File name: | CCSK.zip |
Full analysis: | https://app.any.run/tasks/350b3540-daf8-43bd-b7a2-565d2d4274a5 |
Verdict: | Malicious activity |
Analysis date: | May 20, 2022, 16:07:16 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 24C31D6215087D34B85FD7E96E5ABD11 |
SHA1: | 83DA1CCC2E86A9F4E7B70FADA78A065802F1B2ED |
SHA256: | 3D54ABA572394717766FA716D5EFF3CEC8B899AE74BD709D54DCB16DC1D1D35B |
SSDEEP: | 49152:EQ0Ur1nOkf9k1kVpIlrlajOHHLUCq/ONsXwQOlXCcqq2bbhwUzcu3j:E5kOu9k+IrajOLUCLY0DqVwwz |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | Setup.exe |
---|---|
ZipUncompressedSize: | 2112512 |
ZipCompressedSize: | 1840089 |
ZipCRC: | 0xb5d4aee2 |
ZipModifyDate: | 2019:05:24 23:23:25 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2952 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\CCSK.zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | ||||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.91.0 Modules
| |||||||||||||||
752 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2952.074\Setup.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2952.074\Setup.exe | — | WinRAR.exe | |||||||||||
User: admin Company: Byte01 Solutions Integrity Level: MEDIUM Description: Setup Exit code: 3221226540 Version: 1.2.1905.2423 Modules
| |||||||||||||||
2224 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2952.074\Setup.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2952.074\Setup.exe | WinRAR.exe | ||||||||||||
User: admin Company: Byte01 Solutions Integrity Level: HIGH Description: Setup Exit code: 0 Version: 1.2.1905.2423 Modules
| |||||||||||||||
2616 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2952.169\Setup.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2952.169\Setup.exe | — | WinRAR.exe | |||||||||||
User: admin Company: Byte01 Solutions Integrity Level: MEDIUM Description: Setup Exit code: 3221226540 Version: 1.2.1905.2423 Modules
| |||||||||||||||
3812 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2952.169\Setup.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2952.169\Setup.exe | WinRAR.exe | ||||||||||||
User: admin Company: Byte01 Solutions Integrity Level: HIGH Description: Setup Exit code: 0 Version: 1.2.1905.2423 Modules
| |||||||||||||||
2188 | "C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch; | C:\Windows\SYSTEM32\WISPTIS.EXE | — | Setup.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Pen and Touch Input Component Exit code: 3221226540 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
2212 | "C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch; | C:\Windows\SYSTEM32\WISPTIS.EXE | — | Setup.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Pen and Touch Input Component Exit code: 3221226540 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
1332 | "C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch; | C:\Windows\SYSTEM32\WISPTIS.EXE | — | Setup.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Pen and Touch Input Component Exit code: 24 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
2988 | "C:\Windows\SYSTEM32\WISPTIS.EXE" /ManualLaunch; | C:\Windows\SYSTEM32\WISPTIS.EXE | — | Setup.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Pen and Touch Input Component Exit code: 23 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
4068 | "C:\Windows\system32\taskmgr.exe" /4 | C:\Windows\system32\taskmgr.exe | — | Explorer.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Task Manager Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3812 | Setup.exe | C:\ProgramData\study4exam\Exams\CCSK.exm | compressed | |
MD5:812502F734D8E6182D5AF0577478BDCF | SHA256:726A1D5B8050EBE184A37394BC8F811CF54211DCF4835EE5EE105CFAC1AF0F48 | |||
2224 | Setup.exe | C:\ProgramData\study4exam\Logs\Setup20220520_001.log | text | |
MD5:BE9D8283B43DCD4599568881076E36B8 | SHA256:2AC5D1FACCB434F1370E776110F8FA1C506D8595388C5A2F7A79FE471F04CFB1 | |||
3812 | Setup.exe | C:\Program Files\study4exam\study4exam.ico | image | |
MD5:2CD564C46580D36A17F9C10D29423A39 | SHA256:D4798F7C92ADCD4E7FAF1F51272D91A8CC66CF735297E474CBA08E952E538291 | |||
2952 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2952.074\manifest.mnx | fli | |
MD5:BD5E6F4692C134247EABB99AC05CCE93 | SHA256:4B18A66E1E9B8D03CDFF4E0CA359A6D34E2B283420B9461EB5F2B9DB3394C2E0 | |||
2952 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2952.169\manifest.mnx | fli | |
MD5:BD5E6F4692C134247EABB99AC05CCE93 | SHA256:4B18A66E1E9B8D03CDFF4E0CA359A6D34E2B283420B9461EB5F2B9DB3394C2E0 | |||
3812 | Setup.exe | C:\Program Files\study4exam\manifest.mnx | fli | |
MD5:BD5E6F4692C134247EABB99AC05CCE93 | SHA256:4B18A66E1E9B8D03CDFF4E0CA359A6D34E2B283420B9461EB5F2B9DB3394C2E0 | |||
2224 | Setup.exe | C:\ProgramData\study4exam\Logs\Setup20220520.log | text | |
MD5:D115D7F49EA888BA2BE01A35325521B9 | SHA256:F61DE7AB6B86405DC622F1A0C18744EFA3FD5358E70EB9970E3E9AC5CA393457 | |||
3812 | Setup.exe | C:\Users\admin\Desktop\study4exam.lnk | lnk | |
MD5:76611DA010376FE5074264A7A0086CB8 | SHA256:4419FAA8F537E64CAB2F7DDA22CFF1BF55EC55421ECD864B53C33C3749988B22 | |||
3812 | Setup.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\study4exam.lnk | lnk | |
MD5:ECE46F3A191F6467A230DB1525583A3B | SHA256:50BDE13512BA8E30AC1DB4DB7DF6FD164B92D0C6B03671A42C1615EAC5BC72A8 | |||
3812 | Setup.exe | C:\Users\admin\AppData\Local\Temp\tmpBE90.tmp | compressed | |
MD5:812502F734D8E6182D5AF0577478BDCF | SHA256:726A1D5B8050EBE184A37394BC8F811CF54211DCF4835EE5EE105CFAC1AF0F48 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2224 | Setup.exe | 78.157.192.94:443 | www.practice4exam.com | UK Dedicated Servers Limited | GB | unknown |
3812 | Setup.exe | 78.157.192.94:443 | www.practice4exam.com | UK Dedicated Servers Limited | GB | unknown |
Domain | IP | Reputation |
---|---|---|
www.practice4exam.com |
| whitelisted |
dns.msftncsi.com |
| shared |