File name: | Desktop.rar |
Full analysis: | https://app.any.run/tasks/589a91c7-483b-416d-900a-a0d61a0813ca |
Verdict: | Malicious activity |
Analysis date: | August 08, 2020, 09:39:04 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | C8EBAB34EC2DCF9B623CB457AAF808EA |
SHA1: | 148C42CB85A0161ACFFCC0CA004CE7BED42E21AC |
SHA256: | 23D0F7E53189A135EC90BEDA1C8163A90B63ED5CF3D7689792598208E90D2EAA |
SSDEEP: | 12288:HLatPhjd7lkS6gfCbBkTodivO9vTubbId8nhM5UCfv/tEmgijv41l4bog/Bt9Psd:HLA37lPffCbST8Lubb28nMUuXtEmfjvG |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2176 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Desktop.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2628 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2176.40079\GABB.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2176.40079\GABB.exe | WinRAR.exe | |
User: admin Integrity Level: MEDIUM Version: 1.0.0.0 | ||||
828 | "C:\Users\admin\Desktop\GABB.exe" | C:\Users\admin\Desktop\GABB.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Version: 1.0.0.0 | ||||
1080 | "C:\Users\admin\Desktop\GABB.exe" | C:\Users\admin\Desktop\GABB.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Version: 1.0.0.0 | ||||
2972 | "C:\Users\admin\Desktop\GABB.exe" | C:\Users\admin\Desktop\GABB.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Version: 1.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2176 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2176.41219\GABB.exe | — | |
MD5:— | SHA256:— | |||
2176 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2176.41219\GABB.ini | — | |
MD5:— | SHA256:— | |||
2176 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2176.41219\GDLL.dll | — | |
MD5:— | SHA256:— | |||
2176 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2176.40079\GABB.exe | executable | |
MD5:6A6D36044ECFCE8BC5EC5D4DA9683656 | SHA256:A4F81C05C6F5A401FDC37C7DAE695C56BB26D3D7AA6F259C773C0AAE80D5160E | |||
2176 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2176.40079\GABB.ini | text | |
MD5:78E850A5916CB4D96A41FE35D8007B7B | SHA256:81E4BBF799A67BCC0EC71BE5B4C34405D2982B25506685E6C40EB58B6709DF51 | |||
2176 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2176.40079\GDLL.dll | executable | |
MD5:8A12CB004CDBAAA80114F3C183848EFD | SHA256:92C1C18666563DF90CCA6C49CDA917B569061AE23ECD1556148E231CD6420517 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
828 | GABB.exe | GET | 200 | 116.202.244.153:80 | http://icanhazip.com/ | IN | text | 14 b | shared |
2972 | GABB.exe | GET | 200 | 116.202.244.153:80 | http://icanhazip.com/ | IN | text | 14 b | shared |
2628 | GABB.exe | GET | 200 | 116.202.244.153:80 | http://icanhazip.com/ | IN | text | 14 b | shared |
2972 | GABB.exe | GET | 200 | 116.202.244.153:80 | http://icanhazip.com/ | IN | text | 14 b | shared |
828 | GABB.exe | GET | 200 | 116.202.244.153:80 | http://icanhazip.com/ | IN | text | 14 b | shared |
1080 | GABB.exe | GET | 200 | 116.202.244.153:80 | http://icanhazip.com/ | IN | text | 14 b | shared |
2628 | GABB.exe | GET | 200 | 116.202.244.153:80 | http://icanhazip.com/ | IN | text | 14 b | shared |
1080 | GABB.exe | GET | 200 | 116.202.244.153:80 | http://icanhazip.com/ | IN | text | 14 b | shared |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2628 | GABB.exe | 116.202.244.153:80 | icanhazip.com | 334,Udyog Vihar | IN | malicious |
2628 | GABB.exe | 104.27.142.46:443 | nusumu.wtf | Cloudflare Inc | US | malicious |
— | — | 116.202.244.153:80 | icanhazip.com | 334,Udyog Vihar | IN | malicious |
828 | GABB.exe | 104.27.142.46:443 | nusumu.wtf | Cloudflare Inc | US | malicious |
828 | GABB.exe | 116.202.244.153:80 | icanhazip.com | 334,Udyog Vihar | IN | malicious |
1080 | GABB.exe | 116.202.244.153:80 | icanhazip.com | 334,Udyog Vihar | IN | malicious |
1080 | GABB.exe | 104.27.142.46:443 | nusumu.wtf | Cloudflare Inc | US | malicious |
2972 | GABB.exe | 116.202.244.153:80 | icanhazip.com | 334,Udyog Vihar | IN | malicious |
2972 | GABB.exe | 104.27.142.46:443 | nusumu.wtf | Cloudflare Inc | US | malicious |
Domain | IP | Reputation |
---|---|---|
icanhazip.com |
| shared |
nusumu.wtf |
| unknown |
PID | Process | Class | Message |
---|---|---|---|
2628 | GABB.exe | Attempted Information Leak | ET POLICY IP Check Domain (icanhazip. com in HTTP Host) |
2628 | GABB.exe | Attempted Information Leak | ET POLICY IP Check Domain (icanhazip. com in HTTP Host) |
828 | GABB.exe | Attempted Information Leak | ET POLICY IP Check Domain (icanhazip. com in HTTP Host) |
828 | GABB.exe | Attempted Information Leak | ET POLICY IP Check Domain (icanhazip. com in HTTP Host) |
1080 | GABB.exe | Attempted Information Leak | ET POLICY IP Check Domain (icanhazip. com in HTTP Host) |
1080 | GABB.exe | Attempted Information Leak | ET POLICY IP Check Domain (icanhazip. com in HTTP Host) |
2972 | GABB.exe | Attempted Information Leak | ET POLICY IP Check Domain (icanhazip. com in HTTP Host) |
2972 | GABB.exe | Attempted Information Leak | ET POLICY IP Check Domain (icanhazip. com in HTTP Host) |