File name: | DESKTOP-5KIJTKK_2022-08-12_17_45_28.zip |
Full analysis: | https://app.any.run/tasks/4b5c6db3-08d4-4c5b-ba67-72028e0666d5 |
Verdict: | Malicious activity |
Analysis date: | August 12, 2022, 15:46:01 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v4.5 to extract |
MD5: | E3AAA9E59FBD37F56CCDB0122A405CD0 |
SHA1: | 2D005A24F344290B7474F4EB8AE08B60F2BA7FBA |
SHA256: | 48A8DE40382B0B22115422A2C3A65F672EE1A6380FD8CC3F0131E0993FCAD167 |
SSDEEP: | 96:N7z4baWKQ2G3oC8n4E/XX4qdSdmjmibKX/jHKkrktyDIWJsLGn:N7z4mQdUn4pFamiOOkJD3eLE |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | Device/HarddiskVolume3/Program Files/WindowsApps/AD2F1837.HPSystemEventUtility_1.3.2.0_x64__v10z8vjag6ke6/SystemEventUtility/AddHostLauncherToRun.exe |
---|---|
ZipUncompressedSize: | 11264 |
ZipCompressedSize: | 4344 |
ZipCRC: | 0x696cb767 |
ZipModifyDate: | 1980:00:00 00:00:00 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0801 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2520 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\DESKTOP-5KIJTKK_2022-08-12_17_45_28.zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.91.0 | ||||
2180 | "C:\Users\admin\Desktop\Device\HarddiskVolume3\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.2.0_x64__v10z8vjag6ke6\SystemEventUtility\AddHostLauncherToRun.exe" | C:\Users\admin\Desktop\Device\HarddiskVolume3\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.2.0_x64__v10z8vjag6ke6\SystemEventUtility\AddHostLauncherToRun.exe | — | Explorer.EXE |
User: admin Company: HP Inc. Integrity Level: MEDIUM Description: AddHostLauncherToRun Exit code: 3221226540 Version: 1.2.7.0 | ||||
1268 | "C:\Users\admin\Desktop\Device\HarddiskVolume3\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.2.0_x64__v10z8vjag6ke6\SystemEventUtility\AddHostLauncherToRun.exe" | C:\Users\admin\Desktop\Device\HarddiskVolume3\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.2.0_x64__v10z8vjag6ke6\SystemEventUtility\AddHostLauncherToRun.exe | Explorer.EXE | |
User: admin Company: HP Inc. Integrity Level: HIGH Description: AddHostLauncherToRun Version: 1.2.7.0 |
(PID) Process: | (2520) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (2520) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (2520) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (2520) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
(PID) Process: | (2520) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
(PID) Process: | (2520) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\DESKTOP-5KIJTKK_2022-08-12_17_45_28.zip | |||
(PID) Process: | (2520) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (2520) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (2520) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (2520) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2520 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb2520.32584\Device\HarddiskVolume3\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_1.3.2.0_x64__v10z8vjag6ke6\SystemEventUtility\AddHostLauncherToRun.exe | executable | |
MD5:752EAA22C0131624DDA5FEBF499B7246 | SHA256:E581C6FA6EBB6F010A965EFE6579DC3174C4D1DC16B2C73E641A8F45ED8A8AE6 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2344 | WerFault.exe | 20.189.173.20:443 | watson.microsoft.com | Microsoft Corporation | US | suspicious |
Domain | IP | Reputation |
---|---|---|
watson.microsoft.com |
| whitelisted |