File name: | LOLbins.chm |
Full analysis: | https://app.any.run/tasks/c1a7a7ed-0013-405c-b1c3-16853df176a3 |
Verdict: | Malicious activity |
Analysis date: | July 18, 2019, 07:42:31 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/octet-stream |
File info: | MS Windows HtmlHelp Data |
MD5: | B63583CE89DB1CE34A3B3AD31C396931 |
SHA1: | 402A1F4C1A068ED16461865C072D491DF30C3FFC |
SHA256: | 27CEB252A926D3D701FDD53B3AF38BFF42B77190A124AAF5906C28D93F6009B4 |
SSDEEP: | 6144:6vByNgyLwvNrQxq4znEveROX/4RC9K/vpaJcScXNFIwcxHi5ZT:wNys1gJznEv5w8q7SwcxC5ZT |
.chm | | | Windows HELP File (100) |
---|
LanguageCode: | Chinese (Simplified) |
---|---|
CHMVersion: | 3 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2964 | "C:\Windows\hh.exe" C:\Users\admin\AppData\Local\Temp\LOLbins.chm | C:\Windows\hh.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft® HTML Help Executable Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2736 | "C:\Windows\hh.exe" -decompile C:\$RecycleBin$\ C:\Users\admin\AppData\Local\Temp\LOLbins.chm | C:\Windows\hh.exe | hh.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft® HTML Help Executable Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2408 | cmd /c ""C:\$RecycleBin$\1.bat" " | C:\Windows\system32\cmd.exe | — | hh.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3452 | mode con cols=15 lines=1 | C:\Windows\system32\mode.com | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: DOS Device MODE Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
4080 | c:\$RecycleBin$\certmgr.exe -add -c c:\$RecycleBin$\system.txt -s -r localMachine root | c:\$RecycleBin$\CertMgr.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: ECM Certificate Manager Exit code: 4294967295 Version: 6.0.6000.16384 (vista_rtm.061029-1900) | ||||
2676 | c:\$RecycleBin$\un.exe e -r -y -p996112 c:\$RecycleBin$\temp.txt c:\$RecycleBin$ | c:\$RecycleBin$\Un.exe | cmd.exe | |
User: admin Company: WinRAR 压缩管理软件中文版 Integrity Level: MEDIUM Description: 命令行 RAR Exit code: 0 Version: 5.21.0 | ||||
3628 | ping 127.0.0.1 -n 1 | C:\Windows\system32\PING.EXE | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: TCP/IP Ping Command Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2188 | c:\$RecycleBin$\Perflog.exe | c:\$RecycleBin$\Perflog.exe | cmd.exe | |
User: admin Company: Tencent Integrity Level: MEDIUM Description: Tencent Online Education Dynamic Link Library Version: | ||||
2284 | regedit.exe /s c:\$recyclebin$\1.reg | C:\Windows\regedit.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Registry Editor Exit code: 3221226540 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3472 | "C:\Windows\regedit.exe" /s c:\$recyclebin$\1.reg | C:\Windows\regedit.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Registry Editor Exit code: 3221226540 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2736 | hh.exe | C:\$RecycleBin$\end.jpg | binary | |
MD5:99E751B4DD938077DFF37B28C3D7F623 | SHA256:34FB66C971DED162560E56AC059514EE4D6593CC8CC00028B76E6EBD411D5687 | |||
2408 | cmd.exe | C:\$RecycleBin$\temp.txt | compressed | |
MD5:6FB1D26D1BD5C6D7AA9A4C1899F448ED | SHA256:BA743E8FA783099FC2F228BE01AAF300BBB914D672BF5E34824E6BCF436462F9 | |||
2676 | Un.exe | C:\$RecycleBin$\Perflog.exe | executable | |
MD5:D255009A28369D29B915E837749CB50E | SHA256:E47FD59694230AFF740F5A55BEF0E2D0474F1FD56ED48CCC64465677A89058DD | |||
2736 | hh.exe | C:\$RecycleBin$\Intro.htm | html | |
MD5:5DE47DFCE3CCAF529AA9B59C2C6E07BE | SHA256:F6140C2A1AC023075D07E90D38D4DE4A639F41045E72E0C67E728CAA64D0DE27 | |||
2736 | hh.exe | C:\$RecycleBin$\system.txt | der | |
MD5:5EB57BA821CADC050A7D84876BA3EE9A | SHA256:F43C18B76E1FCEADBEBEB34A8F06AA3027BEB86774C03F82A94026BA3D2E574A | |||
2676 | Un.exe | C:\$RecycleBin$\edudll.dll | executable | |
MD5:DF84FD924ADB4F2EA8BA2A40167EA3D7 | SHA256:1C4449B71F15D4CEE945C299E9BC969F12DFE8A94B764E2EA8D4CE59B5697249 | |||
2736 | hh.exe | C:\$RecycleBin$\1.bat | text | |
MD5:C23F5FB28F9EA00BB235EE036F955570 | SHA256:B48CD02AA9A38E5FDE752DDBFFF521287CC0F64FE6B9C7DBC86FC1EC9100FF0A | |||
2964 | hh.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\seErrorRec[1].js | text | |
MD5:2FEDF3E90FA667962765E8B452435685 | SHA256:401EE09047F2F047147F5E497C8D7057427AD04DD4543B353423E061CC025D3D | |||
2736 | hh.exe | C:\$RecycleBin$\1.reg | text | |
MD5:6F3BDB099C387FEFABE173E2BA2801AA | SHA256:E7BDA56853BD53BD0001AF5216FD2A1F7E31C8C16DBE2AF0FA425B61FEC5980C | |||
2676 | Un.exe | C:\$RecycleBin$\Default.xml | binary | |
MD5:3E6D949E11114F33591E01938F172F16 | SHA256:9219B2523ACD59A38B04DE8D1AEEBE986BF25571707A8773A2141BF0922D6657 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2188 | Perflog.exe | 58.221.55.158:8000 | — | AS Number for CHINANET jiangsu province backbone | CN | unknown |
2964 | hh.exe | 103.235.46.39:443 | www.baidu.com | Beijing Baidu Netcom Science and Technology Co., Ltd. | HK | unknown |
2964 | hh.exe | 185.10.104.110:443 | ss1.bdstatic.com | — | — | unknown |
Domain | IP | Reputation |
---|---|---|
www.baidu.com |
| whitelisted |
ss1.bdstatic.com |
| whitelisted |
sp1.baidu.com |
| whitelisted |