File name: | 330cad3946f342bc821c328ae10808819053ff71707a989e36e9518e0c57c236 |
Full analysis: | https://app.any.run/tasks/16145205-c442-45cf-b806-83c3e390d3d2 |
Verdict: | Malicious activity |
Analysis date: | March 14, 2019, 21:53:51 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v1.0 to extract |
MD5: | 5A28B4648928DD0C931C130648631EA6 |
SHA1: | 54913F4451163921B599BAA69D9D635EB51FD71A |
SHA256: | 330CAD3946F342BC821C328AE10808819053FF71707A989E36E9518E0C57C236 |
SSDEEP: | 768:bCIqdH/k1ZVcT194jp4HBQUYnDLnY29Tob/h9+rXlULi:bNqaLV8a6hinnY2Omwi |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | [email protected] |
---|---|
ZipUncompressedSize: | 36976 |
ZipCompressedSize: | 36976 |
ZipCRC: | 0xbe2c57bb |
ZipModifyDate: | 2004:03:13 01:10:17 |
ZipCompression: | None |
ZipBitFlag: | - |
ZipRequiredVersion: | 10 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2856 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\330cad3946f342bc821c328ae10808819053ff71707a989e36e9518e0c57c236.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | ||||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 Modules
| |||||||||||||||
2348 | "C:\Users\admin\AppData\Local\Temp\Rar$DIa2856.45642\[email protected]" | C:\Users\admin\AppData\Local\Temp\Rar$DIa2856.45642\[email protected] | WinRAR.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
|
(PID) Process: | (2856) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (2856) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (2856) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\5F\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (2856) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\330cad3946f342bc821c328ae10808819053ff71707a989e36e9518e0c57c236.zip | |||
(PID) Process: | (2856) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (2856) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (2856) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (2856) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (2856) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
(PID) Process: | (2856) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2348 | [email protected] | C:\Users\admin\AppData\Local\Temp\tmpD19B.tmp | — | |
MD5:— | SHA256:— | |||
2348 | [email protected] | C:\Users\admin\AppData\Local\Temp\tmpD1CB.tmp | — | |
MD5:— | SHA256:— | |||
2348 | [email protected] | C:\Users\admin\AppData\Local\Temp\tmpD1DB.tmp | — | |
MD5:— | SHA256:— | |||
2348 | [email protected] | C:\Users\admin\AppData\Local\Temp\tmpD21B.tmp | — | |
MD5:— | SHA256:— | |||
2348 | [email protected] | C:\Users\admin\AppData\Local\Temp\tmpFDB0.tmp | — | |
MD5:— | SHA256:— | |||
2348 | [email protected] | C:\Users\admin\AppData\Local\Temp\tmpFDD0.tmp | — | |
MD5:— | SHA256:— | |||
2348 | [email protected] | C:\Users\admin\AppData\Local\Temp\tmpFE1F.tmp | — | |
MD5:— | SHA256:— | |||
2348 | [email protected] | C:\Users\admin\AppData\Local\Temp\tmpFE30.tmp | — | |
MD5:— | SHA256:— | |||
2348 | [email protected] | C:\Users\admin\AppData\Local\Temp\tmpFE31.tmp | — | |
MD5:— | SHA256:— | |||
2348 | [email protected] | C:\Users\admin\AppData\Local\Temp\tmp1DB.tmp | — | |
MD5:— | SHA256:— |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2348 | 10.21.141.83:1042 | — | — | — | unknown | |
2348 | 16.115.196.82:1042 | — | Hewlett-Packard Company | US | unknown | |
2348 | 15.255.18.252:1042 | — | Hewlett-Packard Company | US | unknown | |
2348 | 24.199.116.33:1042 | — | Time Warner Cable Internet LLC | US | unknown | |
2348 | 15.228.173.202:1042 | — | Hewlett-Packard Company | US | unknown | |
2348 | 10.16.37.204:1042 | — | — | — | unknown | |
2348 | 16.115.194.223:1042 | — | Hewlett-Packard Company | US | unknown | |
2348 | 158.183.109.61:1042 | — | — | US | unknown | |
2348 | 17.151.62.66:25 | nwk-aaemail-lapp01.apple.com | Apple Inc. | US | unknown | |
2348 | 67.195.229.59:25 | mta7.am0.yahoodns.net | Yahoo | US | unknown |
Domain | IP | Reputation |
---|---|---|
dns.msftncsi.com |
| shared |
apple.com |
| whitelisted |
unicode.org |
| whitelisted |
nwk-aaemail-lapp01.apple.com |
| whitelisted |
yahoo.com |
| whitelisted |
mta7.am0.yahoodns.net |
| whitelisted |
j3e.de |
| unknown |
web.de |
| shared |
mail.j3e.de |
| shared |
mx-ha02.web.de |
| unknown |