File name: | svchost.zip |
Full analysis: | https://app.any.run/tasks/761d2b1a-5144-4c49-b5a3-7a23c3533d86 |
Verdict: | Malicious activity |
Analysis date: | January 11, 2020, 07:24:18 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | EF1E4C04BF60CACA1DFE0386A4F11D97 |
SHA1: | C6C044EAFC184F275BF1A55DBDD85355C188D9E3 |
SHA256: | 1FF04ED2CADB8BDA5A42EA75052F5346348CC75F14B4B22A841915D881BA1F7A |
SSDEEP: | 1536:muaDO+nKjYRotV3nsPFG+5ODTb7MX6DgDTj:PwEYutj+5O7oH |
.zip | | | ZIP compressed archive (100) |
ZipFileName: | svchost.exe |
ZipUncompressedSize: | 56320 |
ZipCompressedSize: | 54755 |
ZipCRC: | 0x40c57347 |
ZipModifyDate: | 2020:01:11 15:11:07 |
ZipCompression: | Deflated |
ZipBitFlag: | 0 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2456 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\svchost.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2572 | "C:\Users\admin\Desktop\svchost.exe" | C:\Users\admin\Desktop\svchost.exe | explorer.exe | |
User: admin Company: SOFTWIN S.R.L. Integrity Level: HIGH Description: BitDefender Management Console Exit code: 0 Version: 106.42.73.61 | ||||
3388 | "C:\Program Files\Microsoft\DesktopLayer.exe" | C:\Program Files\Microsoft\DesktopLayer.exe | — | svchost.exe |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
1908 | "C:\Program Files\Internet Explorer\iexplore.exe" | C:\Program Files\Internet Explorer\iexplore.exe | DesktopLayer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1908 | iexplore.exe | C:\Program Files\Adobe\Acrobat Reader DC\Reader\Legal\CHS\license.html | xml | |
MD5:68A3F112C4D71284AE0B4AB1F691D7A0 | SHA256:C1DA768A291F0F1691BBE933C020B79815F458D1B77C689DF10B89072F870612 | |||
1908 | iexplore.exe | C:\Program Files\Adobe\Acrobat Reader DC\Llegiu-me.htm | html | |
MD5:439C71C59341E5E518D0EABC4099A24B | SHA256:419BCE4CD535A08FD240849436101579FC6A5464690D166E3E7A8EED87F12293 | |||
1908 | iexplore.exe | C:\Program Files\Adobe\Acrobat Reader DC\Liesmich.htm | html | |
MD5:3FE5C54F7BDC00C83C49C27C9241FC80 | SHA256:C65C0C1406867B92BF4590173628035FAE1ECDA06B222941B564B647F622917E | |||
1908 | iexplore.exe | C:\Program Files\Internet Explorer\dmlconf.dat | binary | |
MD5:702B30E090FDADB0D624B7D27879303D | SHA256:87CF81595B02EED7727F06F1E07129F5225D9D08A74461266154CA51C24CCBEE | |||
1908 | iexplore.exe | C:\Program Files\Adobe\Acrobat Reader DC\Reader\Legal\CHT\license.html | xml | |
MD5:909C2BEF1CB3B9C5383DC566961B3E4C | SHA256:98D29CED4AED84E21724B07B18E7895CADAEDFE38B3BADA73CE3C6CA8E9CCD3E | |||
1908 | iexplore.exe | C:\Program Files\Adobe\Acrobat Reader DC\Reader\Legal\CAT\license.html | xml | |
MD5:EFF1C69346C2497A5AE6EC7FCC2C4477 | SHA256:0605C364DEA456FF09F7F6CEEA18C1FFBE805D2747943D8AA6C94927BD2D8DE8 | |||
1908 | iexplore.exe | C:\Program Files\Adobe\Acrobat Reader DC\LueMinut.htm | html | |
MD5:06EE95A60459E8B22EA76F1BE1A619E3 | SHA256:8A17F941DBD591C215422998F8D098742D1BF7D736C927F3E37217F545420416 | |||
2456 | WinRAR.exe | C:\Users\admin\Desktop\svchost.exe | executable | |
MD5:FF5E1F27193CE51EEC318714EF038BEF | SHA256:FD6C69C345F1E32924F0A5BB7393E191B393A78D58E2C6413B03CED7482F2320 | |||
1908 | iexplore.exe | C:\Program Files\Adobe\Acrobat Reader DC\Benioku.htm | html | |
MD5:A491201AB7305E2C71D90CB6CBBEEAA1 | SHA256:826444C3D91CB3694A2256B0D5470553FAAB1B70D0008A3294554875015BF0BC | |||
1908 | iexplore.exe | C:\Program Files\Adobe\Acrobat Reader DC\Leame.htm | html | |
MD5:5079AFA6A352AFE6D89C9CF78EAF3644 | SHA256:34F530DC85BE9889F4ACC3CD32B7038542EDA595EC82829A32AA1EA4171BB63A |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1908 | iexplore.exe | 172.217.16.78:80 | google.com | Google Inc. | US | whitelisted |
1908 | iexplore.exe | 72.26.218.70:443 | fget-career.com | Voxel Dot Net, Inc. | NL | malicious |
Domain | IP | Reputation |
---|---|---|
google.com |
| whitelisted |
fget-career.com |
| malicious |
PID | Process | Class | Message |
---|---|---|---|
1908 | iexplore.exe | A Network Trojan was detected | ET TROJAN Win32/Ramnit Checkin |
1908 | iexplore.exe | A Network Trojan was detected | MALWARE [PTsecurity] Win32/Ramnit Checkin |
1908 | iexplore.exe | A Network Trojan was detected | ET TROJAN Win32/Ramnit Checkin |
1908 | iexplore.exe | A Network Trojan was detected | MALWARE [PTsecurity] Win32/Ramnit Checkin |