File name: | processhacker-2.39-bin.zip |
Full analysis: | https://app.any.run/tasks/212ca058-a1d9-437f-a877-3540b4238ab8 |
Verdict: | Malicious activity |
Analysis date: | April 25, 2019, 09:27:34 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | B444CF14642CE9B8D75E079166A5DF0B |
SHA1: | 8E8F8423D163D922242B8B7D85427664F77EDC97 |
SHA256: | 2AFB5303E191DDE688C5626C3EE545E32E52F09DA3B35B20F5E0D29A418432F5 |
SSDEEP: | 98304:jDqt5TrOmlLB/7rTOqcXfOzJR1qioDLK2EbhQ:3sTrHlB73OqX4ioDfshQ |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | CHANGELOG.txt |
---|---|
ZipUncompressedSize: | 25995 |
ZipCompressedSize: | 7294 |
ZipCRC: | 0x34beb5ab |
ZipModifyDate: | 2016:03:29 12:18:04 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1532 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\processhacker-2.39-bin.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2348 | "C:\Windows\system32\cmd.exe" | C:\Windows\system32\cmd.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2340 | rundll32.exe C:\Windows\System32\winanr.dll, _debug | C:\Windows\system32\rundll32.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2068 | rundll32.exe C:\Windows\System32\winanr.dll, _inject | C:\Windows\system32\rundll32.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2036 | C:\Windows\Explorer.EXE | C:\Windows\explorer.exe | — | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3640 | rundll32.exe C:\Windows\System32\winanr.dll, _inject | C:\Windows\system32\rundll32.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3520 | rundll32.exe C:\Windows\System32\winanr.dll, _inject | C:\Windows\system32\rundll32.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3716 | rundll32.exe C:\Windows\System32\winanr.dll, _inject | C:\Windows\system32\rundll32.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2680 | rundll32.exe C:\Windows\System32\winanr.dll, _inject | C:\Windows\system32\rundll32.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1448 | rundll32.exe C:\Windows\System32\winanr.dll, _inject | C:\Windows\system32\rundll32.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |