File name: | Sliver V4.2.2 latest_fix.zip |
Full analysis: | https://app.any.run/tasks/793fad7b-2696-49a2-b430-1cc12ed47eff |
Verdict: | Malicious activity |
Analysis date: | July 12, 2020, 15:56:28 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 1C53DA1C484A946145743A49D9E6A3FF |
SHA1: | 1DBFBAED2048FE2E03237851A96E99C78E96A131 |
SHA256: | 45C1089EB56FBCFFC97F4B0CC48E0BB5BFF7DED39722D4246211A6B200B289C2 |
SSDEEP: | 393216:pyHOwaNLsA3uK9Fsw8bK5O2i0dDB0p4hxjX/IK8pbVsyyXH:IOTFsOFsw8bsO50dqwAvbhAH |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | Sliver V4.2.2 latest_fix/ |
---|---|
ZipUncompressedSize: | - |
ZipCompressedSize: | - |
ZipCRC: | 0x00000000 |
ZipModifyDate: | 2020:06:29 17:57:17 |
ZipCompression: | None |
ZipBitFlag: | - |
ZipRequiredVersion: | 788 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1820 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\Sliver V4.2.2 latest_fix.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3528 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
3940 | "C:\Users\admin\Desktop\Sliver V4.2.2 latest_fix\Sliver v4.2.4.exe" | C:\Users\admin\Desktop\Sliver V4.2.2 latest_fix\Sliver v4.2.4.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Description: PasscodeBypass Exit code: 1 Version: 1.0.0.0 | ||||
2928 | "C:\Users\admin\Desktop\Sliver V4.2.2 latest_fix\Sliver v4.2.4.exe" | C:\Users\admin\Desktop\Sliver V4.2.2 latest_fix\Sliver v4.2.4.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Description: PasscodeBypass Exit code: 1 Version: 1.0.0.0 | ||||
2108 | "C:\Users\admin\Desktop\Sliver V4.2.2 latest_fix\Sliver v4.2.4.exe" | C:\Users\admin\Desktop\Sliver V4.2.2 latest_fix\Sliver v4.2.4.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Description: PasscodeBypass Version: 1.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1820 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1820.24676\Sliver V4.2.2 latest_fix\ref\.irecovery | text | |
MD5:31343081B6DC94A41E722FEFE9CA2749 | SHA256:6D439CDBA4D9DD417D8560B4D29116CCB853C1BC5AE4625FA31074234FED56C5 | |||
1820 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1820.24676\Sliver V4.2.2 latest_fix\ref\bypass1 | binary | |
MD5:5CE3835FAB09AFB952F9FBBD3347C178 | SHA256:F13C6301B8EEFEFDD9C12A2FD81AB49D313FF60396C896EEE86A90456234D798 | |||
1820 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1820.24676\Sliver V4.2.2 latest_fix\Sliver v4.2.4.exe | executable | |
MD5:3C7208EF48259ED55D7D0D80F33E342D | SHA256:595AA0AAD51D69BC7C2721402A7D35439EF13E3B991023C8377887131C899805 | |||
1820 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1820.24676\Sliver V4.2.2 latest_fix\lsass.dll | executable | |
MD5:B434FA5B519C1770C260E1F49C0C4970 | SHA256:A0B9ABEEBBE2926AAC4AF4E02D77CD671AAFF1E4E013DAE23C9F5DAD29F8E6B7 | |||
1820 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1820.24676\Sliver V4.2.2 latest_fix\ref\getfb2.dll | binary | |
MD5:8109027E2E0DCA054DF8A64C0EA8505A | SHA256:6BB4BAD2CAFAAD5720ABBF3C33407D0E2C253E559CAFB9DB0B3117EECA013284 | |||
1820 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1820.24676\Sliver V4.2.2 latest_fix\ref\PasscodeBypass.exe | executable | |
MD5:A1777F8FD925954A4B769B9F506ADC87 | SHA256:A54023B3FE3C5B7EE394E29D1F4F8EF865566D8D158E4D53E509CE4BC01957AF | |||
1820 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1820.24676\Sliver V4.2.2 latest_fix\ref\dmm.dll | text | |
MD5:1D230A5F233F232A9763E3593998BED2 | SHA256:2C1F5583EE872D69D2393F0B1379E6AF524FCA9B2A66D2E3585CBBB80ADE7E6C | |||
1820 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1820.24676\Sliver V4.2.2 latest_fix\ref\System.dll | executable | |
MD5:1E66B7DC9039741F7082D5B63B24D714 | SHA256:74E07A6BD6743833C1EEF7642178FA07EDB9D8D0FB7D5BB17CF0423075AC8E30 | |||
1820 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1820.24676\Sliver V4.2.2 latest_fix\Renci.SshNet.dll | executable | |
MD5:327BE333F0AF86CFA55DA4FD1487F04B | SHA256:ABBCE9DD7AF75331D65996E6460952A1028C057F4747CA88B7CC1915AEBDE64E | |||
1820 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1820.24676\Sliver V4.2.2 latest_fix\ref\ideviceactivation.exe | executable | |
MD5:0C946132F17A9FFB2CF0177E02B86DA2 | SHA256:F7364987C4583E1E2FD548657E719C53483F488DB7D4AE87505E09FD3E537AD8 |