File name: | SwitchMouse_2016.zip |
Full analysis: | https://app.any.run/tasks/289abc7c-2d48-44dd-b2e8-e4dd63bc9943 |
Verdict: | Malicious activity |
Analysis date: | August 13, 2019, 16:24:20 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 38239D670945D0CFBDDC1784DDF4F3EF |
SHA1: | 424AFBD0554E525B0F03F00B79C11588D705E89D |
SHA256: | 1898A11142C4C124E4FBB1C70D674C4D9CC4A8EE48CB9ABDFEE816F8D5505F85 |
SSDEEP: | 98304:Sfi1UkEBa7RN/e5pRB+YYursw6ONPWQhM83D0GBn/6bOh44S:Pnfl9e5pRwYYursZenz0M/Jyp |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | SwitchMouse_2016/SM2016setup.exe |
---|---|
ZipUncompressedSize: | 5013886 |
ZipCompressedSize: | 4951437 |
ZipCRC: | 0xa8256bc1 |
ZipModifyDate: | 2016:07:25 10:58:15 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2740 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\SwitchMouse_2016.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2488 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2740.49871\SwitchMouse_2016\SM2016setup.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2740.49871\SwitchMouse_2016\SM2016setup.exe | — | WinRAR.exe |
User: admin Integrity Level: MEDIUM Description: Setup Application Exit code: 3221226540 Version: 8.2.1.0 | ||||
3424 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2740.49871\SwitchMouse_2016\SM2016setup.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2740.49871\SwitchMouse_2016\SM2016setup.exe | WinRAR.exe | |
User: admin Integrity Level: HIGH Description: Setup Application Exit code: 0 Version: 8.2.1.0 | ||||
3712 | "C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:662050 "__IRAFN:C:\Users\admin\AppData\Local\Temp\Rar$EXa2740.49871\SwitchMouse_2016\SM2016setup.exe" "__IRCT:1" "__IRTSS:0" "__IRSID:S-1-5-21-1302019708-1500728564-335382590-1000" | C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | SM2016setup.exe | |
User: admin Company: Indigo Rose Corporation Integrity Level: HIGH Description: Setup Application Exit code: 0 Version: 8.2.1.0 | ||||
3420 | "C:\Program Files\SwitchMouseSupportFiles\DRIVERINSTALL.exe" | C:\Program Files\SwitchMouseSupportFiles\DRIVERINSTALL.exe | irsetup.exe | |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
2224 | "C:\Program Files\Switch Mouse Driver\UsbGlcsSrv.exe" /install /silent | C:\Program Files\Switch Mouse Driver\UsbGlcsSrv.exe | — | irsetup.exe |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
2348 | "C:\Program Files\Switch Mouse Driver\UsbGlcsSrv.exe" /start | C:\Program Files\Switch Mouse Driver\UsbGlcsSrv.exe | — | irsetup.exe |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
3960 | "C:\Program Files\Switch Mouse Driver\UsbGlcsSrv.exe" | C:\Program Files\Switch Mouse Driver\UsbGlcsSrv.exe | — | services.exe |
User: SYSTEM Integrity Level: SYSTEM |
(PID) Process: | (2740) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (2740) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (2740) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (2740) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\SwitchMouse_2016.zip | |||
(PID) Process: | (2740) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (2740) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (2740) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (2740) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (2740) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
(PID) Process: | (2740) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3712 | irsetup.exe | C:\Users\admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.dat | — | |
MD5:— | SHA256:— | |||
3712 | irsetup.exe | C:\Program Files\SwitchMouseSupportFiles\Uninstall\uni2510.tmp | — | |
MD5:— | SHA256:— | |||
3712 | irsetup.exe | C:\Windows\Switch Mouse Driver Setup Log.txt | text | |
MD5:6DAFBC3D6F5E00EF05C44637AAAD47CC | SHA256:7CA37C492F0B8FBBB7CFD1ADB5E5D332AEE7775779B6FA8C20A900288C36E369 | |||
3712 | irsetup.exe | C:\Windows\Switch Mouse Driver\uninstall.exe | executable | |
MD5:3FE7C92DBA5C9240B4AB0D6A87E6166A | SHA256:A7818C1E0DAD1CBBA4D17809688887ADEEAFE940A3CB53A6AEABDFCD196F7258 | |||
3712 | irsetup.exe | C:\Program Files\SwitchMouseSupportFiles\DriverInstallFiles\SwitchMouseConfig.exe | executable | |
MD5:668ADB0111F04E5994FC9B72C9E42B0F | SHA256:2F9DA8A2ACA639A3556B681C01D4BC9EC89A6538440E496FC0AB2D7321668C7C | |||
3712 | irsetup.exe | C:\Program Files\SwitchMouseSupportFiles\Uninstall\uninstall.xml | xml | |
MD5:BF126A4C7BDE1CCD3F1680FCD11482C5 | SHA256:DBF592EE33F062F3523DDA84D05A355694B620DAFB140AB5BD6500D91ADD8F30 | |||
3712 | irsetup.exe | C:\Program Files\SwitchMouseSupportFiles\DriverInstallFiles\DRIVERX64\DIFxCmd.exe | executable | |
MD5:50E054487573E93D58692EF33C3AA9F2 | SHA256:B5F7D55DC5768F8A8FB82AC09A5D4DDD19088678A82F5015D60C1A667FDA9D54 | |||
3712 | irsetup.exe | C:\Program Files\SwitchMouseSupportFiles\DriverInstallFiles\DRIVERX64\devcon.exe | executable | |
MD5:163DD046B55D1EBACBFFB631875397F1 | SHA256:B2D703AB7263F80876AEBD8AB17D144A0631D8599CA3E3D9FAC26200045D958B | |||
3712 | irsetup.exe | C:\Program Files\SwitchMouseSupportFiles\DRIVERUNINSTALL.exe | executable | |
MD5:90E1A57E2AF5BCEF495830DDD79B9DE8 | SHA256:6ABBC43407F999A8CD4F7698A73E093243D2A4BEDB7CF7CB69D68786AC86AC5B | |||
3712 | irsetup.exe | C:\Program Files\SwitchMouseSupportFiles\Uninstall\uninstall.dat | binary | |
MD5:9096991587D8B3D7952383F74C76184C | SHA256:0640FE69D48EDF9D4B10A963D3D92135DCB5EBE6F793679F41436E2E5FC82311 |