File name: | sdbot.zip |
Full analysis: | https://app.any.run/tasks/d20062a9-2123-4cd7-8627-229981605be6 |
Verdict: | Malicious activity |
Analysis date: | December 06, 2019, 13:37:31 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | D8B049CF825052736B5EB2AE7E951FFE |
SHA1: | 667EFD3EB497AB2B3EEFF9E5F6C593EB9349E81D |
SHA256: | 41F2F04B55F86FDE68AB09F3B9594240194F2157E12848C7F5A25055E8C5B7E3 |
SSDEEP: | 1536:QPxUVf7ECnFQ8V2u/QR+0HvypH1wpERWIWQvZqZ8UR:QJsVFQ8ou4+GaypEMIrqZHR |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | 99c76d377e1e37f04f749034f2c2a6f33cb785adee76ac44edb4156b5cbbaa9a |
---|---|
ZipUncompressedSize: | 82432 |
ZipCompressedSize: | 59313 |
ZipCRC: | 0x1bb2d06f |
ZipModifyDate: | 1980:00:00 00:00:00 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0009 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2692 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\sdbot.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3352 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
352 | C:\Windows\Explorer.EXE | C:\Windows\explorer.exe | — | — |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
864 | C:\Windows\system32\svchost.exe -k netsvcs | C:\Windows\System32\svchost.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Host Process for Windows Services Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
864 | svchost.exe | C:\Windows\appcompat\programs\RecentFileCache.bcf | txt | |
MD5:74DC25C12CA59FB0F9AF8FC1CA3A1318 | SHA256:3FCC863F670408EA1D3D7A80421994FF39F92FBC25FF1586523ECB2B4DE05206 | |||
352 | explorer.exe | C:\Users\admin\Desktop\d.exe | executable | |
MD5:64D3CC1E49273D3356AF736922C89DFA | SHA256:99C76D377E1E37F04F749034F2C2A6F33CB785ADEE76AC44EDB4156B5CBBAA9A | |||
2692 | WinRAR.exe | C:\Users\admin\Desktop\99c76d377e1e37f04f749034f2c2a6f33cb785adee76ac44edb4156b5cbbaa9a | executable | |
MD5:64D3CC1E49273D3356AF736922C89DFA | SHA256:99C76D377E1E37F04F749034F2C2A6F33CB785ADEE76AC44EDB4156B5CBBAA9A |