File name: | FACtU653728075438FHGFJDHGOGIF.zip |
Full analysis: | https://app.any.run/tasks/515387d7-0e86-422a-8da8-bac309c30dd7 |
Verdict: | Malicious activity |
Analysis date: | September 30, 2020, 06:39:15 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 7B2FC89B3F6DB29B8F6900F9A5CEFDFB |
SHA1: | E6E783C9B67C1C1637B97CC2196D99C811F83693 |
SHA256: | 1F0873BC6A084C59538433F3BDD9D067C25F69E2B82AB3369EA92BF5F5434603 |
SSDEEP: | 24576:Oi1pME2vq9GUAGNfJfKCy/xoFAouYPq406scFPwX7ExQ9e/CrsaHVk5:+E2vqlAmJcxmoYPq40tCtKrlo |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | FACtU653728075438FHGFJDHGOGIF/0/ |
---|---|
ZipUncompressedSize: | - |
ZipCompressedSize: | - |
ZipCRC: | 0x00000000 |
ZipModifyDate: | 2020:09:23 01:55:01 |
ZipCompression: | None |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2116 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\FACtU653728075438FHGFJDHGOGIF.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
1712 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2116.32191\FACtU653728075438FHGFJDHGOGIF\0\ChromeSetup.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2116.32191\FACtU653728075438FHGFJDHGOGIF\0\ChromeSetup.exe | WinRAR.exe | |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Update Setup Version: 1.3.35.452 | ||||
308 | C:\Users\admin\AppData\Local\Temp\GUMD7.tmp\GoogleUpdate.exe /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={E3F64318-E7BD-80EB-6FC7-D053B4A556A2}&lang=pt-PT&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&brand=CHBF&installdataindex=empty" | C:\Users\admin\AppData\Local\Temp\GUMD7.tmp\GoogleUpdate.exe | — | ChromeSetup.exe |
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Installer Version: 1.3.35.451 | ||||
2552 | "C:\Users\admin\AppData\Local\Temp\GUMD7.tmp\GoogleUpdateSetup.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={E3F64318-E7BD-80EB-6FC7-D053B4A556A2}&lang=pt-PT&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&brand=CHBF&installdataindex=empty" /installelevated /nomitag | C:\Users\admin\AppData\Local\Temp\GUMD7.tmp\GoogleUpdateSetup.exe | GoogleUpdate.exe | |
User: admin Company: Google LLC Integrity Level: HIGH Description: Google Update Setup Version: 1.3.35.452 | ||||
2924 | "C:\Program Files\Google\Temp\GUM740.tmp\GoogleUpdate.exe" /installsource taggedmi /install "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={E3F64318-E7BD-80EB-6FC7-D053B4A556A2}&lang=pt-PT&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&brand=CHBF&installdataindex=empty" /installelevated | C:\Program Files\Google\Temp\GUM740.tmp\GoogleUpdate.exe | GoogleUpdateSetup.exe | |
User: admin Company: Google LLC Integrity Level: HIGH Description: Google Installer Version: 1.3.35.451 | ||||
3776 | "C:\Program Files\Google\Update\GoogleUpdate.exe" /regsvc | C:\Program Files\Google\Update\GoogleUpdate.exe | — | GoogleUpdate.exe |
User: admin Company: Google Inc. Integrity Level: HIGH Description: Google Installer Exit code: 0 Version: 1.3.33.23 | ||||
2644 | "C:\Program Files\Google\Update\GoogleUpdate.exe" /regserver | C:\Program Files\Google\Update\GoogleUpdate.exe | — | GoogleUpdate.exe |
User: admin Company: Google Inc. Integrity Level: HIGH Description: Google Installer Exit code: 0 Version: 1.3.33.23 | ||||
3252 | "C:\Program Files\Google\Update\GoogleUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4zNS40NTIiIHNoZWxsX3ZlcnNpb249IjEuMy4zMy4yMyIgaXNtYWNoaW5lPSIxIiBzZXNzaW9uaWQ9IntCMTY1ODA0Qy0zM0UyLTQ0NTktODg5OC0yMkFDNkI1NjRCRTF9IiB1c2VyaWQ9IntBOTREMTdBMC01QTRELTQwQTAtQjY0Ni0yMzQ1REFCRjg4ODl9IiBpbnN0YWxsc291cmNlPSJ0YWdnZWRtaSIgcmVxdWVzdGlkPSJ7ODI4NzEzRkEtODkwRS00Q0E4LUJFNEEtNDkyMzlDRTJDMEZFfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBwaHlzbWVtb3J5PSIzIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSI2LjEuNzYwMS4wIiBzcD0iU2VydmljZSBQYWNrIDEiIGFyY2g9Ing4NiIvPjxhcHAgYXBwaWQ9Ins0MzBGRDREMC1CNzI5LTRGNjEtQUEzNC05MTUyNjQ4MTc5OUR9IiB2ZXJzaW9uPSIxLjMuMzQuMTEiIG5leHR2ZXJzaW9uPSIxLjMuMzUuNDUyIiBsYW5nPSJwdC1QVCIgYnJhbmQ9IkNIQkYiIGNsaWVudD0iIiBpaWQ9IntFM0Y2NDMxOC1FN0JELTgwRUItNkZDNy1EMDUzQjRBNTU2QTJ9Ij48ZXZlbnQgZXZlbnR0eXBlPSIyIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBpbnN0YWxsX3RpbWVfbXM9IjE1NDciLz48L2FwcD48L3JlcXVlc3Q- | C:\Program Files\Google\Update\GoogleUpdate.exe | GoogleUpdate.exe | |
User: admin Company: Google Inc. Integrity Level: HIGH Description: Google Installer Exit code: 0 Version: 1.3.33.23 | ||||
3520 | "C:\Program Files\Google\Update\GoogleUpdate.exe" /handoff "appguid={8A69D345-D564-463C-AFF1-A69D9E530F96}&iid={E3F64318-E7BD-80EB-6FC7-D053B4A556A2}&lang=pt-PT&browser=4&usagestats=1&appname=Google%20Chrome&needsadmin=prefers&ap=x64-stable-statsdef_1&brand=CHBF&installdataindex=empty" /installsource taggedmi /sessionid "{B165804C-33E2-4459-8898-22AC6B564BE1}" | C:\Program Files\Google\Update\GoogleUpdate.exe | — | GoogleUpdate.exe |
User: admin Company: Google Inc. Integrity Level: HIGH Description: Google Installer Version: 1.3.33.23 | ||||
1916 | "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc | C:\Program Files\Google\Update\GoogleUpdate.exe | services.exe | |
User: SYSTEM Company: Google Inc. Integrity Level: SYSTEM Description: Google Installer Version: 1.3.33.23 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2116 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2116.32191\FACtU653728075438FHGFJDHGOGIF\0\ChromeSetup.exe | executable | |
MD5:4A4F503346B49C963574DBC662C58648 | SHA256:EC3CC3E9E74F6FF9F7A6124C9B378D750E635C8A044251403141F9608E7FC77D | |||
2116 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2116.32191\FACtU653728075438FHGFJDHGOGIF\FacT89HJKFVVBVKSFN GDHGRUIYHEWGH765HG.msi | executable | |
MD5:6194A9218E877132C0A0EEFC7F16CDF6 | SHA256:E0A41DECC8C1C4A1F434C28D1914E947865C1771B32B6062F93D9A2543BA7898 | |||
1712 | ChromeSetup.exe | C:\Users\admin\AppData\Local\Temp\GUMD7.tmp\psmachine.dll | executable | |
MD5:146A84692C2B149D170359DD716B0AF0 | SHA256:4ABA9A08E281DD328A4094D5EDC4C1F672391BA049A3C9DC682B283CE83D006F | |||
1712 | ChromeSetup.exe | C:\Users\admin\AppData\Local\Temp\GUMD7.tmp\GoogleUpdateHelper.msi | executable | |
MD5:1766B021B0BAB4F82259974154C5A920 | SHA256:4016DFF47234FF9031B634C5EC931783402EA3F7E40CBDA8CC9637EB947CC6C7 | |||
1712 | ChromeSetup.exe | C:\Users\admin\AppData\Local\Temp\GUMD7.tmp\GoogleCrashHandler.exe | executable | |
MD5:74CDA8051136B80DC3AE4BF86623003C | SHA256:3C05CAF977003005770BCA7CD4C4586A3C2C2B749A5BB8659AF50B8637F5AC5E | |||
1712 | ChromeSetup.exe | C:\Users\admin\AppData\Local\Temp\GUMD7.tmp\goopdate.dll | executable | |
MD5:423A3E9172B85D03B338067A14E23A00 | SHA256:DEA45DD3A35A5D92EFA2726B52B0275121DCEAFDC7717A406F4CD294B10CD67E | |||
1712 | ChromeSetup.exe | C:\Users\admin\AppData\Local\Temp\GUMD7.tmp\psuser_64.dll | executable | |
MD5:DB303F26CB67F67361AEF8B5C79073FC | SHA256:B505EA6D42352E5C27501A33CC1CA3361875F6DBF2DB78F80DF277B170E49F6B | |||
1712 | ChromeSetup.exe | C:\Users\admin\AppData\Local\Temp\GUMD7.tmp\GoogleUpdateComRegisterShell64.exe | executable | |
MD5:F7935A70CA9C8596BF8E8D467410A980 | SHA256:CF8030CA9AD7129D986DE4ADE755CF74225E18C7AC869786ED7F2EDC0AFC811D | |||
1712 | ChromeSetup.exe | C:\Users\admin\AppData\Local\Temp\GUMD7.tmp\goopdateres_ar.dll | executable | |
MD5:0C954138251C4C4D888DE59C7B69E8D4 | SHA256:51745206A0143C28741C96FD40F276997F0B39F9659A9E68BA49EA7B54A22F02 | |||
1712 | ChromeSetup.exe | C:\Users\admin\AppData\Local\Temp\GUMD7.tmp\GoogleCrashHandler64.exe | executable | |
MD5:C92C82D8EF9689330621CA9D79D59ACC | SHA256:7DD0D47A68655D37D6F5567FDEDAF200AA60F341480FA2546A412139AB757970 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
— | — | HEAD | 302 | 216.58.207.78:80 | http://redirector.gvt1.com/edgedl/release2/chrome/ALgibAjT0Zy8wIzHqPUFTQ0_85.0.4183.121/85.0.4183.121_chrome_installer.exe | US | — | — | whitelisted |
— | — | GET | — | 159.148.69.141:80 | http://r2---sn-a5uoxu-gpme.gvt1.com/edgedl/release2/chrome/ALgibAjT0Zy8wIzHqPUFTQ0_85.0.4183.121/85.0.4183.121_chrome_installer.exe?cms_redirect=yes&mh=Gz&mip=80.233.134.134&mm=28&mn=sn-a5uoxu-gpme&ms=nvh&mt=1601447893&mv=m&mvi=2&pl=24&shardbypass=yes | LV | — | — | whitelisted |
— | — | HEAD | 200 | 159.148.69.141:80 | http://r2---sn-a5uoxu-gpme.gvt1.com/edgedl/release2/chrome/ALgibAjT0Zy8wIzHqPUFTQ0_85.0.4183.121/85.0.4183.121_chrome_installer.exe?cms_redirect=yes&mh=Gz&mip=80.233.134.134&mm=28&mn=sn-a5uoxu-gpme&ms=nvh&mt=1601447893&mv=m&mvi=2&pl=24&shardbypass=yes | LV | — | — | whitelisted |
2884 | WScript.exe | POST | — | 165.22.67.118:80 | http://165.22.67.118/nj42.php | US | — | — | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1916 | GoogleUpdate.exe | 216.58.206.3:443 | update.googleapis.com | Google Inc. | US | whitelisted |
— | — | 159.148.69.141:80 | r2---sn-a5uoxu-gpme.gvt1.com | LATNET SERVISS Ltd. | LV | whitelisted |
— | — | 216.58.207.78:80 | redirector.gvt1.com | Google Inc. | US | whitelisted |
3252 | GoogleUpdate.exe | 216.58.206.3:443 | update.googleapis.com | Google Inc. | US | whitelisted |
2884 | WScript.exe | 165.22.67.118:80 | — | — | US | malicious |
Domain | IP | Reputation |
---|---|---|
update.googleapis.com |
| whitelisted |
redirector.gvt1.com |
| whitelisted |
r2---sn-a5uoxu-gpme.gvt1.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potential Corporate Privacy Violation | ET POLICY PE EXE or DLL Windows file download HTTP |
— | — | Misc activity | ET INFO EXE - Served Attached HTTP |