File name: | PRIORITY046.iso |
Full analysis: | https://app.any.run/tasks/01a5abb3-7e2c-4af7-93c5-085695d845b0 |
Verdict: | Malicious activity |
Analysis date: | January 17, 2020, 17:19:27 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/octet-stream |
File info: | data |
MD5: | 5335B07834F567776263E73E03204CBF |
SHA1: | 765422CA5BDC1E9FC2775F3A2A426DED3B41AFAC |
SHA256: | 1D6B545EECEE6917EB29A9B7BF6F840BA2BDEC584E318A875B3A8F410B0F6D6A |
SSDEEP: | 24576:+NcBtkZXds9dbjqUL6cIl/DmbxL6xpAqYYTBZsssOEa3+oxfGzVDGm:ZekxL6rUxGxa+9Zs+zuuKdG |
.atn | | | Photoshop Action (37.5) |
---|---|---|
.gmc | | | Game Music Creator Music (8.4) |
.abr | | | Adobe PhotoShop Brush (7.5) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1328 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\PRIORITY046.iso" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2968 | "C:\Users\admin\AppData\Local\Temp\Rar$DIa1328.11337\D780978.scr" /S | C:\Users\admin\AppData\Local\Temp\Rar$DIa1328.11337\D780978.scr | WinRAR.exe | |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
2612 | "C:\Users\admin\AppData\Local\Temp\Mvqic\Mvqixew.exe" | C:\Users\admin\AppData\Local\Temp\Mvqic\Mvqixew.exe | D780978.scr | |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
2492 | cmd /c ""C:\Users\Public\Runex.bat" " | C:\Windows\system32\cmd.exe | Mvqixew.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 216 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2388 | "C:\Windows\System32\TapiUnattend.exe" | C:\Windows\System32\TapiUnattend.exe | — | Mvqixew.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft® Windows(TM) Telephony Unattend Action Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1904 | "C:\Windows\System32\schtasks.exe" | C:\Windows\System32\schtasks.exe | — | Mvqixew.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
324 | "C:\Windows\System32\sxstrace.exe" | C:\Windows\System32\sxstrace.exe | — | Mvqixew.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Sxs Tracing Tool Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2140 | "C:\Windows\System32\svchost.exe" | C:\Windows\System32\svchost.exe | — | Mvqixew.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Host Process for Windows Services Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2612 | Mvqixew.exe | C:\Users\admin\AppData\Local\Mvqi\Mvqi | image | |
MD5:A28698D50C76DBAB0F7A681C65E26F23 | SHA256:D9568928C44C0AD1F9A3A535AB0788FE9579382F63650FF848FC371D45D929F0 | |||
2968 | D780978.scr | C:\Users\admin\AppData\Local\Temp\Mvqic\Mvqixew.exe | executable | |
MD5:A79A308F79AB48FD5D98A050BF90D660 | SHA256:B6B51BB65FB7B29115BBDA1AD2050FF0E0625AC0BF5DCF427ACF7B8F9C1A0048 | |||
1328 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\D780978.scr | executable | |
MD5:46AD4C027AA691EBABE4459C5603E88D | SHA256:5607D38DA8FA43703945F27D8069F5262172A9A75F2F620A5EB8714E72190344 | |||
2612 | Mvqixew.exe | C:\Users\admin\AppData\Local\Mvqi\Mvqioet.vbs | text | |
MD5:9EE39BF2EA9758A2BBD46B78C2EEABF7 | SHA256:04BB37529AD80771DB4ABD6DFDC195853FCB2D521855AD2C5CCEE360BDBC0625 | |||
2968 | D780978.scr | C:\Users\admin\AppData\Local\Temp\Mvqic\Mvqi | image | |
MD5:A28698D50C76DBAB0F7A681C65E26F23 | SHA256:D9568928C44C0AD1F9A3A535AB0788FE9579382F63650FF848FC371D45D929F0 | |||
1328 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa1328.11337\D780978.scr | executable | |
MD5:46AD4C027AA691EBABE4459C5603E88D | SHA256:5607D38DA8FA43703945F27D8069F5262172A9A75F2F620A5EB8714E72190344 | |||
2612 | Mvqixew.exe | C:\Users\admin\AppData\Local\Mvqi\Mvqi_setko.hta | html | |
MD5:8B3D84B21460B4B760B7D554EBAD7237 | SHA256:2FF90E88F2AEE2A61D37D88145153306891C0241902645A6EBF80FFBF1086A65 | |||
2612 | Mvqixew.exe | C:\Users\Public\Clean.bat | text | |
MD5:7610BE4B8ECB523913B600F088F23DE6 | SHA256:98ECA4F680E49E01FEF14FFEEF33E2F1A3BECB18E208F6E23E70B9F30BE66CDC | |||
2492 | cmd.exe | C:\Windows \System32\SSPICLI.dll | executable | |
MD5:F7AECE04E3B3EA028EFE24508A95F7C8 | SHA256:64C812B78B0085EB9D04B66E5872BDBACDC230B0C29A0BD13B71190F3E610DD0 | |||
2968 | D780978.scr | C:\Users\admin\AppData\Local\Temp\Mvqic.lnk | lnk | |
MD5:3F3CA4DE6F6093B00A1AA8F00E37223D | SHA256:9279EEFD1FEFFBE0AA99C4C2E6A5417AD15EFA2C809BC01F6C0159B3FA642FB9 |