File name: | 2.rar |
Full analysis: | https://app.any.run/tasks/7b072ded-78e4-415c-8620-ce887b40f2dc |
Verdict: | Malicious activity |
Analysis date: | January 22, 2019, 20:12:40 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32 |
MD5: | 1CE300ECA78E4920DD8359C72CBBC29D |
SHA1: | 806B1A95AA14C71BF06E144CB3CA687B7B4EEC26 |
SHA256: | 2A241F4EB74C4DFFF790DA70FE9564C3E3DFDEB330B751C10AD20EDB95F310BE |
SSDEEP: | 12288:NN1WskVEmcvNJ01013BTGGRUUV1klQYvy63ElMP:3vkVcvNGgTlV1klQElrP |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
CompressedSize: | 111852 |
---|---|
UncompressedSize: | 238080 |
OperatingSystem: | Win32 |
ModifyDate: | 2016:11:22 09:31:19 |
PackingMethod: | Normal |
ArchivedFileName: | Bunifu_UI_v1.52.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2984 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\2.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
1592 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
3008 | "C:\Users\admin\Desktop\Uplay Checker v1.0.1.exe" | C:\Users\admin\Desktop\Uplay Checker v1.0.1.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Description: BruteCore Version: 1.0.0.0 |
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\2.rar | |||
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin |
Operation: | write | Name: | Placement |
Value: 2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000 | |||
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\General |
Operation: | write | Name: | LastFolder |
Value: C:\Users\admin\AppData\Local\Temp |
PID | Process | Filename | Type | |
---|---|---|---|---|
2984 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2984.48770\Bunifu_UI_v1.52.dll | executable | |
MD5:3C1804A0781C9D7A82D0FB43D3A181F3 | SHA256:D5BE2CB21EB8190B40E7453E9AE2418679A8C050C470FF36B044273A41A88A0C | |||
2984 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2984.48770\Uplay Checker v1.0.1.exe | executable | |
MD5:F8CD3EB229E04D2CF6609B0C8AA27214 | SHA256:B3223DF91B0CBD008A299FE3019BBCF02061526A91D8AD5B497E16449B3E2EA0 | |||
2984 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2984.48770\Extreme.Net.dll | executable | |
MD5:313CD8DF3CA832760DC1CDC09AF44EE5 | SHA256:C548B92070E6553377098A4D86C67CD89EBE58AD040174E7A949FF12894ABD33 |