File name: | babel 4.0 BY OWL.rar |
Full analysis: | https://app.any.run/tasks/c7030c42-3626-456b-b2fa-b464a0f0090c |
Verdict: | Malicious activity |
Analysis date: | May 21, 2022, 05:07:33 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 7B843011F7144203DA5EE763B5196B8B |
SHA1: | 9B5A350A751D35A9DCA1CE84710FC7D2B75B3713 |
SHA256: | 18E441F837E8EF19179ACE44349A3D248EC911FB77404DA2B039E88EC820FFA8 |
SSDEEP: | 49152:srYqKOvK5bc2shNQAXVKkcpdwphOexS5WzYbarAmdgdyAoMbo:srYlOyRc2iyAlKxpdTICDerpKAX2o |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2684 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\babel 4.0 BY OWL.rar" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
2732 | "C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\Rar$EXb2684.31592\babel_x86_4.0.0.0.msi" | C:\Windows\System32\msiexec.exe | WinRAR.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2300 | C:\Windows\system32\msiexec.exe /V | C:\Windows\system32\msiexec.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2664 | C:\Windows\system32\MsiExec.exe -Embedding A45F8C4EDCC98EC0B27DE1F1FCA52705 C | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3336 | C:\Windows\system32\vssvc.exe | C:\Windows\system32\vssvc.exe | — | services.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft® Volume Shadow Copy Service Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2692 | C:\Windows\system32\MsiExec.exe -Embedding 0EA4C7F4C0C238D09F3CDEC4F50F2986 | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3476 | C:\Windows\system32\MsiExec.exe -Embedding 49C124C67143273F5E55ADCED9B1E9B6 E Global\MSI0000 | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
1692 | "C:\Program Files\FileZilla FTP Client\filezilla.exe" | C:\Program Files\FileZilla FTP Client\filezilla.exe | — | Explorer.EXE |
User: admin Company: FileZilla Project Integrity Level: MEDIUM Description: FileZilla FTP Client Version: 3, 51, 0, 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2300 | msiexec.exe | C:\System Volume Information\SPP\metadata-2 | — | |
MD5:— | SHA256:— | |||
2300 | msiexec.exe | C:\System Volume Information\SPP\snapshot-2 | binary | |
MD5:5BEBDED3AD1BCC01F4AF18D5F994C03C | SHA256:398576F21C9808C060C6BAFAD66AACDA84E7F2745A1A5C79F3896A502C78E1B7 | |||
2300 | msiexec.exe | C:\System Volume Information\SPP\OnlineMetadataCache\{a244dd3d-07a2-40ba-b864-217996d3f009}_OnDiskSnapshotProp | binary | |
MD5:5BEBDED3AD1BCC01F4AF18D5F994C03C | SHA256:398576F21C9808C060C6BAFAD66AACDA84E7F2745A1A5C79F3896A502C78E1B7 | |||
2300 | msiexec.exe | C:\Windows\Installer\10e0ce.ipi | binary | |
MD5:516F3BF56C139A4827285261A30C807B | SHA256:ED1506E166916854537F3981CD7871ED91DEC541D09DC6F3BFD6C58375BAAA53 | |||
2300 | msiexec.exe | C:\Windows\Installer\10e0cd.msi | executable | |
MD5:31C4DF7E1828B1DDD9E4844974932C50 | SHA256:3C2A5970A483C50E58BF5FB669C6415A48D3782A5B2B996982ED9A823672CCEC | |||
2300 | msiexec.exe | C:\Windows\Installer\MSIE572.tmp | binary | |
MD5:446B6B061FC79FC29FF9C70D6EBF0322 | SHA256:55B1758686712C355983261DD3ED6EEA7B41DA17849BA5AAA19F3CF9CFDDDE1C | |||
2732 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\MSIBDF3.tmp | executable | |
MD5:DEF1669123BC5BD8E9A3A93E7F68B58C | SHA256:82BBA027D920FAC29385C1A6752F2337A3AE4B1944A29A72D2864017ABEAA8D9 | |||
2300 | msiexec.exe | C:\Windows\assembly\tmp\2M0DQZX3\Babel.Build.dll | executable | |
MD5:5DDC0699CA82F41E599092CE56578D05 | SHA256:56BB3C8B6F2097FE8FEC831C5AEE6DF3DB17D9D26FB2297748430E6087BAEEF8 | |||
2692 | MsiExec.exe | C:\Users\admin\AppData\Local\Temp\CFGE428.tmp | xml | |
MD5:17AF548F88A3199AA8A63A72201F470F | SHA256:A558DBE555749CD3BDD62060FDBBA72720C4F4A186D5870B977ED2ACF9721D9E | |||
2300 | msiexec.exe | C:\Program Files\Babel\babel.exe.config | xml | |
MD5:1AD01B32288C407CF1E29393FDC110D7 | SHA256:B9508A186376BA03A50699B9A95FAA11A41CF5B5D7683E67A7CC0AB81A283C55 |