File name: | ssssssssssssss1IMAGEM19052019162151MIplkWRGFu.zip |
Full analysis: | https://app.any.run/tasks/4fe0b09f-31b6-4624-b89f-4e97fc64b267 |
Verdict: | Malicious activity |
Analysis date: | May 20, 2019, 08:50:31 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | C57BF42AB51B4D8931BFAC7C3DB8D4A8 |
SHA1: | D931A234FABE4BB7F498A7C4C094EE0F35AC4EA9 |
SHA256: | 305D0E1E2F2046ACDA685B1BB17BD779704899D79CE1ACB5DBFEDFE9F54CB66D |
SSDEEP: | 49152:HeYbLtdSk99wVhLA1e3jegh3gyPaCZwgZLli6UHNUpT:+eLtdOS1ezHhQySCZFc6oUV |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | Deflated |
ZipModifyDate: | 2019:05:19 16:55:19 |
ZipCRC: | 0x7868f10f |
ZipCompressedSize: | 1911114 |
ZipUncompressedSize: | 2510848 |
ZipFileName: | 1IMAGEM19052019162151MIplkWRGFu.exe |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
116 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\ssssssssssssss1IMAGEM19052019162151MIplkWRGFu.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3848 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa116.25023\1IMAGEM19052019162151MIplkWRGFu.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa116.25023\1IMAGEM19052019162151MIplkWRGFu.exe | WinRAR.exe | |
User: admin Integrity Level: MEDIUM |
(PID) Process: | (116) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (116) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (116) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (116) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\ssssssssssssss1IMAGEM19052019162151MIplkWRGFu.zip | |||
(PID) Process: | (116) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (116) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (116) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (116) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (116) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
(PID) Process: | (116) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3848 | 1IMAGEM19052019162151MIplkWRGFu.exe | C:\Users\admin\AppData\Local\Temp\drive2 | — | |
MD5:— | SHA256:— | |||
3848 | 1IMAGEM19052019162151MIplkWRGFu.exe | C:\Users\admin\AppData\Roaming\Microsoft\Microsoft312.exe | — | |
MD5:— | SHA256:— | |||
3848 | 1IMAGEM19052019162151MIplkWRGFu.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\.lnk | lnk | |
MD5:7CD6C0FFCEB6392E4648424C2E5C9F97 | SHA256:A9CE2BC97A436C3BCDBC6F5757AEDF0E706E2714585586194D81563DA79807D1 | |||
3848 | 1IMAGEM19052019162151MIplkWRGFu.exe | C:\Users\admin\AppData\Local\Temp\Microsoft082.zip | compressed | |
MD5:29B35F8941D3211C3FFD08F832F7596D | SHA256:FC81F4271F1BBA60EFD80DF0D991E8C9B6D802522AD951EA8B54F82AF2C5F136 | |||
3848 | 1IMAGEM19052019162151MIplkWRGFu.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\tj1[1].zip | compressed | |
MD5:29B35F8941D3211C3FFD08F832F7596D | SHA256:FC81F4271F1BBA60EFD80DF0D991E8C9B6D802522AD951EA8B54F82AF2C5F136 | |||
3848 | 1IMAGEM19052019162151MIplkWRGFu.exe | C:\Users\admin\AppData\Local\Temp\Microsoft312.exe | executable | |
MD5:7AC334D16D6B6E343F27C0C906C365C0 | SHA256:92B29035BE194ED8FF46DE00D88F15F2955F91B285C7ED3454F94F8C430B2D44 | |||
116 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa116.25023\1IMAGEM19052019162151MIplkWRGFu.exe | executable | |
MD5:070C5B9BBC587284B3836BDD40CAD7A3 | SHA256:8852D738E2FB737C05C763640E4F4F1C4C26B28C1125B1739AB8D04B132B0B6D | |||
116 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa116.26870\1IMAGEM19052019162151MIplkWRGFu.exe | executable | |
MD5:070C5B9BBC587284B3836BDD40CAD7A3 | SHA256:8852D738E2FB737C05C763640E4F4F1C4C26B28C1125B1739AB8D04B132B0B6D | |||
3848 | 1IMAGEM19052019162151MIplkWRGFu.exe | C:\Users\admin\AppData\Roaming\Microsoft\.Microsoft.exe | executable | |
MD5:7AC334D16D6B6E343F27C0C906C365C0 | SHA256:92B29035BE194ED8FF46DE00D88F15F2955F91B285C7ED3454F94F8C430B2D44 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3848 | 1IMAGEM19052019162151MIplkWRGFu.exe | GET | 200 | 35.236.40.64:80 | http://64.40.236.35.bc.googleusercontent.com/catalog/seo_sitemap/product/tj/tj1.zip | US | compressed | 16.2 Mb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3848 | 1IMAGEM19052019162151MIplkWRGFu.exe | 35.236.40.64:80 | 64.40.236.35.bc.googleusercontent.com | — | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
64.40.236.35.bc.googleusercontent.com |
| whitelisted |
PID | Process | Class | Message |
---|---|---|---|
3848 | 1IMAGEM19052019162151MIplkWRGFu.exe | A Network Trojan was detected | MALWARE [PTsecurity] Trojan.Loader (Trojan.Agent.DDSA) Requesting Zip Archive |
Process | Message |
---|---|
1IMAGEM19052019162151MIplkWRGFu.exe | %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s |
1IMAGEM19052019162151MIplkWRGFu.exe | %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s |