File name: | Antivirus Platinum.zip |
Full analysis: | https://app.any.run/tasks/d93ba477-8d03-4756-938b-8d4d8969562b |
Verdict: | Malicious activity |
Analysis date: | July 12, 2020, 11:42:26 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | FF84853A0F564152BD0B98D3FA63E695 |
SHA1: | 47D628D279DE8A0D47534F93FA5B046BB7F4C991 |
SHA256: | 3AAA9E8EA7C213575FD3AC4EC004629B4EDE0DE06E243F6AAD3CF2403E65D3F2 |
SSDEEP: | 12288:pKAT6gPoHT7CzZy7fmzVyaF3zA0mKz8doC3m/LuXCC32H+REYWzTdjhoMlX1Q4QM:2gPoHT7CtEfwyaFDAjKz8Bm/LYC+3uYi |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | 0x0001 |
ZipCompression: | Deflated |
ZipModifyDate: | 2010:01:30 10:06:03 |
ZipCRC: | 0x2888ddb9 |
ZipCompressedSize: | 716234 |
ZipUncompressedSize: | 757637 |
ZipFileName: | [email protected] |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1852 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Antivirus Platinum.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe | |||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 Modules
| |||||||||||||||
3360 | "C:\Users\admin\Desktop\[email protected]" | C:\Users\admin\Desktop\[email protected] | — | explorer.exe | |||||||||||
User: admin Integrity Level: MEDIUM Exit code: 0 Modules
| |||||||||||||||
2876 | "C:\Users\admin\Desktop\[email protected]" -el -s2 "-dC:\WINDOWS" "-p" "-sp" | C:\Users\admin\Desktop\[email protected] | [email protected] | ||||||||||||
User: admin Integrity Level: HIGH Exit code: 0 Modules
| |||||||||||||||
1748 | "C:\WINDOWS\302746537.exe" | C:\WINDOWS\302746537.exe | — | [email protected] | |||||||||||
User: admin Integrity Level: HIGH Exit code: 0 Modules
| |||||||||||||||
680 | cmd /c ""C:\Users\admin\AppData\Local\Temp\7EC.tmp\302746537.bat" " | C:\Windows\system32\cmd.exe | — | 302746537.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
2176 | regsvr32 /s c:\windows\comctl32.ocx | C:\Windows\system32\regsvr32.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft(C) Register Server Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
3788 | regsvr32 /s c:\windows\mscomctl.ocx | C:\Windows\system32\regsvr32.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft(C) Register Server Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
956 | c:\windows\antivirus-platinum.exe | c:\windows\antivirus-platinum.exe | — | cmd.exe | |||||||||||
User: admin Company: BKHN Integrity Level: HIGH Exit code: 0 Version: 1.00 Modules
| |||||||||||||||
2584 | attrib +h c:\windows\antivirus-platinum.exe | C:\Windows\system32\attrib.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Attribute Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
1004 | "C:\Program Files\Google\Chrome\Application\chrome.exe" | C:\Program Files\Google\Chrome\Application\chrome.exe | explorer.exe | ||||||||||||
User: admin Company: Google LLC Integrity Level: MEDIUM Description: Google Chrome Exit code: 3221225547 Version: 75.0.3770.100 Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
1852 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb1852.49919\[email protected] | — | |
MD5:— | SHA256:— | |||
1004 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5F0AF771-3EC.pma | — | |
MD5:— | SHA256:— | |||
1004 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\95143aa7-1fd5-44b0-b020-188e03cd1be7.tmp | — | |
MD5:— | SHA256:— | |||
2876 | [email protected] | C:\Users\admin\Desktop\AntiVirus Platinum.lnk | lnk | |
MD5:136081BAEC1BC929FA50E8B982CC7D0C | SHA256:5388A70D47DA0126082761CD3ACDE35528E29994321399CA00415D28169AEE47 | |||
1004 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000028.dbtmp | — | |
MD5:— | SHA256:— | |||
1004 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old | text | |
MD5:DA692BE42E4EF2668AE7499A7D5DA720 | SHA256:EB865CAF59002C092F5FDBE22D01935866BC1277108B29E897052CB2439630ED | |||
1004 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.old | text | |
MD5:F69C20D5B552B8D973FB1CBA5FDD7D87 | SHA256:48799968D50E2D74E625A0AB18E93C6792AF20010334C6BB4E935C8D26F7026A | |||
1004 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old | text | |
MD5:AC43135B8C9FED46A92448C4E711F45C | SHA256:D840BA7CEBACF86DDBAD75BFB61A53449AA7AE3DE6B8ADC97FE45624626A6F09 | |||
1004 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old | — | |
MD5:— | SHA256:— | |||
1004 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Last Version | text | |
MD5:1A89A1BEBE6C843C4FF582E7ED33CA1F | SHA256:65099CA087B66AA8CA420AB121DAAD713E1DB5A61C5A574D9B1C0DF24F012520 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2876 | iexplore.exe | GET | 301 | 104.17.119.40:80 | http://secureservices2010.webs.com/update/update.txt | US | — | — | malicious |
2876 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 471 b | whitelisted |
2876 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2Fz5hY5qj0aEmX0H4s05bY%3D | US | der | 1.47 Kb | whitelisted |
2876 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQrBBNpPfHTPX6Jy6BVzyBPnBWMnQQUPnQtH89FdQR%2BP8Cihz5MQ4NRE8YCEA4Gpe7b9YPekM6FHtCr%2BMk%3D | US | der | 278 b | whitelisted |
2876 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQrBBNpPfHTPX6Jy6BVzyBPnBWMnQQUPnQtH89FdQR%2BP8Cihz5MQ4NRE8YCEAXoVMFsORfvvHup8VBgwtU%3D | US | der | 278 b | whitelisted |
2248 | chrome.exe | GET | 302 | 172.217.18.14:80 | http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvY2Y1QUFXUjZlVjI5UldyLVpDTFJFcEx6QQ/7719.805.0.2_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx | US | html | 523 b | whitelisted |
2248 | chrome.exe | GET | 200 | 172.217.132.8:80 | http://r3---sn-5hne6nsd.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvY2Y1QUFXUjZlVjI5UldyLVpDTFJFcEx6QQ/7719.805.0.2_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mh=Nf&mip=45.86.201.12&mm=28&mn=sn-5hne6nsd&ms=nvh&mt=1594553536&mv=u&mvi=3&pl=27&shardbypass=yes | US | crx | 823 Kb | whitelisted |
2876 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D | US | der | 471 b | whitelisted |
2876 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.sectigo.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRDC9IOTxN6GmyRjyTl2n4yTUczyAQUjYxexFStiuF36Zv5mwXhuAGNYeECEQC5UUQDFilM79r2jgo50n2A | US | der | 472 b | whitelisted |
2248 | chrome.exe | GET | 200 | 209.85.226.73:80 | http://r4---sn-5hnekn7k.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&mh=QJ&mip=45.86.201.12&mm=28&mn=sn-5hnekn7k&ms=nvh&mt=1594553536&mv=u&mvi=4&pl=27&shardbypass=yes | US | crx | 293 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2248 | chrome.exe | 172.217.18.99:443 | www.google.com.ua | Google Inc. | US | whitelisted |
2248 | chrome.exe | 172.217.22.99:443 | www.gstatic.com | Google Inc. | US | whitelisted |
2248 | chrome.exe | 172.217.23.142:443 | ogs.google.com.ua | Google Inc. | US | whitelisted |
2248 | chrome.exe | 216.58.205.227:443 | clientservices.googleapis.com | Google Inc. | US | whitelisted |
2248 | chrome.exe | 216.58.212.138:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
2248 | chrome.exe | 172.217.23.110:443 | apis.google.com | Google Inc. | US | whitelisted |
2248 | chrome.exe | 172.217.18.13:443 | accounts.google.com | Google Inc. | US | whitelisted |
2248 | chrome.exe | 216.58.207.67:443 | fonts.gstatic.com | Google Inc. | US | whitelisted |
2248 | chrome.exe | 172.217.22.3:443 | www.google.nl | Google Inc. | US | whitelisted |
2248 | chrome.exe | 172.217.21.227:443 | ssl.gstatic.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
clientservices.googleapis.com |
| whitelisted |
accounts.google.com |
| shared |
www.google.com.ua |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
apis.google.com |
| whitelisted |
ogs.google.com.ua |
| whitelisted |
www.google.com |
| whitelisted |
www.google.nl |
| whitelisted |