File name: | Client.rar |
Full analysis: | https://app.any.run/tasks/0b5401a8-bb48-40bc-9397-06e703d489c7 |
Verdict: | Malicious activity |
Analysis date: | May 30, 2020, 18:06:51 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | AA7C0E9AA3E362E147CD07C38C5F5943 |
SHA1: | 040ADC519712817809F7B481B543967BDE3F76EC |
SHA256: | 1A28DF1C563378C48907DF518ED8394EE93C1B0261BEDB11E7581C05128D4218 |
SSDEEP: | 384:lCi5FU9OqEXO3+eScxb5s+8namR6gBqvY0vDUkzG4xGFX:MwFU9V+GblSRivjvYkzG4xmX |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2904 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\Client.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2144 | "C:\Users\admin\Desktop\Client.exe" | C:\Users\admin\Desktop\Client.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
2364 | "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\AppData\Local\Temp\virus | C:\Windows\system32\rundll32.exe | — | Client.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2608 | "C:\Users\admin\Desktop\Client.exe" | C:\Users\admin\Desktop\Client.exe | explorer.exe | |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
2864 | "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\AppData\Local\Temp\virus | C:\Windows\system32\rundll32.exe | — | Client.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows host process (Rundll32) Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2608 | Client.exe | C:\Tools.exe | executable | |
MD5:A90CB83FB4EDBF0161A9294B67BA76C2 | SHA256:A5AF4A4858845386852F82DA23C695BBFE9342147AC5939A641E2300062A63C1 | |||
2608 | Client.exe | C:\Users\admin\AppData\Local\Temp\virus | executable | |
MD5:A90CB83FB4EDBF0161A9294B67BA76C2 | SHA256:A5AF4A4858845386852F82DA23C695BBFE9342147AC5939A641E2300062A63C1 | |||
2904 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb2904.36734\Client.exe | executable | |
MD5:A90CB83FB4EDBF0161A9294B67BA76C2 | SHA256:A5AF4A4858845386852F82DA23C695BBFE9342147AC5939A641E2300062A63C1 | |||
2144 | Client.exe | C:\Users\admin\AppData\Local\Temp\virus | executable | |
MD5:A90CB83FB4EDBF0161A9294B67BA76C2 | SHA256:A5AF4A4858845386852F82DA23C695BBFE9342147AC5939A641E2300062A63C1 |