File name: | 9899e494565abad3.7z |
Full analysis: | https://app.any.run/tasks/aeaae955-aa43-4511-8484-d9251cac3f89 |
Verdict: | Malicious activity |
Analysis date: | September 30, 2020, 04:13:10 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-7z-compressed |
File info: | 7-zip archive data, version 0.3 |
MD5: | 0CC5533200EBF2C1BB0A583E1497D884 |
SHA1: | 84AF63F7A30D7BA3DB0C83742979160A13328C9D |
SHA256: | 325FDBEBEFECBAE4E3A0B2FCE93BA028F226FFA1833F08B787F2105B48B43A69 |
SSDEEP: | 49152:PDDE0mIk92qUu7j29VyGp5nXWSfJIIoF9PEyvRUILOV5z/A/gzOaaNEtlHMzftwn:S6vyOVVKFzvZCV+/gOaYEXuf92 |
.7z | | | 7-Zip compressed archive (gen) (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2744 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\9899e494565abad3.7z" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3880 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
812 | "C:\Users\admin\Desktop\confuser\ConfuserEx.exe" | C:\Users\admin\Desktop\confuser\ConfuserEx.exe | — | explorer.exe |
User: admin Company: Wadu Integrity Level: MEDIUM Description: 198 Protector V2 Version: 1.0.0.0 | ||||
3276 | "C:\Users\admin\Desktop\Jomgegar Crypter v1.0\Jomgegar Crypter v1.0.exe" | C:\Users\admin\Desktop\Jomgegar Crypter v1.0\Jomgegar Crypter v1.0.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Description: Jomgegar Crypter v1.0 Version: 1.0.0.0 | ||||
2132 | "C:\Program Files\Internet Explorer\iexplore.exe" https://jomgegar.net/ | C:\Program Files\Internet Explorer\iexplore.exe | — | Jomgegar Crypter v1.0.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
936 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2132 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2744 | WinRAR.exe | C:\Users\admin\Desktop\confuser\Confuser.Runtime.dll | executable | |
MD5:E2E341F2B649749584F4E838B1DD92DD | SHA256:3E8BA3B4E575B3E9B8F30AC3A5B0187FF0093F83B17EC634F4FE9072DF4C3505 | |||
2744 | WinRAR.exe | C:\Users\admin\Desktop\confuser\ConfuserEx.exe.config | xml | |
MD5:4F20FAA06D43043699FC996610E109B8 | SHA256:6FB70C10CC4C0B16538A488AD2BECF843D8D79049C0C07E783CF6EB7F64B36AA | |||
2744 | WinRAR.exe | C:\Users\admin\Desktop\confuser\Confuser.DynCipher.dll | executable | |
MD5:276240867B02839BA19C4FD7A99136B0 | SHA256:4AE350001F164E84EA5D5E27FB0A321491ADA0D0A847E418A0794C5034D06706 | |||
2744 | WinRAR.exe | C:\Users\admin\Desktop\confuser\dnlib.dll | executable | |
MD5:8F16212F92029A0A590459C22C2A9E2C | SHA256:EFFDF24E2BD29E67C6F28E1C819F5A57B51768CB1D161A09624809EBDB0F3C47 | |||
2744 | WinRAR.exe | C:\Users\admin\Desktop\confuser\Confuser.CLI.exe | executable | |
MD5:2A53A6B24D5ADC3B2D83C3323EB6764B | SHA256:412FC018E9C0DAB29EB123F04046EFBB352E51A6CA41DBF3B5F4DCFB5F9DFD07 | |||
2744 | WinRAR.exe | C:\Users\admin\Desktop\confuser\Confuser.Core.dll | executable | |
MD5:9616E00C8D20E43177A40C57BAEFD00D | SHA256:9102001B4EE65F85B13A3892635EB9F0DF6E0D8982111FBC4737FF7F798E2B29 | |||
2744 | WinRAR.exe | C:\Users\admin\Desktop\confuser\Confuser.Renamer.dll | executable | |
MD5:07AB864271DD9E11AC4FD6212A003C73 | SHA256:E0FA3B6526091C1987031FDBCA934A52439CBF8002951BA8F1FDE1A969CB08DF | |||
2744 | WinRAR.exe | C:\Users\admin\Desktop\confuser\Confuser.Protections.dll | executable | |
MD5:F4C99D621E8E43669C70EBA7CD0D27A7 | SHA256:F44F6B7F32F478E8F69498F65558DFBF2F673542DCBAD341375C8FE3D6415986 | |||
2744 | WinRAR.exe | C:\Users\admin\Desktop\confuser\GalaSoft.MvvmLight.Extras.dll | executable | |
MD5:9B9D52B1AF97307C20CDE8CF537ED06B | SHA256:B1441F0D875E3749B0FCE8FFD498BA3459E00EA4587D1F080B724BB7020CC5C8 | |||
2744 | WinRAR.exe | C:\Users\admin\Desktop\confuser\System.Buffers.dll | executable | |
MD5:775985A0B99BD5B2CF3D231A279660CE | SHA256:E0DFE400D224DBBE40F22F6C66B995FFC350F4105F57FB587D9C59E911D912BE |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
936 | iexplore.exe | GET | 200 | 2.16.186.11:80 | http://isrg.trustid.ocsp.identrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D | unknown | der | 1.37 Kb | whitelisted |
936 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D | US | der | 471 b | whitelisted |
936 | iexplore.exe | GET | 200 | 2.16.186.11:80 | http://isrg.trustid.ocsp.identrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRv9GhNQxLSSGKBnMArPUcsHYovpgQUxKexpHsscfrb4UuQdf%2FEFWCFiRACEAoBQUIAAAFThXNqC4Xspwg%3D | unknown | der | 1.37 Kb | whitelisted |
936 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAH9o%2BtuynXIiEOLckvPvJE%3D | US | der | 471 b | whitelisted |
1052 | svchost.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
936 | iexplore.exe | 172.217.23.131:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
936 | iexplore.exe | 23.111.9.35:443 | use.fontawesome.com | netDNA | US | suspicious |
936 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
936 | iexplore.exe | 172.217.22.42:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
936 | iexplore.exe | 185.163.44.87:443 | jomgegar.net | MivoCloud SRL | MD | unknown |
936 | iexplore.exe | 2.16.186.11:80 | isrg.trustid.ocsp.identrust.com | Akamai International B.V. | — | whitelisted |
1052 | svchost.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
jomgegar.net |
| unknown |
isrg.trustid.ocsp.identrust.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
use.fontawesome.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |