File name: | Xans Injector.rar |
Full analysis: | https://app.any.run/tasks/0bd39a7d-7182-4b9b-ab40-2f532a162463 |
Verdict: | Malicious activity |
Analysis date: | October 04, 2022, 22:20:31 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 508611E46D27994E6EF5D5D33E4A005D |
SHA1: | F1B9E2B017E0D1E6B87ED3EB1B779F5284170854 |
SHA256: | 386D0F652F59C86A486B3F15C37F6BB3EAC3613CC44A6EA921CD9DB694D9376F |
SSDEEP: | 393216:bAGHzeBUEIa9wKVD/cTSUXlkv7Jaxuc2o3mDL1i:bfHCBUFa9HbcFzahi |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3292 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\Xans Injector.rar" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
2052 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\system32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211) |
(PID) Process: | (3292) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (3292) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (3292) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (3292) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
(PID) Process: | (3292) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
(PID) Process: | (3292) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop\Xans Injector.rar | |||
(PID) Process: | (3292) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (3292) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (3292) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (3292) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3292 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3292.21331\Xans Injector\Xans Injector.exe | — | |
MD5:— | SHA256:— | |||
3292 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3292.21331\Xans Injector\Assembly-UnityScript-firstpass.dll | executable | |
MD5:B7C8BFF6B34347567F1562181BA7F080 | SHA256:B96BEFF5DDF870A45AB7F042B08FBD07EEBFB531FB97E0966244C8EBB8E2181A | |||
3292 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3292.21331\Xans Injector\Assembly-CSharp.dll | executable | |
MD5:CEEAD5700590C5DB2D5280EBD6F6F1E8 | SHA256:3FCB3958D5C6A04C16B010A056BC0798EC4E1A4705CDC1E974D70BA2FB5C1C59 | |||
3292 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3292.21331\Xans Injector\bolt.user.dll | executable | |
MD5:7AAC772907C2ADBF137FFF4D599014C0 | SHA256:628C6F87C3DE09F59AE0FA116F33B76E13C98B98D49F598828713604EFAD70B3 | |||
3292 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3292.21331\Xans Injector\Assembly-UnityScript.dll | executable | |
MD5:FB5C5DEBB22030075A49B6C2CEACEE0E | SHA256:56D95D106AC64377BE02C55B0999CF9BCA2A627560F8FC97C6E4862CC7761071 | |||
3292 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3292.21331\Xans Injector\Mono.Posix.dll | executable | |
MD5:80ED30C87B1C7AFFCCD767AB27B692C3 | SHA256:0220B03FF54B4840F8EE0202EB49B9C81AA62C29310B47210B21A2BDC171BFA6 | |||
3292 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3292.21331\Xans Injector\Boo.Lang.dll | executable | |
MD5:35F8102E37D05D1797F11649EFF8C6FB | SHA256:D9DE23E053C1889BA9CDA3BA3708B8CA1286C0DCAF29B50F719ACF0D4B15582F | |||
3292 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3292.21331\Xans Injector\Assembly-CSharp-firstpass.dll | executable | |
MD5:9ED1FDEC5ABF867949E674DC64D9DF46 | SHA256:D73D755757F508BF3EA33432368FEA924F507C4E139B70342A2510E55C0EBDF4 | |||
3292 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3292.21331\Xans Injector\bolt.dll | executable | |
MD5:C27F1E54895DB80C1C8D0F16FBED22E9 | SHA256:D2B93E9FC2E2C48F159B736EAC62CF51453E4CD28866536A55EA0FEABA0B42EC | |||
3292 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3292.21331\Xans Injector\AmplifyOcclusion.dll | executable | |
MD5:533F35098C7ECCDC859ED5E520042ECA | SHA256:DB299FEF58132D7579F2BD84908DE6E0BA7D5B840E72B2B0C9751531D4B75E8C |