File name: | Debug.rar |
Full analysis: | https://app.any.run/tasks/00b6361c-11e1-49d8-842e-091385ab06fb |
Verdict: | Malicious activity |
Analysis date: | June 16, 2019, 11:04:30 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 210F829FFC9BD5B64908B24F4D1FBEA2 |
SHA1: | 84EF4A6A008B627FA901E50CC2BD482ACCEFF001 |
SHA256: | 1C378134A884D7487D07E6A3B34734B57FE1922573B7FC82D58843A4BC8C2CAC |
SSDEEP: | 3072:gnYjxwu/bdrWAlFcoYtGz90VY8pHWTTRpa:gY9F/vczox068WfW |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2900 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\Debug.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3480 | "C:\Windows\System32\fontview.exe" C:\Users\admin\AppData\Local\Temp\Rar$DIa2900.9882\Font.ttf | C:\Windows\System32\fontview.exe | — | WinRAR.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Font Viewer Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2720 | C:\Windows\system32\DllHost.exe /Processid:{642EF9D6-48A5-476B-919A-A507CFD02C0F} | C:\Windows\system32\DllHost.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: COM Surrogate Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1256 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2060 | "C:\Users\admin\Desktop\Batch Virus Maker.exe" | C:\Users\admin\Desktop\Batch Virus Maker.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Description: Batch Virus Maker Exit code: 0 Version: 1.0.0.0 | ||||
1116 | "C:\Users\admin\Desktop\Batch Virus Maker.exe" | C:\Users\admin\Desktop\Batch Virus Maker.exe | — | Batch Virus Maker.exe |
User: admin Integrity Level: MEDIUM Description: Batch Virus Maker Version: 1.0.0.0 | ||||
4060 | cmd /c ""C:\Users\admin\Desktop\System32.bat" " | C:\Windows\system32\cmd.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
252 | C:\Windows\Explorer.EXE | C:\Windows\explorer.exe | — | ctfmon.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
4024 | net user 326943054314172 /add | C:\Windows\system32\net.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Net Command Exit code: 2 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2276 | C:\Windows\system32\net1 user 326943054314172 /add | C:\Windows\system32\net1.exe | — | net.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Net Command Exit code: 2 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1116 | Batch Virus Maker.exe | C:\Users\admin\Desktop\System32.bat | text | |
MD5:260438E02B4F4ADA7613D1990B6657CA | SHA256:DEC55D349C78FAE23EF2A49F8AC29E4AF528744465561FFFF0AB5B626111FC71 | |||
2900 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2900.11621\Batch Virus Maker.exe | executable | |
MD5:BAE426E784ABE42B6B6CFCC92900D802 | SHA256:086FD3356323EB1815099006083F4BB46F042F7D2CDC97F2753F4D23BEB93759 | |||
252 | explorer.exe | C:\Users\admin\Desktop\Batch Virus Maker.exe | executable | |
MD5:BAE426E784ABE42B6B6CFCC92900D802 | SHA256:086FD3356323EB1815099006083F4BB46F042F7D2CDC97F2753F4D23BEB93759 | |||
2900 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa2900.9882\Font.ttf | ttf | |
MD5:9C3F8E8826B7813FAD3FF5BF79F2004E | SHA256:D37903FA7A7C76488186EF2678D394A65B241820C4B30A0E154DD010D8B7150A | |||
252 | explorer.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019061620190617\index.dat | dat | |
MD5:2DBEDC9BA48C1558EA5ABFF6EF101BFD | SHA256:D8FD57A66957D42484361905C13718312843293F910671F4D76F613CC926EC70 | |||
252 | explorer.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\Debug.rar.lnk | lnk | |
MD5:73E4BD91B7D4AAE0AF105E18B882B9E3 | SHA256:0C6F17DDE5BD9307305C8C0AB8A086A524BA651FBF7ADAFE7FA4549C0927CBF4 | |||
2720 | DllHost.exe | C:\Windows\Fonts\Font.ttf | ttf | |
MD5:9C3F8E8826B7813FAD3FF5BF79F2004E | SHA256:D37903FA7A7C76488186EF2678D394A65B241820C4B30A0E154DD010D8B7150A | |||
252 | explorer.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1b4dd67f29cb1962.automaticDestinations-ms | automaticdestinations-ms | |
MD5:8DA34FB306873FB4A9CD65C202BAFFEC | SHA256:6354A3BFAB0E2C5C2A2E7FB9678B90BEEFC391AE5CCFB493A3311643974F43FA | |||
252 | explorer.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\290532160612e071.automaticDestinations-ms | automaticdestinations-ms | |
MD5:8B1F58E49C9DCF6A71C49382C6961389 | SHA256:E592909284A1DFCC9DB2ED6B1C1D10A65D0AFF8FAD99AE4067488BD9D2A83E66 | |||
4060 | cmd.exe | C:\Users\admin\Desktop\28040.txt | text | |
MD5:5C0F8E357D7EC63D20366C0A01C97F8D | SHA256:F7D5E958185E67CEC391582095E780D9BCB406B5B1204A78D68D4C12EFCFE169 |