File name: | sample_110.zip |
Full analysis: | https://app.any.run/tasks/52ef8239-b0ce-4061-be76-d5f719e06fe6 |
Verdict: | Malicious activity |
Analysis date: | June 12, 2019, 10:56:17 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | A089F75C43A874EEAD67DC041CDE9B07 |
SHA1: | 291A2C1FBB58A8C93AF19300B9AE075F07216AF4 |
SHA256: | 2B4E3E146059FC9BC347E41EEE60472985F6FB6B064B2AB1DA5DF637CD60E725 |
SSDEEP: | 24576:b8FpErVT10BGkWinp9g7brLLieW+pzAo+OnAfafsUset06fDg5to1aaf6bKhvzQT:bYp810Aklp6bLvObOWkfN0W1LisIr |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | sample_110/ |
---|---|
ZipUncompressedSize: | - |
ZipCompressedSize: | - |
ZipCRC: | 0x00000000 |
ZipModifyDate: | 2018:05:01 18:48:22 |
ZipCompression: | None |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1892 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\sample_110.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2888 | "C:\Users\admin\Desktop\sample_110.exe" | C:\Users\admin\Desktop\sample_110.exe | — | explorer.exe |
User: admin Company: SanDisk Integrity Level: MEDIUM Description: HaulConverter Exit code: 3221226540 Version: 3.3.0 | ||||
3112 | "C:\Users\admin\Desktop\sample_110.exe" | C:\Users\admin\Desktop\sample_110.exe | explorer.exe | |
User: admin Company: SanDisk Integrity Level: HIGH Description: HaulConverter Exit code: 0 Version: 3.3.0 | ||||
2644 | "C:\Program Files\wss\Windows Security System.exe" | C:\Program Files\wss\Windows Security System.exe | sample_110.exe | |
User: admin Company: SanDisk Integrity Level: HIGH Description: HaulConverter Version: 3.3.0 | ||||
3372 | "C:\Windows\system32\cmd.exe" /c del C:\Users\admin\Desktop\SAMPLE~1.EXE > nul | C:\Windows\system32\cmd.exe | — | sample_110.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1892 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb1892.398\sample_110\sample_110 | — | |
MD5:— | SHA256:— | |||
2644 | Windows Security System.exe | C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Security System.lnk | lnk | |
MD5:3B8CC754A863CBBA1BBEFC66386A8E84 | SHA256:F29E5554B0E937F8F11CA39B32835A81CB6E80AF6FE57C1B5EB07D1CB64B5D81 | |||
2644 | Windows Security System.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Windows Security System\Windows Security System.lnk | lnk | |
MD5:AFE04B6B72B6DC1B96EC3EE098E1A2AD | SHA256:86B0A51A3BD3FD42CEA59B3BA79AF687301E1DE55001A13DA22C42C9B48CDFC5 | |||
2644 | Windows Security System.exe | C:\Users\admin\Desktop\Windows Security System.lnk | lnk | |
MD5:DF46F35259FD4DD0835FB2E5A24C141F | SHA256:1D22EE010710B8879BF89EC1ABEBE1564173F841C614867D2DB70D8CA9CA8D3D | |||
3112 | sample_110.exe | C:\Program Files\wss\Windows Security System.exe | executable | |
MD5:F977008DE8B886F1684E219DA6576A03 | SHA256:C8C3249474335D57D963009C6B3D1E9EB5AA39DCFE1E2D090DED5552E280886E |
Domain | IP | Reputation |
---|---|---|
gerssfn.com |
| unknown |