download: | loader.zip |
Full analysis: | https://app.any.run/tasks/c6749845-4a67-44aa-8c10-070d68649804 |
Verdict: | Malicious activity |
Analysis date: | July 18, 2019, 09:16:50 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 65CB72A3C2670D1944C84D46D5929969 |
SHA1: | 0AF292EB3AF41EF3B5E051EF09D03185B1359224 |
SHA256: | 154573E4BEA70F11BA39669931A413FAFC876CCB1559EF27369D4FEE68EC7264 |
SSDEEP: | 98304:sEbxZ0TFbheOUW1NP71Xolw69n6e/5F4rDfLijJvKVY56TMudN9QDXfTC4N5jyw6:sonSeOX3P7holw6dxF4Hf8h1KBcDXfFc |
.kmz | | | Google Earth saved working session (60) |
---|---|---|
.zip | | | ZIP compressed archive (40) |
ZipFileName: | core.dll |
---|---|
ZipUncompressedSize: | 2366976 |
ZipCompressedSize: | 2265630 |
ZipCRC: | 0xf7729651 |
ZipModifyDate: | 2019:07:16 19:32:21 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3488 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\loader.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2552 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
544 | "C:\Users\admin\Desktop\ynku_loader.exe" | C:\Users\admin\Desktop\ynku_loader.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Description: ynku Exit code: 3221225477 Version: 1.0.0.0 | ||||
3996 | C:\Windows\system32\WerFault.exe -u -p 544 -s 720 | C:\Windows\system32\WerFault.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Problem Reporting Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2852 | "C:\Users\admin\Desktop\ynku_loader.exe" | C:\Users\admin\Desktop\ynku_loader.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Description: ynku Exit code: 3221225477 Version: 1.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3488 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3488.44155\core.dll | — | |
MD5:— | SHA256:— | |||
3488 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3488.44155\Google.Authenticator.dll | — | |
MD5:— | SHA256:— | |||
3488 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3488.44155\insecure.txt | — | |
MD5:— | SHA256:— | |||
3488 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3488.44155\ynku_loader.exe | — | |
MD5:— | SHA256:— | |||
3996 | WerFault.exe | C:\Users\admin\AppData\Local\CrashDumps\ynku_loader.exe.544.dmp | — | |
MD5:— | SHA256:— | |||
3996 | WerFault.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_ynku_loader.exe_8f2f2caf19af9b16e86677b4e2e54b5b256875b4_0f926925\Report.wer | binary | |
MD5:C564E792380AFFFAA75140BC48D5CE12 | SHA256:AECAE6122E4467BF2F20A07FCC1C770FA5F3AC1958276B4DE59D5D0B3F65241F | |||
544 | ynku_loader.exe | C:\Users\admin\Desktop\d.dll | executable | |
MD5:9FA4244F9872E36FB191BAC93B95D683 | SHA256:9EB18CCF4579D1D76B24FBF6FC8821D6879D9A210E388002A0E71E09C2D66E1B | |||
2852 | ynku_loader.exe | C:\Users\admin\Desktop\d.dll | executable | |
MD5:9FA4244F9872E36FB191BAC93B95D683 | SHA256:9EB18CCF4579D1D76B24FBF6FC8821D6879D9A210E388002A0E71E09C2D66E1B |