File name: | MBRLock_Builder.rar |
Full analysis: | https://app.any.run/tasks/dd99b952-fc99-4f77-bb2e-ced5869750fd |
Verdict: | Malicious activity |
Analysis date: | September 09, 2018, 09:08:32 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32 |
MD5: | 6D04F52F7AB0B40345BEA5B4DFD511BF |
SHA1: | 8D75DB604FFD4EDB212E73DC164D6B4E0D802C14 |
SHA256: | 37E7EFB96095D453C0699392057E44FDF0AF12A8D1697D5DB0B9200018121BC4 |
SSDEEP: | 3072:vrznHvlWIbBED9IRU3Fj76qJxF5LzDtv0exR2AlQJ5tv8JnRf/:zznHvsIbBED9IYFjBzDt8I2YQzqJnRn |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
ArchivedFileName: | MBRLock_Builder.exe |
---|---|
PackingMethod: | Normal |
ModifyDate: | 2011:07:22 15:21:10 |
OperatingSystem: | Win32 |
UncompressedSize: | 197120 |
CompressedSize: | 181536 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1228 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\MBRLock_Builder.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2372 | "C:\Users\admin\Desktop\MBRLock_Builder.exe" | C:\Users\admin\Desktop\MBRLock_Builder.exe | explorer.exe | |
User: admin Company: VaZoNeZ Corp. Integrity Level: MEDIUM Description: [MBRLocker Builder] Exit code: 0 Version: 0.2.0.0 | ||||
3492 | "C:\Users\admin\Desktop\mbr-locker.exe" | C:\Users\admin\Desktop\mbr-locker.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Exit code: 1073807364 | ||||
3436 | "C:\Users\admin\Desktop\mbr-locker.exe" | C:\Users\admin\Desktop\mbr-locker.exe | mbr-locker.exe | |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
3652 | C:\Users\admin\AppData\Local\Temp\\sys3.exe | C:\Users\admin\AppData\Local\Temp\sys3.exe | — | mbr-locker.exe |
User: admin Integrity Level: HIGH Exit code: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2372 | MBRLock_Builder.exe | C:\Users\admin\Desktop\mbr-locker.exe | executable | |
MD5:810EA1AA81E0B26BDA624094B33CAF7D | SHA256:F4A5C01BF49FE197153B1DD9F5B5C44EFEF3EA53107E893609D8B1538F708D6D | |||
3436 | mbr-locker.exe | C:\Users\admin\AppData\Local\Temp\sys3.exe | executable | |
MD5:810EA1AA81E0B26BDA624094B33CAF7D | SHA256:F4A5C01BF49FE197153B1DD9F5B5C44EFEF3EA53107E893609D8B1538F708D6D | |||
3436 | mbr-locker.exe | C:\Users\admin\AppData\Local\Temp\systm.txt | text | |
MD5:29ED657519A929C905BE0FFD9A0EEC7F | SHA256:1712270CC9D3BDE3298E49A514773C98B32F5F5A7CE447B662369B570AF27F32 | |||
1228 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb1228.31744\happy-hack.ru - HackTool.url | text | |
MD5:B7D092526D3379811F75647270FD8274 | SHA256:7D9713F4EAB8E07816346328DDD5C389F2F6D489C2731C111EB4759A5C228D47 | |||
1228 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb1228.31744\MBRLock_Builder.exe | executable | |
MD5:C8F5F007E75F79D7289568406B450A21 | SHA256:BE0830713D84EBE82E0FD2A9380D4E4FBA59B547691A14069EA024C8562396D4 |