File name: | pubg_lite_multihack_version_230_634e3.zip |
Full analysis: | https://app.any.run/tasks/6bc710da-cf88-41d4-a1c4-53c12e5379e9 |
Verdict: | Malicious activity |
Analysis date: | August 18, 2019, 08:30:42 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v1.0 to extract |
MD5: | 24D736098DCE73F12CED460CDB4B588F |
SHA1: | 69F454F9E7A24D5DC34AA11A1CBF5A1761E7C8CE |
SHA256: | 2B9FF521FEE69B407FBA9ED127F6C4A3EC2E75274C71547DD507822B083A8F0A |
SSDEEP: | 49152:0F5wzorqHfMhxamZthMJSz3Ne52z6Olr/V1ZA4Yz7D1F6kwHUfD:M5V+/Mzam357gIh91ZAt7pw07 |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 10 |
---|---|
ZipBitFlag: | 0x0009 |
ZipCompression: | None |
ZipModifyDate: | 2019:08:18 08:21:28 |
ZipCRC: | 0x68650f4b |
ZipCompressedSize: | 2712588 |
ZipUncompressedSize: | 2712588 |
ZipFileName: | pubg_lite_multihack_version_230.exe |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3584 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\pubg_lite_multihack_version_230_634e3.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3184 | "C:\Users\admin\Desktop\pubg_lite_multihack_version_230.exe" | C:\Users\admin\Desktop\pubg_lite_multihack_version_230.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
2420 | "C:\Users\admin\Desktop\pubg_lite_multihack_version_230.exe" "C:\Users\admin\Desktop\pubg_lite_multihack_version_230.exe" | C:\Users\admin\Desktop\pubg_lite_multihack_version_230.exe | pubg_lite_multihack_version_230.exe | |
User: admin Integrity Level: HIGH Exit code: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3584 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3584.7784\pubg_lite_multihack_version_230.exe | executable | |
MD5:A907D0D20A6A2E2E9ADAE5F1EF8E7129 | SHA256:294C6F77606E801AC6DFB56F9B7DF6823858D8EAA13902206A007D6B4C79531A |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2420 | pubg_lite_multihack_version_230.exe | GET | 200 | 54.230.93.158:80 | http://d1hq9wbcfo7dcl.cloudfront.net/offer.php?affId=7512&trackingId=422357691&instId=7584&ho_trackingid=HO422357691&cc=DE&sb=x86&wv=7sp1&db=InternetExplorer&uac=1&cid=5d979308c3b6ea5ad7e984e628c8cac1&v=3&net=4.7.03062&ie=8%2e0%2e7601%2e17514&res=1280x720&osd=681&kid=hqmrb21bevmlgik8hf7 | US | — | — | shared |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2420 | pubg_lite_multihack_version_230.exe | 54.230.93.158:80 | d1hq9wbcfo7dcl.cloudfront.net | Amazon.com, Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
d1hq9wbcfo7dcl.cloudfront.net |
| shared |
PID | Process | Class | Message |
---|---|---|---|
2420 | pubg_lite_multihack_version_230.exe | Unknown Traffic | ET INFO Suspicious User-Agent (1 space) |
2420 | pubg_lite_multihack_version_230.exe | Misc activity | ADWARE [PTsecurity] SoftwareBundler:Win32/Prepscram |