File name: | Yeni alış sifariş siyahısı.zip |
Full analysis: | https://app.any.run/tasks/861fe78c-5a9c-4bd9-9241-de13ebe22c43 |
Verdict: | Malicious activity |
Analysis date: | August 08, 2020, 11:35:34 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 6868D4A97FA709A20CB920F19A0A8991 |
SHA1: | 343E69ECBEF23111B27092C44CD2D52CF6151C41 |
SHA256: | 49AF1EB21D42899EEA8A4384E4DEE2BB5EEC81803E9EE64591EEB60416F9BE56 |
SSDEEP: | 24576:VA7ZeBS1vCq+9lVoqISmbQN0K/B7rV2XWIi7gUYtZYgsYK2DDT:VvBcCq+ZrISm0NNB7wmTEUYnYgsaj |
.zip | | | ZIP compressed archive (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1912 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Yeni alış sifariş siyahısı.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3788 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa1912.39028\Yeni alış sifariş siyahısı.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa1912.39028\Yeni alış sifariş siyahısı.exe | WinRAR.exe | |
User: admin Company: Sysinternals - www.sysinternals.com Integrity Level: MEDIUM Description: Sysinternals Process Explorer Exit code: 0 Version: 16.21 | ||||
372 | "C:\Users\admin\Desktop\Yeni alış sifariş siyahısı.exe" | C:\Users\admin\Desktop\Yeni alış sifariş siyahısı.exe | — | explorer.exe |
User: admin Company: Sysinternals - www.sysinternals.com Integrity Level: MEDIUM Description: Sysinternals Process Explorer Version: 16.21 | ||||
2388 | C:\Windows\System32\TapiUnattend.exe | C:\Windows\System32\TapiUnattend.exe | — | Yeni alış sifariş siyahısı.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft® Windows(TM) Telephony Unattend Action Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1412 | "C:\Windows\System32\cmmon32.exe" | C:\Windows\System32\cmmon32.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Connection Manager Monitor Version: 7.02.7600.16385 (win7_rtm.090713-1255) | ||||
1832 | /c del "C:\Windows\System32\TapiUnattend.exe" | C:\Windows\System32\cmd.exe | — | cmmon32.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1912 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1912.40634\Yeni alış sifariş siyahısı.exe | — | |
MD5:— | SHA256:— | |||
3788 | Yeni alış sifariş siyahısı.exe | C:\Users\admin\AppData\Local\Temp\CabD722.tmp | — | |
MD5:— | SHA256:— | |||
3788 | Yeni alış sifariş siyahısı.exe | C:\Users\admin\AppData\Local\Temp\TarD723.tmp | — | |
MD5:— | SHA256:— | |||
3788 | Yeni alış sifariş siyahısı.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\64DCC9872C5635B1B7891B30665E0558_5552C20A2631357820903FD38A8C0F9F | binary | |
MD5:4B8EFA2B14BF5E68492D37F6995B25FB | SHA256:ED56E2491A96B030DE06C8676116E913F1F362B466FFB5D6541E821509E6D439 | |||
3788 | Yeni alış sifariş siyahısı.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6Z2BCOUL\Osudddd[1] | text | |
MD5:7B5E7E7EA608452B163EB84DB9ECD4DF | SHA256:035957C04154B62C54E86B6B32C5A7A11E6FA8A135B8EE86AB746FE4BE4521AC | |||
1912 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa1912.39028\Yeni alış sifariş siyahısı.exe | executable | |
MD5:46BCE4CDBC93E61340B1FE04693B7536 | SHA256:F4CBB077C89F62BB6542489C882B324E8E2880DC3970E2540E61D1D25FFF157A | |||
3788 | Yeni alış sifariş siyahısı.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6AF4EE75E3A4ABA658C0087EB9A0BB5B_F80805103A05D4F74523519C6EAD8FC0 | binary | |
MD5:115093363C19035DD5C585E305B5B241 | SHA256:3C5412DD51507C8F7F56D86F4F39CF60600856CA540CD2CA9A37FCEC1AC72A8D | |||
3788 | Yeni alış sifariş siyahısı.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_979AB563CEB98F2581C14ED89B8957D4 | binary | |
MD5:E056C4EA73AB635D43EB3C54C6F8BFA7 | SHA256:5CC9DA97CA1AFE1A22CE3887457313EDFFEA57C35E8AB24EE98489D40522F29C | |||
3788 | Yeni alış sifariş siyahısı.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_979AB563CEB98F2581C14ED89B8957D4 | der | |
MD5:689A3D86D85BFC8D6E624EDD115374A2 | SHA256:23350DA55EF98583F37C260EB221681AE372D23AE7FB01201DD4163BDE514BFF | |||
3788 | Yeni alış sifariş siyahısı.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6AF4EE75E3A4ABA658C0087EB9A0BB5B_F80805103A05D4F74523519C6EAD8FC0 | der | |
MD5:D8BE00035D992A0ABE5902C481590A7C | SHA256:95F50B8539268D5CF029358E40ED5EB3B5EF3C3DDD00464678854AE452D398DD |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3788 | Yeni alış sifariş siyahısı.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTOpjOEf6LG1z52jqAxwDlTxoaOCgQUQAlhZ%2FC8g3FP3hIILG%2FU1Ct2PZYCEDJAnJQUGG0bwuno3m2vDJ8%3D | US | der | 279 b | whitelisted |
3788 | Yeni alış sifariş siyahısı.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEBblhnjgcJQ5S9%2FbTvymO98%3D | US | der | 471 b | whitelisted |
3788 | Yeni alış sifariş siyahısı.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrJdiQ%2Ficg9B19asFe73bPYs%2BreAQUdXGnGUgZvJ2d6kFH35TESHeZ03kCEFslzmkHxCZVZtM5DJmpVK0%3D | US | der | 314 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3788 | Yeni alış sifariş siyahısı.exe | 151.139.128.14:80 | ocsp.comodoca.com | Highwinds Network Group, Inc. | US | suspicious |
3788 | Yeni alış sifariş siyahısı.exe | 2.21.38.54:443 | www.microsoft.com | GTT Communications Inc. | FR | malicious |
3788 | Yeni alış sifariş siyahısı.exe | 162.159.129.233:443 | cdn.discordapp.com | Cloudflare Inc | — | shared |
Domain | IP | Reputation |
---|---|---|
www.microsoft.com |
| whitelisted |
cdn.discordapp.com |
| shared |
ocsp.comodoca.com |
| whitelisted |
ocsp.comodoca4.com |
| whitelisted |