File name: | Millionblox - Linkvertise Downloader.zip |
Full analysis: | https://app.any.run/tasks/005081b4-4bad-43df-b70d-9410066f73f3 |
Verdict: | Malicious activity |
Analysis date: | May 20, 2022, 17:37:46 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 89A1FCDC66AB5EAB63DF366F61280ED0 |
SHA1: | 590F168716D34BF71429467ED215F3AA2DACB1EF |
SHA256: | 4E209BF17FF38C6D7E83F7FAF07C90CC75048A369D630D0FBB60225F3B4FCE03 |
SSDEEP: | 49152:+tQcRavvL7pyhNCLvKOFICf+kGnlZ8LscgtyIqGEx:hvxyhN2vFx+XlZ84HbqBx |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | None |
ZipModifyDate: | 2022:03:23 16:41:23 |
ZipCRC: | 0x00000000 |
ZipCompressedSize: | - |
ZipUncompressedSize: | - |
ZipFileName: | .. / |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2864 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Millionblox - Linkvertise Downloader.zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | ||||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 Modules
| |||||||||||||||
4012 | "C:\Users\admin\Desktop\Millionblox - Linkvertise Downloader_fU-cP61.exe" | C:\Users\admin\Desktop\Millionblox - Linkvertise Downloader_fU-cP61.exe | Explorer.EXE | ||||||||||||
User: admin Company: Integrity Level: MEDIUM Description: Linkvertise GmbH & Co. KG Exit code: 0 Version: 2.0.0.13 Modules
| |||||||||||||||
1668 | "C:\Users\admin\AppData\Local\Temp\is-F7EKU.tmp\Millionblox - Linkvertise Downloader_fU-cP61.tmp" /SL5="$3012E,1785071,899584,C:\Users\admin\Desktop\Millionblox - Linkvertise Downloader_fU-cP61.exe" | C:\Users\admin\AppData\Local\Temp\is-F7EKU.tmp\Millionblox - Linkvertise Downloader_fU-cP61.tmp | — | Millionblox - Linkvertise Downloader_fU-cP61.exe | |||||||||||
User: admin Company: Integrity Level: MEDIUM Description: Setup/Uninstall Exit code: 0 Version: 51.1052.0.0 Modules
| |||||||||||||||
2988 | "C:\Users\admin\Desktop\Millionblox - Linkvertise Downloader_fU-cP61.exe" /SPAWNWND=$30128 /NOTIFYWND=$3012E | C:\Users\admin\Desktop\Millionblox - Linkvertise Downloader_fU-cP61.exe | Millionblox - Linkvertise Downloader_fU-cP61.tmp | ||||||||||||
User: admin Company: Integrity Level: HIGH Description: Linkvertise GmbH & Co. KG Exit code: 0 Version: 2.0.0.13 Modules
| |||||||||||||||
3248 | "C:\Users\admin\AppData\Local\Temp\is-1BPP9.tmp\Millionblox - Linkvertise Downloader_fU-cP61.tmp" /SL5="$40134,1785071,899584,C:\Users\admin\Desktop\Millionblox - Linkvertise Downloader_fU-cP61.exe" /SPAWNWND=$30128 /NOTIFYWND=$3012E | C:\Users\admin\AppData\Local\Temp\is-1BPP9.tmp\Millionblox - Linkvertise Downloader_fU-cP61.tmp | Millionblox - Linkvertise Downloader_fU-cP61.exe | ||||||||||||
User: admin Company: Integrity Level: HIGH Description: Setup/Uninstall Exit code: 0 Version: 51.1052.0.0 Modules
| |||||||||||||||
2596 | "C:\Program Files\Internet Explorer\iexplore.exe" https://anonfiles.com/v000ger6uc/Millionblox_txt | C:\Program Files\Internet Explorer\iexplore.exe | Millionblox - Linkvertise Downloader_fU-cP61.tmp | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2940 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2596 CREDAT:275457 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2032 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\Millionblox.txt | C:\Windows\system32\NOTEPAD.EXE | — | iexplore.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Notepad Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
|
(PID) Process: | (2864) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (2864) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (2864) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (2864) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
(PID) Process: | (2864) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
(PID) Process: | (2864) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\Millionblox - Linkvertise Downloader.zip | |||
(PID) Process: | (2864) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (2864) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (2864) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (2864) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2940 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Tar48A0.tmp | cat | |
MD5:E721613517543768F0DE47A6EEEE3475 | SHA256:3163B82D1289693122EF99ED6C3C1911F68AA2A7296907CEBF84C897141CED4E | |||
2864 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2864.43327\Millionblox - Linkvertise Downloader_fU-cP61.exe | executable | |
MD5:ABE474D7A812304768CF9BA8DD007D1E | SHA256:16536B93871F5D13BE8A5032286B538CC2D570B1B3E381E3C697F24C0AE0CF4B | |||
4012 | Millionblox - Linkvertise Downloader_fU-cP61.exe | C:\Users\admin\AppData\Local\Temp\is-F7EKU.tmp\Millionblox - Linkvertise Downloader_fU-cP61.tmp | executable | |
MD5:74FAD5C6CD2D3AF1FA257B5E9531993A | SHA256:8DC40627FA4C09F7FD6DF78E3AD03D7DB3767010E15418DBA24E63754DCBC59B | |||
2940 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 | compressed | |
MD5:B9F21D8DB36E88831E5352BB82C438B3 | SHA256:998E0209690A48ED33B79AF30FC13851E3E3416BED97E3679B6030C10CAB361E | |||
2940 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Cab489F.tmp | compressed | |
MD5:B9F21D8DB36E88831E5352BB82C438B3 | SHA256:998E0209690A48ED33B79AF30FC13851E3E3416BED97E3679B6030C10CAB361E | |||
2940 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:0873988DD02F9A943FE125AA268A0B19 | SHA256:0F174C023C199849C96F21F9E3F9AA7AE12BA182A682C9AF97F6DE967106220B | |||
3248 | Millionblox - Linkvertise Downloader_fU-cP61.tmp | C:\Users\admin\AppData\Local\Temp\is-LLKVN.tmp\zbShieldUtils.dll | executable | |
MD5:E1F18A22199C6F6AA5D87B24E5B39EF1 | SHA256:62C56C8CF2AC6521CE047B73AA99B6D3952CA53F11D34B00E98D17674A2FC10D | |||
3248 | Millionblox - Linkvertise Downloader_fU-cP61.tmp | C:\Users\admin\AppData\Local\Temp\is-LLKVN.tmp\is-2THS7.tmp | image | |
MD5:DB6C259CD7B58F2F7A3CCA0C38834D0E | SHA256:494169CDD9C79EB4668378F770BFA55D4B140F23A682FF424441427DFAB0CED2 | |||
3248 | Millionblox - Linkvertise Downloader_fU-cP61.tmp | C:\Users\admin\AppData\Local\Temp\is-LLKVN.tmp\loader.gif | image | |
MD5:D35D95FC6BD8BE33D3CE5DA2630B90BD | SHA256:DFA608BE394C8F6D19AFF352185917720F04072AC0412A8CAB1174FEC4939C08 | |||
3248 | Millionblox - Linkvertise Downloader_fU-cP61.tmp | C:\Users\admin\AppData\Local\Temp\is-LLKVN.tmp\AVG_AV.png | image | |
MD5:5EF5291810C454A35F76D976105F37CC | SHA256:03E69E8C87732C625DF2F628AC63BD145268F9DEA9C5F3DD3670B1CF349A995C |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2940 | iexplore.exe | GET | 200 | 23.216.77.69:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?36d797131d42325a | US | compressed | 60.0 Kb | whitelisted |
2940 | iexplore.exe | GET | 200 | 23.216.77.69:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?7f489d6beef6ebd2 | US | compressed | 60.0 Kb | whitelisted |
2940 | iexplore.exe | GET | 200 | 96.16.145.230:80 | http://x1.c.lencr.org/ | US | der | 717 b | whitelisted |
2940 | iexplore.exe | GET | 200 | 184.24.77.63:80 | http://r3.o.lencr.org/MFMwUTBPME0wSzAJBgUrDgMCGgUABBRI2smg%2ByvTLU%2Fw3mjS9We3NfmzxAQUFC6zF7dYVsuuUAlA5h%2BvnYsUwsYCEgNu0fhzwLRxYIjzRdYSnQiCNw%3D%3D | US | der | 503 b | shared |
2940 | iexplore.exe | GET | 200 | 104.18.21.226:80 | http://ocsp2.globalsign.com/rootr3/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT1nGh%2FJBjWKnkPdZIzB1bqhelHBwQUj%2FBLf6guRSSuTVD6Y5qL3uLdG7wCEHophRq39F1meVBmQbb%2F1x0%3D | US | der | 1.40 Kb | whitelisted |
2940 | iexplore.exe | GET | 200 | 23.216.77.69:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?0701859344d4fe90 | US | compressed | 4.70 Kb | whitelisted |
2596 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
2940 | iexplore.exe | GET | 200 | 67.27.158.254:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?edb2485dccd2de63 | US | compressed | 60.0 Kb | whitelisted |
2940 | iexplore.exe | GET | 200 | 18.66.107.194:80 | http://crl.rootca1.amazontrust.com/rootca1.crl | US | der | 493 b | whitelisted |
2940 | iexplore.exe | GET | 200 | 52.222.206.35:80 | http://ocsp.rootca1.amazontrust.com/MFQwUjBQME4wTDAJBgUrDgMCGgUABBRPWaOUU8%2B5VZ5%2Fa9jFTaU9pkK3FAQUhBjMhTTsvAyUlC4IWZzHshBOCggCEwZ%2FlFeFh%2Bisd96yUzJbvJmLVg0%3D | US | der | 1.39 Kb | shared |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2940 | iexplore.exe | 96.16.145.230:80 | x1.c.lencr.org | Akamai Technologies, Inc. | US | suspicious |
3248 | Millionblox - Linkvertise Downloader_fU-cP61.tmp | 18.66.107.75:443 | d17kz3i6hbr7d3.cloudfront.net | Massachusetts Institute of Technology | US | suspicious |
2940 | iexplore.exe | 23.216.77.69:80 | ctldl.windowsupdate.com | NTT DOCOMO, INC. | US | suspicious |
2940 | iexplore.exe | 151.101.2.217:443 | vjs.zencdn.net | Fastly | US | suspicious |
2940 | iexplore.exe | 67.27.158.254:80 | ctldl.windowsupdate.com | Level 3 Communications, Inc. | US | malicious |
2940 | iexplore.exe | 45.154.253.152:443 | anonfiles.com | — | — | suspicious |
2940 | iexplore.exe | 184.24.77.63:80 | r3.o.lencr.org | Time Warner Cable Internet LLC | US | unknown |
2940 | iexplore.exe | 104.18.21.226:80 | ocsp2.globalsign.com | Cloudflare Inc | US | shared |
2596 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2596 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
d17kz3i6hbr7d3.cloudfront.net |
| whitelisted |
anonfiles.com |
| shared |
ctldl.windowsupdate.com |
| whitelisted |
x1.c.lencr.org |
| whitelisted |
r3.o.lencr.org |
| shared |
vjs.zencdn.net |
| whitelisted |
djv99sxoqpv11.cloudfront.net |
| shared |
ocsp2.globalsign.com |
| whitelisted |
o.ss2.us |
| whitelisted |
ocsp.rootg2.amazontrust.com |
| whitelisted |