File name: | 6434609915953152.zip |
Full analysis: | https://app.any.run/tasks/fa05e7a4-903d-4c3f-bf17-fd25ad8a4f38 |
Verdict: | Malicious activity |
Analysis date: | September 18, 2019, 17:34:43 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 1A7C38D22B45C406EE4CC98A2FB804CE |
SHA1: | EFEE59D78B9D77E887F57D80F8BC7A45481E1D11 |
SHA256: | 467E4AE995D24C0F1C8651E1F5A8711A0E8D6CFAEA8CE30A8AEA4BC2ACFA66AD |
SSDEEP: | 49152:/Fwd0PV6L4KkT4he1ipCyhYC/oarhN3vvuIYhdVsokkfs/2N4Mm:/Fwd0PV6fYlipCVNazv2LHVsakYPm |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | 0x0009 |
ZipCompression: | Unknown (99) |
ZipModifyDate: | 1980:00:00 00:00:00 |
ZipCRC: | 0x00000000 |
ZipCompressedSize: | 2102996 |
ZipUncompressedSize: | 2128406 |
ZipFileName: | 568ea5f11aadcc9f92cdcc2b436bdade883e91d3a03a9fa297ea44e641254bf3 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3752 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\6434609915953152.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3616 | "C:\Users\admin\Desktop\Collection of bill.exe" | C:\Users\admin\Desktop\Collection of bill.exe | — | explorer.exe |
User: admin Company: Integrity Level: MEDIUM Description: Gopan Setup Exit code: 0 Version: | ||||
3068 | "C:\Users\admin\Desktop\Collection of bill.exe" /RSF /ppn:YyhwYgxaFRAiP211FM5W /mnl | C:\Users\admin\Desktop\Collection of bill.exe | Collection of bill.exe | |
User: admin Company: Integrity Level: HIGH Description: Gopan Setup Exit code: 4294967206 Version: | ||||
3896 | "C:\Users\admin\Desktop\Collection of bill.exe" /RSF /ppn:YyhwYgxaFRAiP211FM5W /_ShowProgress /mnl | C:\Users\admin\Desktop\Collection of bill.exe | — | Collection of bill.exe |
User: admin Company: Integrity Level: HIGH Description: Gopan Setup Exit code: 259 Version: |
PID | Process | Filename | Type | |
---|---|---|---|---|
3068 | Collection of bill.exe | C:\Users\admin\AppData\Local\Temp\001727BC.log | — | |
MD5:— | SHA256:— | |||
3752 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3752.11327\568ea5f11aadcc9f92cdcc2b436bdade883e91d3a03a9fa297ea44e641254bf3 | executable | |
MD5:142ABD621FF6DBA4D6E27F55303E3309 | SHA256:568EA5F11AADCC9F92CDCC2B436BDADE883E91D3A03A9FA297EA44E641254BF3 | |||
3068 | Collection of bill.exe | C:\Users\admin\AppData\Local\Temp\inH151750024310\css\main.scss | text | |
MD5:A85DEB7E401725C73E02464106F6501F | SHA256:3B5A044EF2BFF26A7D09AF66A3B8E102CF669BEDEEE65C127B46C4DC21EC344D | |||
3068 | Collection of bill.exe | C:\Users\admin\AppData\Local\Temp\inH151750024310\css\_functions.scss | text | |
MD5:8F7259DE64F6DDF352BF461F44D34A81 | SHA256:80EDC9D67172BC830D68D33F4547735FB072CADF3EF25AAB37A10B50DB87A069 | |||
3068 | Collection of bill.exe | C:\Users\admin\AppData\Local\Temp\inH151750024310\css\ie6_main.scss | text | |
MD5:D10348D17ADF8A90670696728F54562D | SHA256:E8A3D15CF32009B01B9145B6E62FF6CAA9C2981F81CE063578C73C7ADFF08DFC | |||
3068 | Collection of bill.exe | C:\Users\admin\AppData\Local\Temp\inH151750024310\css\helpers\_border-radius.scss | text | |
MD5:6BDF3FD89410E39D33F8137E04AD4A16 | SHA256:2C6B98CB19C3E3A0E37472767C53DF213243AE92BC80EF9A7F5BAA17F7B6FA31 | |||
3068 | Collection of bill.exe | C:\Users\admin\AppData\Local\Temp\inH151750024310\css\helpers\_backgrounds.scss | text | |
MD5:6092A3768F84CFBC6E5C52301F5B63EA | SHA256:8A22A3285F3C7D82AA1A4273BDD62729DA241723507C1ECD5D2FD0A24C12E23B | |||
3068 | Collection of bill.exe | C:\Users\admin\AppData\Local\Temp\inH151750024310\css\helpers\_float.scss | text | |
MD5:BC5EB91B59A99E0FC439E02F80319975 | SHA256:EAF9D36E3E75177E64090AC71C6FCF9BB6465CD21F5C0A5CCB05666033609DA8 | |||
3068 | Collection of bill.exe | C:\Users\admin\AppData\Local\Temp\inH151750024310\form.bmp.Mask | binary | |
MD5:D2FC989F9C2043CD32332EC0FAD69C70 | SHA256:27DD029405CBFB0C3BF8BAC517BE5DB9AA83E981B1DC2BD5C5D6C549FA514101 | |||
3068 | Collection of bill.exe | C:\Users\admin\AppData\Local\Temp\inH151750024310\css\_variables.scss | text | |
MD5:07922410C30F0117CBC3C140F14AEA88 | SHA256:AF1999B49C03F5DCBB19466466FAC2D8172C684C0FF18931B85A8D0A06332C73 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3068 | Collection of bill.exe | POST | 200 | 52.30.49.225:80 | http://support.sihosophir.com/ | IE | — | — | malicious |
3068 | Collection of bill.exe | POST | 200 | 52.30.49.225:80 | http://support.sihosophir.com/ | IE | — | — | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3068 | Collection of bill.exe | 52.30.49.225:80 | support.sihosophir.com | Amazon.com, Inc. | IE | malicious |
Domain | IP | Reputation |
---|---|---|
support.sihosophir.com |
| malicious |
PID | Process | Class | Message |
---|---|---|---|
3068 | Collection of bill.exe | Misc activity | ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M1 |
3068 | Collection of bill.exe | Misc activity | ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M2 |