download: | d473b802-eb5f-11e7-8ccc-5944bc969a40 |
Full analysis: | https://app.any.run/tasks/fe1aa1e3-045a-49e6-811b-3619dbb764f5 |
Verdict: | Malicious activity |
Analysis date: | October 05, 2022, 05:19:11 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | C26A2C5F6154225E8D83C4000306F162 |
SHA1: | 67C586CEDBF0852AA52268311841CBAC5C96FDF8 |
SHA256: | 35A9481DDBED5177431A9EA4BD09468FE987797D7B1231D64942D17EB54EC269 |
SSDEEP: | 49152:cPEbpqUPr0OMPjmNgyV24OXxr2/NV0CA7QUmu4LnB:cPEbpPPrC4gWFOBr4Wfg |
.xpi | | | Mozilla Firefox browser extension (66.6) |
---|---|---|
.zip | | | ZIP compressed archive (33.3) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2576 | "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL "C:\Users\admin\AppData\Roaming\d473b802-eb5f-11e7-8ccc-5944bc969a40.xpi" | C:\Windows\system32\rundll32.exe | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2284 | "C:\Windows\explorer.exe" | C:\Windows\explorer.exe | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
576 | "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,Control_RunDLL C:\Windows\System32\main.cpl ,1 | C:\Windows\system32\rundll32.exe | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2496 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Roaming\d473b802-eb5f-11e7-8ccc-5944bc969a40.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | Explorer.EXE |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
752 | "C:\Users\admin\Desktop\RDPConf.exe" | C:\Users\admin\Desktop\RDPConf.exe | — | Explorer.EXE |
User: admin Company: Stas'M Corp. Integrity Level: MEDIUM Description: RDP Configuration Program Exit code: 3221226540 Version: 1.4.0.0 | ||||
3504 | "C:\Users\admin\Desktop\RDPConf.exe" | C:\Users\admin\Desktop\RDPConf.exe | Explorer.EXE | |
User: admin Company: Stas'M Corp. Integrity Level: HIGH Description: RDP Configuration Program Exit code: 0 Version: 1.4.0.0 | ||||
552 | DrvInst.exe "1" "200" "UMB\UMB\1&841921d&0&TERMINPUT_BUS" "" "" "6e3bed883" "00000000" "00000564" "000003EC" | C:\Windows\system32\DrvInst.exe | — | svchost.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Driver Installation Module Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3832 | C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding | C:\Windows\System32\rundll32.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2948 | "C:\Windows\explorer.exe" | C:\Windows\explorer.exe | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 3221225547 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3204 | "C:\Users\admin\AppData\Roaming\RDPCheck.exe" | C:\Users\admin\AppData\Roaming\RDPCheck.exe | — | Explorer.EXE |
User: admin Company: Stas'M Corp. Integrity Level: MEDIUM Description: Local RDP Checker Exit code: 3221226540 Version: 2.2.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
552 | DrvInst.exe | C:\Windows\INF\setupapi.ev3 | binary | |
MD5:B3A5D9AC6211BAF643A7C6417B8A1AD3 | SHA256:BDBB32228A51C3352F71B6F721A81332E5C2DE17AA8329FBE39745C411E958CF | |||
552 | DrvInst.exe | C:\Windows\INF\setupapi.ev1 | binary | |
MD5:D767C84394E9CF0B5FE7606B37A23417 | SHA256:465F7BFEAC337750E28F594B0DD8290B9BBE5D13CF911C6488FDAD1EEF8F8A55 | |||
552 | DrvInst.exe | C:\Windows\INF\setupapi.ev2 | binary | |
MD5:D3B21242559895DA8B46A1FB81A225E6 | SHA256:F2EEF4E2614413D5E709C6D4C2EBEAB13F7942E0C994591AFA581A9D74B75687 | |||
2496 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2496.35339\RDPConf.exe | executable | |
MD5:03FB8E478F4BA100D37A136231FA2F78 | SHA256:3C0E5D6863B03283AFDA9BD188501757D47DC57FC4BBA2BDBB0D9BAA34487FE0 | |||
2496 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2496.35339\RDPCheck.exe | executable | |
MD5:8F82226B2F24D470C02F6664F67F23F7 | SHA256:5603338A1F8DBB46EFB8E0869DB3491D5DB92F362711D6680F91ECC5D18BFADF | |||
348 | RDPCheck.exe | C:\Users\admin\AppData\Local\Microsoft\Terminal Server Client\Cache\bcache22.bmc | binary | |
MD5:AD7697FD09E1D1E865915D67C6538AFD | SHA256:4913CB02C1D1754379792F009E9EE376EA9BE487E46C44AE0A00DE74564A2662 |