File name: | release.rar |
Full analysis: | https://app.any.run/tasks/e34f5770-6111-45f4-b385-1d4f33c1f0f7 |
Verdict: | Malicious activity |
Analysis date: | May 30, 2020, 03:51:55 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 716B085E71C6285F3B1D1DB544DD1730 |
SHA1: | A2E2953CF894E51045D08BAE5382F5178F75A3EE |
SHA256: | 4A05003267AB6AC0FA6B498005F8A4CBD72699AA5C414996CBFB9A3A77A03427 |
SSDEEP: | 196608:aM2Beo54plm8qkZv/B/7c7g6LNfNtcDVRa1z5HU1InrYO3j8kKC989vbxitZXNwR:af53Bc3BTGXLxNtwAyij8kKLbxit4d/ |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2472 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\release.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3364 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
688 | "C:\Users\admin\Desktop\x96dbg.exe" | C:\Users\admin\Desktop\x96dbg.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Description: x64dbg Exit code: 0 Version: 0.0.2.5 | ||||
2608 | "C:\Users\admin\Desktop\x32\x32dbg.exe" | C:\Users\admin\Desktop\x32\x32dbg.exe | x96dbg.exe | |
User: admin Integrity Level: MEDIUM Description: x64dbg Exit code: 0 Version: 0.0.2.5 | ||||
1704 | "C:\Users\admin\Desktop\x96dbg.exe" | C:\Users\admin\Desktop\x96dbg.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Description: x64dbg Exit code: 0 Version: 0.0.2.5 | ||||
2960 | "C:\Users\admin\Desktop\x96dbg.exe" ::install | C:\Users\admin\Desktop\x96dbg.exe | x96dbg.exe | |
User: admin Integrity Level: HIGH Description: x64dbg Exit code: 0 Version: 0.0.2.5 | ||||
1756 | "C:\Users\admin\Desktop\x96dbg.exe" | C:\Users\admin\Desktop\x96dbg.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Description: x64dbg Exit code: 0 Version: 0.0.2.5 | ||||
2568 | "C:\Users\admin\Desktop\x32\x32dbg.exe" | C:\Users\admin\Desktop\x32\x32dbg.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Description: x64dbg Version: 0.0.2.5 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2472 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2472.8002\x32\loaddll.exe | executable | |
MD5:27D2D7608D6E8F010C3B22A44A066D93 | SHA256:44F606640A1E75781DDA7A4EE7048C7E86126A355FDFB7C0694871227C2C70FB | |||
2472 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2472.8002\x32\TitanEngine.dll | executable | |
MD5:DD36176B05DD264A0FF83C0A9774D2F4 | SHA256:55DADFE1B88561CF14AFD52FE8EAD151D8F961A19C32B634680C0DF9AB208A8D | |||
2472 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2472.8002\x32\asmjit.dll | executable | |
MD5:D70B3BD199EA6C80D751E8146F493BA6 | SHA256:9D578A3DB04DB58DF4BC4F4000E93C8D51449CFD4547AD26B90445501CEC048F | |||
2472 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2472.8002\x32\DeviceNameResolver.dll | executable | |
MD5:A35A5D965A7697242AF24F93F4978E19 | SHA256:4FA654D71CE434F364575B642A745BDF4BA94544C762EABAF383449795EDD506 | |||
2472 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2472.8002\x32\platforms\qwindows.dll | executable | |
MD5:E25BAF30CFE9B709D3A1D4EA7D06900D | SHA256:476A108B5724F74A8AD7F23976BE6C9B385CAA816FAA7B55A9B4C635899F6C1C | |||
2472 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2472.8002\x32\dbghelp.dll | executable | |
MD5:6329180A43F2E000AC991FEF82A2A7E3 | SHA256:FCE7AD5C5D85FA547F86605C93F2E52654E5C43E686CEEAF24C28C157E91ED72 | |||
2472 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2472.8002\x32\jansson.dll | executable | |
MD5:112B0ACFB3EC66861FF569B4F370FCBC | SHA256:EDEA94824751746AB1498E9DBF15BE20E37ECE7533C51ED410EDDE724103CAA4 | |||
2472 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2472.8002\x32\Scylla.dll | executable | |
MD5:9CEC18438D3071B57770DB4EB0197EA3 | SHA256:C860196803460448941BED5A99C5D77A8B16E8B6D57D7F26A740F52E26ABBAD8 | |||
2472 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2472.8002\x32\ldconvert.dll | executable | |
MD5:059891FB43C1E7D4135D2ED23D4A81B5 | SHA256:BCE19949FD256954B98512C5DA06AFAE1639D6415B195730019533B76334BA2C | |||
2472 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2472.8002\x32\msdia140.dll | executable | |
MD5:F497F6282663007EBA751A4E6A302DB6 | SHA256:C04C19EE74EA1EDA357549A43FC4A340C43B05EE6F4B7E4B7E3613BA015765E8 |
Process | Message |
---|---|
x96dbg.exe | "C:\Users\admin\Desktop\x96dbg.exe" |
x96dbg.exe | "C:\Users\admin\Desktop\x96dbg.exe" |
x32dbg.exe | QMetaObject::connectSlotsByName: No matching signal for on_txtUnicode_clicked()¶ |
x32dbg.exe | QMetaObject::connectSlotsByName: No matching signal for on_txtUnicode_clicked()
|
x96dbg.exe | "C:\Users\admin\Desktop\x96dbg.exe" |
x96dbg.exe | "C:\Users\admin\Desktop\x96dbg.exe" |
x96dbg.exe | "C:\Users\admin\Desktop\x96dbg.exe" ::install |
x96dbg.exe | "C:\Users\admin\Desktop\x96dbg.exe" ::install |
x96dbg.exe | [x96dbg] Command line: |
x96dbg.exe | "C:\Users\admin\Desktop\x96dbg.exe" |