File name: | 2.zip |
Full analysis: | https://app.any.run/tasks/22050599-2511-4df0-bd88-1e754afde70e |
Verdict: | Malicious activity |
Analysis date: | August 25, 2019, 13:28:07 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | DE9D3AEFA44B939746BBAFAD78F928F7 |
SHA1: | 63423392FD2A381DFEEE86649EEB500D26244398 |
SHA256: | 34FEC2C1144A9C701C8E13BB6CED7A02343F39B0378921C209D22BC5BA99DCC0 |
SSDEEP: | 196608:XtB0M6AAcTlQft+4i0fsa22hQWAG572eTpRQcqmDR+VdARyZ:X76ZfNxfsa22CWAG4IjQcR9CAQZ |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | None |
ZipModifyDate: | 2019:08:25 09:07:10 |
ZipCRC: | 0xac8c7fbb |
ZipCompressedSize: | 13 |
ZipUncompressedSize: | 13 |
ZipFileName: | combo.txt |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3748 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\2.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3888 | "C:\Users\admin\Desktop\Windscribe Checker.exe" | C:\Users\admin\Desktop\Windscribe Checker.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Exit code: 3 | ||||
3600 | "C:\Users\admin\Desktop\Windscribe Checker.exe" | C:\Users\admin\Desktop\Windscribe Checker.exe | Windscribe Checker.exe | |
User: admin Integrity Level: MEDIUM Exit code: 3 | ||||
2840 | C:\Windows\system32\cmd.exe /c cls | C:\Windows\system32\cmd.exe | — | Windscribe Checker.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2880 | C:\Windows\system32\WerFault.exe -u -p 3600 -s 328 | C:\Windows\system32\WerFault.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Problem Reporting Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
(PID) Process: | (3748) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (3748) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (3748) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (3748) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\2.zip | |||
(PID) Process: | (3748) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (3748) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (3748) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (3748) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (3748) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin |
Operation: | write | Name: | Placement |
Value: 2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000 | |||
(PID) Process: | (3748) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\General |
Operation: | write | Name: | LastFolder |
Value: C:\Users\admin\AppData\Local\Temp |
PID | Process | Filename | Type | |
---|---|---|---|---|
3748 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3748.21689\Windscribe Checker.exe | executable | |
MD5:F699C9E4FD8861F73385C5120EC1C238 | SHA256:D54413CF35F5676B39A1CA98BECDF2B5084BADC2EA9BB6AE9CB8367723F9A868 | |||
3888 | Windscribe Checker.exe | C:\Users\admin\AppData\Local\Temp\_MEI38882\_cffi_backend.cp36-win32.pyd | executable | |
MD5:37870C71B315B371553FC91EE1D84643 | SHA256:4CBC9DEF520E2FAF4699B546FD383254F301357C9ABC1340C53C84DF619A6B3F | |||
3888 | Windscribe Checker.exe | C:\Users\admin\AppData\Local\Temp\_MEI38882\cryptography\hazmat\bindings\_openssl.cp36-win32.pyd | executable | |
MD5:09A6A2D3999BB5BD08197EA86E6388B4 | SHA256:9B77B0B0895249BB7DBEBC360D64C3C4B616F3553DCE187BD26322239EEEB6FD | |||
3888 | Windscribe Checker.exe | C:\Users\admin\AppData\Local\Temp\_MEI38882\_decimal.pyd | executable | |
MD5:2BA5187C121B584A3D6BDAC2C6D3FA71 | SHA256:B1A7011BF56081CFCA8EFB9423AD6FEB2833D1F24A7E87244D94D40F1ACE3B71 | |||
3888 | Windscribe Checker.exe | C:\Users\admin\AppData\Local\Temp\_MEI38882\_lzma.pyd | executable | |
MD5:2B6CF186EBA511E0903C9314B865D3B9 | SHA256:B1A6D7CB4F88A5EB2C30908836F7EED1F1C8294BAAEE94E9AB4B8BB47FE0F6DC | |||
3888 | Windscribe Checker.exe | C:\Users\admin\AppData\Local\Temp\_MEI38882\_bz2.pyd | executable | |
MD5:F97C69209C208C1DD472C5E0ED760456 | SHA256:9A0B806E6A764D6109DA7762F57A92381DB329D1B3EC5ADBFBD3CF61EF81E3C0 | |||
3888 | Windscribe Checker.exe | C:\Users\admin\AppData\Local\Temp\_MEI38882\python36.dll | executable | |
MD5:1AC97DBE4A81FC2BEB509F8DA5A3E8B6 | SHA256:258DD151E3EC9632D0B49488CC689BCBAB172648854E121DC6B5F2E43E58CB62 | |||
3748 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3748.21689\combo.txt | text | |
MD5:753700549D05DAC9EC82DA32DCEFE3D5 | SHA256:B17270C86CF8BBB0F8FCAB3C417C5EDC215EDF3E31AC73D4119C4FDE3095163E | |||
3748 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3748.21689\hits.txt | text | |
MD5:46AB2997CA006D78B35DB8F6F9DE7662 | SHA256:62F51D296D3429D8F502E2A1CF5FD430A118615B9C4B97D7FBAC538E9966FE26 | |||
3888 | Windscribe Checker.exe | C:\Users\admin\AppData\Local\Temp\_MEI38882\lxml\_elementpath.cp36-win32.pyd | executable | |
MD5:93D7B3C7F353B5F5AE12A3890A5F940D | SHA256:6F2D698C02507872A68E5970EB7AE64506A7ADA3A58F2F64F0AD4C31726CEE63 |