File name: | 390bc5ab17ae826d772db6fc45257680985373137274f88963b1b5189966afab.scr |
Full analysis: | https://app.any.run/tasks/b8ad570e-b94f-4012-9b3c-3672719d78da |
Verdict: | Malicious activity |
Analysis date: | November 15, 2018, 07:46:13 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32 |
MD5: | 371DDE8F6DC657247CD5C59C616324B9 |
SHA1: | B2B4210D3196A52DFC5512DAFB497099C93985B4 |
SHA256: | 390BC5AB17AE826D772DB6FC45257680985373137274F88963B1B5189966AFAB |
SSDEEP: | 3072:+J31D8QhMhjjtLzgTOEjP2D+iqQ7P3Z5etpzpgpV94j1peFPRygST0N92X0xDkh4:+J3SIU/WOGP3fQD/26X4JpsMgS5h5HL+ |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
ArchivedFileName: | Data4Sms.scr |
---|---|
PackingMethod: | Normal |
ModifyDate: | 2018:11:14 10:45:22 |
OperatingSystem: | Win32 |
UncompressedSize: | 241152 |
CompressedSize: | 226742 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3208 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\390bc5ab17ae826d772db6fc45257680985373137274f88963b1b5189966afab.scr.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3384 | "C:\Users\admin\AppData\Local\Temp\Rar$DIa3208.301\Data4Sms.scr" /S | C:\Users\admin\AppData\Local\Temp\Rar$DIa3208.301\Data4Sms.scr | WinRAR.exe | |
User: admin Integrity Level: MEDIUM Description: BleIndexer Version: 1.0.0.0 | ||||
2780 | "C:\Users\admin\AppData\Local\Temp\Rar$DIa3208.301\Data4Sms.scr" | C:\Users\admin\AppData\Local\Temp\Rar$DIa3208.301\Data4Sms.scr | Data4Sms.scr | |
User: admin Integrity Level: MEDIUM Description: BleIndexer Version: 1.0.0.0 | ||||
2588 | "C:\Users\admin\AppData\Local\Temp\Rar$DIa3208.13319\Data4Sms.scr" /S | C:\Users\admin\AppData\Local\Temp\Rar$DIa3208.13319\Data4Sms.scr | — | WinRAR.exe |
User: admin Integrity Level: MEDIUM Description: BleIndexer Exit code: 4294967295 Version: 1.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3208 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa3208.13319\Data4Sms.scr | executable | |
MD5:3092E249C2AA7ECAACFAFB69BAAF019A | SHA256:F49693FF4450483AC2902E0832EAA2C5A9C06DC4E3DCC97C0B5BF5FD15710291 | |||
3208 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa3208.301\Data4Sms.scr | executable | |
MD5:3092E249C2AA7ECAACFAFB69BAAF019A | SHA256:F49693FF4450483AC2902E0832EAA2C5A9C06DC4E3DCC97C0B5BF5FD15710291 | |||
3384 | Data4Sms.scr | C:\Users\admin\AppData\Roaming\6ET1QpFY4q8H433K\LKcw0ul08VAd.exe | executable | |
MD5:3092E249C2AA7ECAACFAFB69BAAF019A | SHA256:F49693FF4450483AC2902E0832EAA2C5A9C06DC4E3DCC97C0B5BF5FD15710291 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2780 | Data4Sms.scr | 185.125.205.94:1604 | info1.duckdns.org | — | DE | malicious |
Domain | IP | Reputation |
---|---|---|
info1.duckdns.org |
| malicious |
PID | Process | Class | Message |
---|---|---|---|
— | — | Misc activity | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain |
— | — | Misc activity | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain |
— | — | Misc activity | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain |