File name: | sample_110.zip |
Full analysis: | https://app.any.run/tasks/fb6b679f-8ef6-44e6-a7cd-1cc26135a20c |
Verdict: | Malicious activity |
Analysis date: | June 12, 2019, 10:58:13 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | A089F75C43A874EEAD67DC041CDE9B07 |
SHA1: | 291A2C1FBB58A8C93AF19300B9AE075F07216AF4 |
SHA256: | 2B4E3E146059FC9BC347E41EEE60472985F6FB6B064B2AB1DA5DF637CD60E725 |
SSDEEP: | 24576:b8FpErVT10BGkWinp9g7brLLieW+pzAo+OnAfafsUset06fDg5to1aaf6bKhvzQT:bYp810Aklp6bLvObOWkfN0W1LisIr |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | sample_110/ |
---|---|
ZipUncompressedSize: | - |
ZipCompressedSize: | - |
ZipCRC: | 0x00000000 |
ZipModifyDate: | 2018:05:01 18:48:22 |
ZipCompression: | None |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
908 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\sample_110.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3012 | "C:\Users\admin\Desktop\sample_110.exe" | C:\Users\admin\Desktop\sample_110.exe | — | explorer.exe |
User: admin Company: SanDisk Integrity Level: MEDIUM Description: HaulConverter Exit code: 3221226540 Version: 3.3.0 | ||||
3084 | "C:\Users\admin\Desktop\sample_110.exe" | C:\Users\admin\Desktop\sample_110.exe | explorer.exe | |
User: admin Company: SanDisk Integrity Level: HIGH Description: HaulConverter Exit code: 0 Version: 3.3.0 | ||||
3264 | "C:\Program Files\wss\Windows Security System.exe" | C:\Program Files\wss\Windows Security System.exe | sample_110.exe | |
User: admin Company: SanDisk Integrity Level: HIGH Description: HaulConverter Version: 3.3.0 | ||||
3104 | "C:\Windows\system32\cmd.exe" /c del C:\Users\admin\Desktop\SAMPLE~1.EXE > nul | C:\Windows\system32\cmd.exe | — | sample_110.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
(PID) Process: | (908) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (908) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (908) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (908) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\sample_110.zip | |||
(PID) Process: | (908) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (908) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (908) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (908) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (908) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface |
Operation: | write | Name: | ShowPassword |
Value: 0 | |||
(PID) Process: | (3084) sample_110.exe | Key: | HKEY_CURRENT_USER\Software\EBE507BD0A68FD941475A3D12A204B9E |
Operation: | write | Name: | ”³³ |
Value: æã |
PID | Process | Filename | Type | |
---|---|---|---|---|
3264 | Windows Security System.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\ErrorPageTemplate[1] | — | |
MD5:— | SHA256:— | |||
3264 | Windows Security System.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\errorPageStrings[1] | — | |
MD5:— | SHA256:— | |||
3264 | Windows Security System.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\httpErrorPagesScripts[1] | — | |
MD5:— | SHA256:— | |||
3264 | Windows Security System.exe | C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Windows Security System.lnk | lnk | |
MD5:48200DF2C3895258C5BFF1F65C86DE2B | SHA256:C35DB8BCBED708C21CFBC00473D1540C26CB78CC57BA7017AE6752373EB6279C | |||
3264 | Windows Security System.exe | C:\Users\admin\Desktop\Windows Security System.lnk | lnk | |
MD5:EC15EC7846E9689CF4366E13E2285B26 | SHA256:71F001A41BC9057BF394420506972330F93270C4A272B018DA269AA658B9160E | |||
3264 | Windows Security System.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Windows Security System\Windows Security System.lnk | lnk | |
MD5:3181B6D0F655FCEA3A18B6650282E079 | SHA256:0D04546B6060AB62FDFBEBD97B6DFF4DA3FC243503BDCAD0E413604AFDAD45EE | |||
3264 | Windows Security System.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\dnserrordiagoff_webOC[1] | html | |
MD5:3948EF3D9F9FB9FD68BFBBCDBDCFC605 | SHA256:1D5E9DC7114347EF6C6E7A89EBE73CAB3FA45CC9728943A5FFB3CB91ADF6E8FE | |||
3264 | Windows Security System.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\dnserrordiagoff_webOC[2] | html | |
MD5:3948EF3D9F9FB9FD68BFBBCDBDCFC605 | SHA256:1D5E9DC7114347EF6C6E7A89EBE73CAB3FA45CC9728943A5FFB3CB91ADF6E8FE | |||
3264 | Windows Security System.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\navcancl[1] | html | |
MD5:4BCFE9F8DB04948CDDB5E31FE6A7F984 | SHA256:BEE0439FCF31DE76D6E2D7FD377A24A34AC8763D5BF4114DA5E1663009E24228 | |||
3264 | Windows Security System.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\background_gradient[1] | image | |
MD5:20F0110ED5E4E0D5384A496E4880139B | SHA256:1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B |
Domain | IP | Reputation |
---|---|---|
gerssfn.com |
| unknown |
allwinsecuritysys.com |
| unknown |