File name: | Sentry MBA Latest Version (1.4.1).rar |
Full analysis: | https://app.any.run/tasks/d50ead78-5f23-4d48-9af1-3d353485a7ec |
Verdict: | Malicious activity |
Analysis date: | November 15, 2018, 09:37:28 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32 |
MD5: | 0079563614C21A81C0C4DFDD45456A73 |
SHA1: | BEEEE21B1AA7FF598033B6A2985713F520FD12FA |
SHA256: | 2B4CA04990C758C00DF69C82E0D8C407C51C2B9333FDEA471D7B9253F7C4D3BC |
SSDEEP: | 393216:0ZwPi+FW5k/A2+yyMZwI1ixAx/ohz13FfHi2ADtvFqDo:0ZN+FeFP051iAx/opnHi2Axio |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
CompressedSize: | 1550 |
---|---|
UncompressedSize: | 2976 |
OperatingSystem: | Win32 |
ModifyDate: | 2011:10:24 02:12:26 |
PackingMethod: | Normal |
ArchivedFileName: | Sentry MBA Latest Version (1.4.1)\Sentry MBA Latest Version (1.4.1)\FAQ.txt |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2952 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Sentry MBA Latest Version (1.4.1).rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2140 | "C:\Users\admin\Desktop\Sentry MBA Latest Version (1.4.1)\Sentry MBA Latest Version (1.4.1)\Sentry_MBA.exe" | C:\Users\admin\Desktop\Sentry MBA Latest Version (1.4.1)\Sentry MBA Latest Version (1.4.1)\Sentry_MBA.exe | explorer.exe | |
User: admin Integrity Level: HIGH Description: Sentry MBA Version: 1.4.0.8701 |
(PID) Process: | (2952) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (2952) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (2952) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (2952) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\Sentry MBA Latest Version (1.4.1).rar | |||
(PID) Process: | (2952) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (2952) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (2952) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (2952) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (2952) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin |
Operation: | write | Name: | Placement |
Value: 2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000 | |||
(PID) Process: | (2952) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\General |
Operation: | write | Name: | LastFolder |
Value: C:\Users\admin\AppData\Local\Temp |
PID | Process | Filename | Type | |
---|---|---|---|---|
2952 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2952.20760\Sentry MBA Latest Version (1.4.1)\Sentry MBA Latest Version (1.4.1)\ipfilter.dat | — | |
MD5:— | SHA256:— | |||
2952 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2952.20760\Sentry MBA Latest Version (1.4.1)\Sentry MBA Latest Version (1.4.1)\Settings.ini | text | |
MD5:7DF986C37958DCEEC9079574700AA269 | SHA256:BB6D810F300A732BD5F26215EEFE1DD1ED0CDAD73CBD2D1650483CA0B636BD83 | |||
2952 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2952.20760\Sentry MBA Latest Version (1.4.1)\Sentry MBA Latest Version (1.4.1)\Sources\AFQJAMMRPPFSMANTSSPH.txt | text | |
MD5:58E3D2C9BE5B0BE28D7C7ABD106131A4 | SHA256:04DEB6AB82531A8E849500B8C736489B6FDA8A4C5841F3386AC83B063E9A70F0 | |||
2952 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2952.20760\Sentry MBA Latest Version (1.4.1)\Sentry MBA Latest Version (1.4.1)\Sentry_MBA_1.0_Changes.pdf | ||
MD5:E8CAA12CFA0E41BAE3C5BFE5831DE3F5 | SHA256:7BAF072B1751593F567D58F979ADFB337DD97D16B192713360080DB770F30B4D | |||
2952 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2952.20760\Sentry MBA Latest Version (1.4.1)\Sentry MBA Latest Version (1.4.1)\Sources\APVTIMDZXWGZNYJAVMMS.html | html | |
MD5:494F0844E7D2DDE7221BE9A5FBE94BE3 | SHA256:2EC048ABF90276C269E579C56C097C89EB1CB97FBA8200566EAB03D612538289 | |||
2952 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2952.20760\Sentry MBA Latest Version (1.4.1)\Sentry MBA Latest Version (1.4.1)\FAQ.txt | text | |
MD5:29701FB5186BBF5673A029FE508F13FA | SHA256:694638E9CAF4ED5963B4B53629BC2D9ECD765AA6125B3B2340C8BDD204E115B5 | |||
2952 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2952.20760\Sentry MBA Latest Version (1.4.1)\Sentry MBA Latest Version (1.4.1)\Sites.ini | text | |
MD5:FC1B8668B99485FE999FD4EC2F1E3E8F | SHA256:FFC4197073CAB8BAA26C4AEE77A88296538849E7753E164861F1F29A99B3EBEA | |||
2952 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2952.20760\Sentry MBA Latest Version (1.4.1)\Sentry MBA Latest Version (1.4.1)\Filters.ini | text | |
MD5:1FB0D03C177E63442FD5D04E98042A99 | SHA256:C827736022D625502D208E19B8BF52F5E479B0BB9C8DB8BAFBA9BB9629488272 | |||
2952 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2952.20760\Sentry MBA Latest Version (1.4.1)\Sentry MBA Latest Version (1.4.1)\Sources\AIDLPKVMQIIFNEPKLHZD.txt | text | |
MD5:55EF9206F06EE15CF18000AF3751D8C6 | SHA256:E7DB4D1BF16DF832C80C3C6B007C3350F9E075C8FA3AAB108020B8CD6DE4D1F1 | |||
2952 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2952.20760\Sentry MBA Latest Version (1.4.1)\Sentry MBA Latest Version (1.4.1)\MyList.ini | text | |
MD5:A2B2B11BB76E777334E51DCB75504711 | SHA256:CDB2DB1084AAF40A306E1ADC365F74A63DD3B53EE675EF07CC86E43374A4E995 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2140 | Sentry_MBA.exe | GET | 200 | 162.88.100.200:80 | http://checkip.dyndns.org/ | US | html | 105 b | shared |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2140 | Sentry_MBA.exe | 162.88.100.200:80 | checkip.dyndns.org | Dynamic Network Services, Inc. | US | shared |
Domain | IP | Reputation |
---|---|---|
checkip.dyndns.org |
| shared |
PID | Process | Class | Message |
---|---|---|---|
— | — | Misc activity | ET INFO DYNAMIC_DNS Query to *.dyndns. Domain |
2140 | Sentry_MBA.exe | Potential Corporate Privacy Violation | ET POLICY External IP Lookup - checkip.dyndns.org |
2140 | Sentry_MBA.exe | Potentially Bad Traffic | ET POLICY DynDNS CheckIp External IP Address Server Response |