download: | Shoot-the-blacks.zip |
Full analysis: | https://app.any.run/tasks/df80a17b-fc2f-4058-937a-b16f4f7b8e28 |
Verdict: | Malicious activity |
Analysis date: | May 29, 2020, 23:28:07 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | C8B9A1BA6D850068A506D590E5F5CE18 |
SHA1: | 9AABC1BC45BD711E98204C6144CC5D0996E6E117 |
SHA256: | 468F4B48F6F1DADC34912BF2FD2EDD202A2EC20F27F7A282CB458A7F572036C8 |
SSDEEP: | 24576:btj/eMJWSpzgWwNZYq31zMudvU0+6GMv1JDXIUZdqqNwT4IwHSyZI9I6CD:x5kSpUgqlzldvU0+6GMv1JDXIUzqqNwO |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | Shoot the blacks/Area Alby.exe |
---|---|
ZipUncompressedSize: | 277770 |
ZipCompressedSize: | 133174 |
ZipCRC: | 0x3c3c53ff |
ZipModifyDate: | 2018:11:18 08:25:20 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2020 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\Shoot-the-blacks.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3848 | "C:\Users\admin\Desktop\Shoot the blacks\Area Alby.exe" | C:\Users\admin\Desktop\Shoot the blacks\Area Alby.exe | explorer.exe | |
User: admin Company: Europress Software Integrity Level: MEDIUM Description: The Games Factory Stand Alone Game Exit code: 0 Version: 1.00 | ||||
3712 | "C:\Users\admin\Desktop\Shoot the blacks\uninstal.exe" | C:\Users\admin\Desktop\Shoot the blacks\uninstal.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Exit code: 3221226540 | ||||
4032 | "C:\Users\admin\Desktop\Shoot the blacks\uninstal.exe" | C:\Users\admin\Desktop\Shoot the blacks\uninstal.exe | explorer.exe | |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
2648 | cmd /c C:\Delapp.bat | C:\Windows\system32\cmd.exe | — | uninstal.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2020 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2020.24574\Shoot the blacks\cncs32.dll | — | |
MD5:— | SHA256:— | |||
2020 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2020.24574\Shoot the blacks\uninstal.bin | — | |
MD5:— | SHA256:— | |||
2020 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2020.24574\Shoot the blacks\uninstal.exe | — | |
MD5:— | SHA256:— | |||
3848 | Area Alby.exe | C:\Users\admin\AppData\Local\Temp\gfc9867.mid | mid | |
MD5:E9EA457B5A9C12B0102F6754C26728F0 | SHA256:16FEA3A4358E6E8C09E0FFCD574B67B8737BED9FAA93BF9998B8C4E2B49FA5CE | |||
2020 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2020.24574\Shoot the blacks\Area Alby.gam | gam | |
MD5:88F34CEDCFE68486ACA0DA7A46798A87 | SHA256:4DEA2FE56E4C3E6C422188FBF9C381F4FFAB3EB2A9E89C8845B994AA5FD196BD | |||
3848 | Area Alby.exe | C:\Users\admin\AppData\Local\Temp\gfc3543.mid | mid | |
MD5:2D69641C0F23C7E1A1FD5BC0AB6E8E44 | SHA256:778695ECCE9602BF1FE2E4B5320A74A0AFC45B2336B8F41032205FE24DE50166 | |||
3848 | Area Alby.exe | C:\Users\admin\AppData\Local\Temp\gfcDA32.mid | rmi | |
MD5:9E86C5732EF106CA2E2A64383591A891 | SHA256:AA9191F6DFB286E9FC7F313C450940432D19D5A18CB25A14EC65E0D358E1CA0B | |||
3848 | Area Alby.exe | C:\Users\admin\AppData\Local\Temp\gfcC841.mid | rmi | |
MD5:45F369803E3648BACA12E806A176E498 | SHA256:22A82B5C901F2D65B6473E489800FBB0C72CD8E81219D54E15FCE824499DA65B | |||
3848 | Area Alby.exe | C:\Users\admin\AppData\Local\Temp\gfc7E52.mid | rmi | |
MD5:9E86C5732EF106CA2E2A64383591A891 | SHA256:AA9191F6DFB286E9FC7F313C450940432D19D5A18CB25A14EC65E0D358E1CA0B | |||
3848 | Area Alby.exe | C:\Users\admin\AppData\Local\Temp\gfcD154.mid | mid | |
MD5:2D69641C0F23C7E1A1FD5BC0AB6E8E44 | SHA256:778695ECCE9602BF1FE2E4B5320A74A0AFC45B2336B8F41032205FE24DE50166 |