File name: | NEW MULTITOOL.rar |
Full analysis: | https://app.any.run/tasks/55c15018-d393-486e-bc1e-6692c7688378 |
Verdict: | Malicious activity |
Analysis date: | August 08, 2020, 18:42:03 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 5E7DC6833B224937516CA2C8BF4FA7BC |
SHA1: | 9FE86590FFECD2C565DD531A8011F27103BDBAAE |
SHA256: | 3BC57CFD9160F44F5C0DA3813A6591083569DCA7A8632C0ED699F14FACC5BF08 |
SSDEEP: | 196608:ZmooVD/sFC/m3njVWvezX/fFsmxHDwDmfeGqVd/1Cs/XQ:6VD/sF/3zv9lxHMK2l38aA |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2688 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\NEW MULTITOOL.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
1496 | "C:\Users\admin\Desktop\MultiTool.exe" | C:\Users\admin\Desktop\MultiTool.exe | explorer.exe | |
User: admin Integrity Level: HIGH | ||||
2092 | "C:\Users\admin\Desktop\MultiTool.exe" | C:\Users\admin\Desktop\MultiTool.exe | MultiTool.exe | |
User: admin Integrity Level: HIGH | ||||
2508 | C:\Windows\system32\cmd.exe /c cls | C:\Windows\system32\cmd.exe | — | MultiTool.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1496 | MultiTool.exe | C:\Users\admin\AppData\Local\Temp\_MEI14962\Main.exe.manifest | xml | |
MD5:69ED167046FB52C0C1EE06B632050E51 | SHA256:5975EA9D4A5A359E33D1D6E6C0698E74F101B4BE2AEDF41C3624C8EFC508C939 | |||
2688 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2688.49316\MultiTool.exe | executable | |
MD5:3B3322B19213FA88B502E4B8B41C14E8 | SHA256:1A67771BE99549B76EAC909B3659C005204B604EAE660987A8BADA466E5AF626 | |||
1496 | MultiTool.exe | C:\Users\admin\AppData\Local\Temp\_MEI14962\_hashlib.pyd | executable | |
MD5:F9799B167C3E4FFEE4629B4A4E2606F2 | SHA256:02DD924D4EBFBB8B5B0B66B6E6BB2388FCCDAD64D0493854A5443018AD5D1543 | |||
1496 | MultiTool.exe | C:\Users\admin\AppData\Local\Temp\_MEI14962\_testcapi.pyd | executable | |
MD5:58B6D54036BB03B606A11EA1A4FE376B | SHA256:03F67F5AE47EB4AF1C6DE599AFA9640E6B77BEB0A71CFF79223D07BA63E94D2F | |||
1496 | MultiTool.exe | C:\Users\admin\AppData\Local\Temp\_MEI14962\_bz2.pyd | executable | |
MD5:2002B2CC8F20AC05DE6DE7772E18F6A7 | SHA256:645665CF3338E7665E314F53FBBCB3C5D9174E90F3BF65DDBDC9C0CB24A5D40D | |||
1496 | MultiTool.exe | C:\Users\admin\AppData\Local\Temp\_MEI14962\_ctypes.pyd | executable | |
MD5:C827A20FC5F1F4E0EF9431F29EBF03B4 | SHA256:D500CFF28678ECED1FC4B3AEABECC0F3B30DE735FDEFE90855536BC29FC2CB4D | |||
1496 | MultiTool.exe | C:\Users\admin\AppData\Local\Temp\_MEI14962\_multiprocessing.pyd | executable | |
MD5:7D3306BA4645463CB0D4C34C77B2BDF2 | SHA256:3A183E0F6A31507C3B0ACBCAE5D6C3D843C590BB370DE5382E2DF9CFC2CB156E | |||
1496 | MultiTool.exe | C:\Users\admin\AppData\Local\Temp\_MEI14962\_sqlite3.pyd | executable | |
MD5:49848CA2C6ED629A5FA24ABAB96E5EC9 | SHA256:C222806D471A71D0FD804162E5DA3DC607973367819453C20119A5742EFF5113 | |||
1496 | MultiTool.exe | C:\Users\admin\AppData\Local\Temp\_MEI14962\_decimal.pyd | executable | |
MD5:5CDA820A4E1427EAB472A05398B7BA36 | SHA256:49D4DCD257138718CC3F8D8BB445F8C9212CDA73B06CF70F3D706102042680BC | |||
1496 | MultiTool.exe | C:\Users\admin\AppData\Local\Temp\_MEI14962\_elementtree.pyd | executable | |
MD5:FA9381D1851DA8B8F61547013D8CC81E | SHA256:12147B8D57C9C4740D4AC23615F75FC62A2F41379B2BA0E159B9838819B1700A |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2092 | MultiTool.exe | 54.235.182.194:443 | api.ipify.org | Amazon.com, Inc. | US | suspicious |
Domain | IP | Reputation |
---|---|---|
api.ipify.org |
| shared |
PID | Process | Class | Message |
---|---|---|---|
2092 | MultiTool.exe | Misc activity | SUSPICIOUS [PTsecurity] ipify.org External IP Check |
2092 | MultiTool.exe | Misc activity | SUSPICIOUS [PTsecurity] ipify.org External IP Check |