC9BDE1897024BD8AD802CA459E | SHA256:D51BFD1D24A857E00E14C3570043A017B963FD2F22F4DB48F7649B18A18E1582 | |||
2676 | locker_x86.exe | C:\Users\admin\Desktop\locker_x86.rar.locker | text | |
MD5:BEDD60A528C127025EC15E0440BCD230 | SHA256:BD17EDFDA5780BDFBB42C0BBCBE978204F3AD7907F10B66E933BE75F69B26E6F | |||
2676 | locker_x86.exe | C:\Users\admin\Desktop\starsemail.rtf.locker | text | |
MD5:24AE12794C0D2B73BC9A27C1CF02930C | SHA256:989C2F91738850133AEB0DF710C687474C322DE5380039BA79970EA732CD71DF | |||
2676 | locker_x86.exe | C:\Users\admin\Desktop\locker_x86.exe.locker | text | |
MD5:195D451D61F2772C6EE6A4BCD3B927B8 | SHA256:06F369E25B4322F3BD7CA8228DA46F6F6F5CA63B624970B87F9E1BAD5B510798 | |||
2676 | locker_x86.exe | C:\Users\admin\Desktop\benefitwindows.jpg.locker | text | |
MD5:898E262A6323155B2E9B0522F573E2AE | SHA256:BBD375550494784BE300E05020CABDDF168D6DBC9D2F515809DA5527E803D03D | |||
2676 | locker_x86.exe | C:\Users\admin\Desktop\wednesdayinternational.rtf.locker | text | |
MD5:3697D78CA98B49AAD57803118F365879 | SHA256:2EADB76D7B15D2B205B59465AF3DB4D5AD2550EC8E89ED6BC47BF423C1A104C0 | |||
2676 | locker_x86.exe | C:\Users\admin\Desktop\networklaws.rtf.locker | text | |
MD5:C7B928243C8E8D0129BEB5EFC50DE2A4 | SHA256:1CDFB661B1FA3280FAA51AE61E86EADAE745F22D3B342CFCE60D9BF10258197E |