File name: | N-A.rar |
Full analysis: | https://app.any.run/tasks/01d45ae7-4e8e-487a-9c0e-9127813fe48e |
Verdict: | Malicious activity |
Analysis date: | May 20, 2019, 12:19:35 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, flags: EncryptedBlockHeader |
MD5: | 0885A4CB43BB866017E19BD3776D8F82 |
SHA1: | 7695B3374C69487BAF670DE76DC2BDFEEB85C362 |
SHA256: | 1B6C6433413E64657B7B13BF24D6D1B64895604D57C85C291DC39A0AF68E1648 |
SSDEEP: | 24:HUnDMX8laWnLt3m0K6Sk/D43zlp/LsxgjRNt7oL26z+le4o0O75ABBc74777:0D7l53m6SkMh5LsCj7oqs6kABBcK |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2816 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\N-A.rar" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2792 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\Rar$DIb2816.30352\АО Нордавиа — региональные авиалинии информация о заказе.js" | C:\Windows\System32\WScript.exe | WinRAR.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
2704 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\Desktop\АО Нордавиа — региональные авиалинии информация о заказе.js" | C:\Windows\System32\WScript.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2816 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb2816.33211\АО Нордавиа — региональные авиалинии информация о заказе.js | — | |
MD5:— | SHA256:— | |||
2792 | WScript.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat | dat | |
MD5:D7A950FEFD60DBAA01DF2D85FEFB3862 | SHA256:75D0B1743F61B76A35B1FEDD32378837805DE58D79FA950CB6E8164BFA72073A | |||
2816 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIb2816.30352\АО Нордавиа — региональные авиалинии информация о заказе.js | text | |
MD5:90506B39F897D808FAF922BC02919576 | SHA256:A97F89E38CA8EB7E2306D8D2EDBCCA08B84F73DD59C19A76819B925F5A6BCF3F |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2792 | WScript.exe | 82.100.197.110:443 | webalytics.de | MK Netzdienste GmbH & Co. KG | DE | unknown |
— | — | 82.100.197.110:443 | webalytics.de | MK Netzdienste GmbH & Co. KG | DE | unknown |
2792 | WScript.exe | 67.225.176.232:443 | paabay.com | Liquid Web, L.L.C | US | unknown |
2704 | WScript.exe | 82.100.197.110:443 | webalytics.de | MK Netzdienste GmbH & Co. KG | DE | unknown |
2704 | WScript.exe | 67.225.176.232:443 | paabay.com | Liquid Web, L.L.C | US | unknown |
Domain | IP | Reputation |
---|---|---|
webalytics.de |
| unknown |
paabay.com |
| unknown |