File name: | a5661e831abc2363809297cdb03b78878dd34e0dd6ed8f97889c3217800ee4a0.bin.gz |
Full analysis: | https://app.any.run/tasks/4d688c6c-6944-4bb0-8397-4bf89640c967 |
Verdict: | Malicious activity |
Analysis date: | July 17, 2019, 09:25:52 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/gzip |
File info: | gzip compressed data, max compression, from Unix |
MD5: | 5EEA5FABF76A530F312707A366279AE5 |
SHA1: | 5FCA1ED8E1C011D77C2C5727D6B456B0D30FF67C |
SHA256: | 3E68B6BA847447B908572C81CBD53A1BB6BB665F5DF0CB88325697D17B7A75D8 |
SSDEEP: | 6144:gMOhDqaB9/OMC7PUIRwD2EXiZ/3Kka4aW3ig/vL7fTopjK0yCePQgRWr1hU7rMBO:DaX/OSyESZ/6ka03L7fTqTgw1hQMBIxr |
.z/gz/gzip | | | GZipped data (100) |
---|
Compression: | Deflated |
---|---|
Flags: | (none) |
ModifyDate: | 0000:00:00 00:00:00 |
ExtraFlags: | Maximum Compression |
OperatingSystem: | Unix |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3548 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\a5661e831abc2363809297cdb03b78878dd34e0dd6ed8f97889c3217800ee4a0.bin.gz.z" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2800 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\a5661e831abc2363809297cdb03b78878dd34e0dd6ed8f97889c3217800ee4a0.bin.ace" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2740 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2800.9697\TNT invoice.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2800.9697\TNT invoice.exe | WinRAR.exe | |
User: admin Company: CollapseVERTEBRARIA Integrity Level: MEDIUM Description: CollapseLORISIFORM Exit code: 0 Version: 8.02.0009 | ||||
3892 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\subfolder\filename.vbs" | C:\Windows\System32\WScript.exe | TNT invoice.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
2300 | "C:\Users\admin\subfolder\filename.exe" | C:\Users\admin\subfolder\filename.exe | — | TNT invoice.exe |
User: admin Company: CollapseVERTEBRARIA Integrity Level: MEDIUM Description: CollapseLORISIFORM Exit code: 0 Version: 8.02.0009 | ||||
632 | C:\Users\admin\subfolder\filename.exe" | C:\Users\admin\subfolder\filename.exe | — | filename.exe |
User: admin Company: CollapseVERTEBRARIA Integrity Level: MEDIUM Description: CollapseLORISIFORM Version: 8.02.0009 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3548 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3548.8181\a5661e831abc2363809297cdb03b78878dd34e0dd6ed8f97889c3217800ee4a0.bin.gz | compressed | |
MD5:58377D9C803AAB3FE55ADF09981244A3 | SHA256:A5661E831ABC2363809297CDB03B78878DD34E0DD6ED8F97889C3217800EE4A0 | |||
2740 | TNT invoice.exe | C:\Users\admin\subfolder\filename.exe | executable | |
MD5:F3B27B2E08F5C44CE3520F33F07D7B6D | SHA256:E4AFCA527D24EDEAEA3A8565CA6C37F0AA3DFAB112D2C9000CD32A8CF12D2E06 | |||
2740 | TNT invoice.exe | C:\Users\admin\AppData\Local\Temp\~DF08FC2030A4FABEE4.TMP | binary | |
MD5:9547E7D8CCCA92A4B2027780BB8EC67D | SHA256:7A5DE12164E9EC7D669DD7F55E517E56013D8ACF04651E84A1C0CA854E3DAF3E | |||
2800 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2800.9697\TNT invoice.exe | executable | |
MD5:F3B27B2E08F5C44CE3520F33F07D7B6D | SHA256:E4AFCA527D24EDEAEA3A8565CA6C37F0AA3DFAB112D2C9000CD32A8CF12D2E06 | |||
2740 | TNT invoice.exe | C:\Users\admin\subfolder\filename.vbs | text | |
MD5:28CCC5014300EF75E2038CDBDCB1F0C8 | SHA256:5C43264EAE271C2309DD1399B2AD54239C86305C92AA1A7C6610E46648A11EC7 | |||
2300 | filename.exe | C:\Users\admin\AppData\Local\Temp\~DFBB7B631D4EC40D50.TMP | binary | |
MD5:9547E7D8CCCA92A4B2027780BB8EC67D | SHA256:7A5DE12164E9EC7D669DD7F55E517E56013D8ACF04651E84A1C0CA854E3DAF3E |