File name: | browser.jpg.bin |
Full analysis: | https://app.any.run/tasks/d51b2202-e93b-4184-b025-d79d24f474ac |
Verdict: | Malicious activity |
Analysis date: | February 18, 2019, 08:53:31 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-dosexec |
File info: | PE32 executable (GUI) Intel 80386, for MS Windows |
MD5: | 8AB9488D8397A8E00E60EC6CBF42AE5E |
SHA1: | FDBD5DB9D7C3C10BC1F5752D32874CE6C22ED4CE |
SHA256: | 33A895FF37AE6EF351624500C2F9783E6EC8E99CB128B16FB053AAABD646AC8C |
SSDEEP: | 24576:yQHWiG1FduXsnFWp1mvvujb1RQ/sT0pYEX7iSkSNvd6DKOS37NXfAwo3w2IyJasl:yQrG1Fd/nFAO2FksTqwSDADhwt2IiH |
.exe | | | Win32 Executable MS Visual C++ (generic) (42.2) |
---|---|---|
.exe | | | Win64 Executable (generic) (37.3) |
.dll | | | Win32 Dynamic Link Library (generic) (8.8) |
.exe | | | Win32 Executable (generic) (6) |
.exe | | | Generic Win/DOS Executable (2.7) |
Tag01000340: | D |
---|---|
eUpUtilities2014: | @ProductVersion |
eUpUtilities: | LProductName |
yrightAVGNetherlandsBV2011: | LLegalTrademarks |
eUpRegistryEditor: | <FileVersion |
eUpSoftware: | VFileDescription |
Comments: | @CompanyName |
CharacterSet: | Unicode |
LanguageCode: | German |
FileSubtype: | - |
ObjectFileType: | Unknown |
FileOS: | Windows NT 32-bit |
FileFlags: | (none) |
FileFlagsMask: | 0x0017 |
ProductVersionNumber: | 14.0.1000.340 |
FileVersionNumber: | 14.0.1000.340 |
Subsystem: | Windows GUI |
SubsystemVersion: | 5 |
ImageVersion: | - |
OSVersion: | 5 |
EntryPoint: | 0x200d10 |
UninitializedDataSize: | - |
InitializedDataSize: | 124416 |
CodeSize: | 2098176 |
LinkerVersion: | 9 |
PEType: | PE32 |
TimeStamp: | 2019:02:18 09:42:54+01:00 |
MachineType: | Intel 386 or later, and compatibles |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3180 | "C:\Users\admin\AppData\Local\Temp\browser.jpg.bin.exe" | C:\Users\admin\AppData\Local\Temp\browser.jpg.bin.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM |
(PID) Process: | (3180) browser.jpg.bin.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Windows\Configuration |
Operation: | write | Name: | i |
Value: D9AF0D9887E39A1955C0 | |||
(PID) Process: | (3180) browser.jpg.bin.exe | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
Operation: | write | Name: | Windows Session Manager |
Value: "C:\ProgramData\services\csrss.exe" | |||
(PID) Process: | (3180) browser.jpg.bin.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run |
Operation: | write | Name: | Windows Session Manager |
Value: "C:\ProgramData\services\csrss.exe" |
PID | Process | Filename | Type | |
---|---|---|---|---|
3180 | browser.jpg.bin.exe | C:\Users\admin\AppData\Local\Temp\9P2i8FeHvz\state.tmp | — | |
MD5:— | SHA256:— | |||
3180 | browser.jpg.bin.exe | C:\Users\admin\AppData\Local\Temp\9P2i8FeHvz\unverified-microdesc-consensus.tmp | — | |
MD5:— | SHA256:— | |||
3180 | browser.jpg.bin.exe | C:\Users\admin\AppData\Local\Temp\9P2I8F~1\unverified-microdesc-consensus | text | |
MD5:837EFD2601FE44ADEBBE107EB1E828DB | SHA256:723ADEF1A2F8C6A5E15DD8F9E19AED39329621F75FCE1237C3C6A18D35EC12A2 | |||
3180 | browser.jpg.bin.exe | C:\ProgramData\services\csrss.exe | executable | |
MD5:8AB9488D8397A8E00E60EC6CBF42AE5E | SHA256:33A895FF37AE6EF351624500C2F9783E6EC8E99CB128B16FB053AAABD646AC8C | |||
3180 | browser.jpg.bin.exe | C:\Users\admin\AppData\Local\Temp\9P2I8F~1\state | text | |
MD5:DBB9AE6948707A76425958F836563D6B | SHA256:26911A1422762AD036DFE8B0ED457168A2FD794DF3D6D493EC4A14F7D9F4B421 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3180 | browser.jpg.bin.exe | 154.35.32.5:443 | — | Rethem Hosting LLC | US | suspicious |
3180 | browser.jpg.bin.exe | 194.109.206.212:443 | — | Xs4all Internet BV | NL | malicious |
PID | Process | Class | Message |
---|---|---|---|
3180 | browser.jpg.bin.exe | Misc Attack | ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 270 |
3180 | browser.jpg.bin.exe | Potential Corporate Privacy Violation | POLICY [PTsecurity] TOR SSL connection |