File name: | 兵河五四3.6完美云库版加载佳佳2020新佳佳.7z |
Full analysis: | https://app.any.run/tasks/b5faac35-a070-474e-bb0d-1a314d92bb3b |
Verdict: | Malicious activity |
Analysis date: | July 13, 2020, 03:03:50 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-7z-compressed |
File info: | 7-zip archive data, version 0.4 |
MD5: | 870263341683079D9543C89DE487BF9D |
SHA1: | 53FFB3E7E842F404635F8BF9C8E3C53449C54B4E |
SHA256: | 18712B1C13A01D416B0EC035B27C1B2CDB8976AEC7BD7E781BB1474758C90A53 |
SSDEEP: | 393216:KOFB+Ewo+98IH6LQriV5LpVpCOVC9u1JA4Kgt:NH+i+FaYUL5COE9u1JSi |
.7z | | | 7-Zip compressed archive (v0.4) (57.1) |
---|---|---|
.7z | | | 7-Zip compressed archive (gen) (42.8) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2440 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\兵河五四3.6完美云库版加载佳佳2020新佳佳.7z" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3588 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
1236 | "C:\Users\admin\Desktop\兵河五四.exe" | C:\Users\admin\Desktop\兵河五四.exe | — | explorer.exe |
User: admin Company: CHINA Integrity Level: MEDIUM Description: Chinese Chess Gui Exit code: 3221226540 Version: 3.6.0.0 | ||||
272 | "C:\Users\admin\Desktop\兵河五四.exe" | C:\Users\admin\Desktop\兵河五四.exe | explorer.exe | |
User: admin Company: CHINA Integrity Level: HIGH Description: Chinese Chess Gui Version: 3.6.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2440 | WinRAR.exe | C:\Users\admin\Desktop\Piece\large\mm.png | image | |
MD5:43916530CFEDFEA33CCFACD034728C7F | SHA256:1D647DDFEDD097D1E5EA59FC8F755773BF6192D7344A4E9D9614270B7CACAD8A | |||
2440 | WinRAR.exe | C:\Users\admin\Desktop\account.db | sqlite | |
MD5:B041823AA89DF647C39443242537BE45 | SHA256:DE14E8EDDA6C3B9676879794A475C1CBD1DB124F5A3805C43CA62B82C08FA41E | |||
2440 | WinRAR.exe | C:\Users\admin\Desktop\Piece\large\rk.png | image | |
MD5:E068DF43FCEE08915A6D396672434BBB | SHA256:BEF663EFABB3620568F2702F1A739EE8FC6FB16658D2E461F678B89EFDED6B4E | |||
2440 | WinRAR.exe | C:\Users\admin\Desktop\Piece\large\bc.png | image | |
MD5:6ACE9F9702A31D9AD69F02A3657331B3 | SHA256:913A36E736CA9A66B4BEA1C63AD549363CD3D3C4041B2628E54DC0FA93527F51 | |||
2440 | WinRAR.exe | C:\Users\admin\Desktop\Piece\large\rb.png | image | |
MD5:EB8EF7FB97270460448F5A144EB80818 | SHA256:6EABF303459658A8FAC06D6FF2E8D4FE945B8F723FA042199CD738286ADEDCB6 | |||
2440 | WinRAR.exe | C:\Users\admin\Desktop\Piece\large\br.png | image | |
MD5:58A39724C53BB2592FB30F5FAD507467 | SHA256:40172EFA9BF65A8DD0400EA58E0F9C39B468008CFBD56B806C3717695460200E | |||
2440 | WinRAR.exe | C:\Users\admin\Desktop\connect.db | sqlite | |
MD5:965F09C1A6969790B329C49A2DFE11FB | SHA256:46E0380594A0BA671E7D4C30414F4CACCAFE40B1DDB840A1E31A4F7F7B8C896B | |||
2440 | WinRAR.exe | C:\Users\admin\Desktop\Piece\large\ba.png | image | |
MD5:F252EC45AEE1650A2448FB50027B4AE6 | SHA256:A8A3D096601F0B75269E4DAE3AC1322A59B94AF3317C75E268019F3AB898AB2B | |||
2440 | WinRAR.exe | C:\Users\admin\Desktop\Engines\009号引擎 全新架构\ggX64set2017.ini | text | |
MD5:376F784A25C85001D108F65DB6A97FC8 | SHA256:6784BA56639599252DC32A717B7EF006C98AC1962792BF21C9C816D9666BC24B | |||
2440 | WinRAR.exe | C:\Users\admin\Desktop\Piece\large\bn.png | image | |
MD5:D36F3103EDF29D074D1546BB576122AE | SHA256:393ECC9220840BC3ED68079C069BDCEBB45F649270294F628DD721B672A3C38C |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
272 | 兵河五四.exe | GET | 200 | 156.238.189.3:80 | http://www.chessdb.cn/chessdb.php?action=queryall&board=rnbakabnr/9/1c5c1/p1p1p1p1p/9/9/P1P1P1P1P/1C5C1/9/RNBAKABNR%20w&ban=&learn=1&egtbmetric=dtm | US | text | 2.37 Kb | unknown |
272 | 兵河五四.exe | GET | 200 | 156.238.189.3:80 | http://www.chessdb.cn/chessdb.php?action=query&board=rnbakabnr/9/1c5c1/p1p1p1p1p/9/9/P1P1P1P1P/1C5C1/9/RNBAKABNR%20w&ban=&learn=1&egtbmetric=dtm | US | text | 10 b | unknown |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
272 | 兵河五四.exe | 156.238.189.3:80 | www.chessdb.cn | MULTACOM CORPORATION | US | unknown |
Domain | IP | Reputation |
---|---|---|
www.chessdb.cn |
| unknown |