File name: | file_2f9df04568f140f5b8fe0986323a79a9_2019-10-14T15_29_53.000Z.zip |
Full analysis: | https://app.any.run/tasks/bed4bfb8-9f61-49b2-b247-11834ac79d29 |
Verdict: | Malicious activity |
Analysis date: | October 14, 2019, 15:37:05 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 5C52AF16BDBD878074505B13766FB34D |
SHA1: | 8727751CA9313B8266E6CA61F5AFDF5170D1D81A |
SHA256: | 5178DF32344A6D4A55EAD894C6510658108E4C1681092EC7DC280BB7E9F76344 |
SSDEEP: | 1536:OOisPjsRnw61wvfZKkJZ5FxwVmihy6cW80q7X1/u80z9GPVlL4Pim+PbyijPjf:DisPiRvkJt6LDMX170JwVB46VysPT |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | 0x0800 |
ZipCompression: | None |
ZipModifyDate: | 2019:10:14 15:35:16 |
ZipCRC: | 0x00000000 |
ZipCompressedSize: | - |
ZipUncompressedSize: | - |
ZipFileName: | entry001/ |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2172 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\file_2f9df04568f140f5b8fe0986323a79a9_2019-10-14T15_29_53.000Z.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
292 | "C:\Users\admin\Desktop\java.exe" | C:\Users\admin\Desktop\java.exe | — | explorer.exe |
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Platform SE binary Exit code: 1 Version: 8.0.1710.11 | ||||
1416 | "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\Desktop\manifest.json | C:\Windows\system32\rundll32.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2500 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\manifest.json | C:\Windows\system32\NOTEPAD.EXE | — | rundll32.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2148 | "C:\Users\admin\Desktop\java.exe" | C:\Users\admin\Desktop\java.exe | — | explorer.exe |
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Platform SE binary Exit code: 1 Version: 8.0.1710.11 | ||||
1712 | "C:\Users\admin\Desktop\java.exe" | C:\Users\admin\Desktop\java.exe | — | explorer.exe |
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Platform SE binary Exit code: 1 Version: 8.0.1710.11 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2172 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2172.45003\entry001\java.exe | — | |
MD5:— | SHA256:— | |||
2172 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2172.45912\manifest.json | — | |
MD5:— | SHA256:— | |||
1712 | java.exe | C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp | text | |
MD5:3AFE67B1A7F0D1C2638978CBB9274FA7 | SHA256:C3F1EDB9F747701312B8BFAE40A2D8815E6D592567EC5E8E586C0A0A0D07371C | |||
2148 | java.exe | C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp | text | |
MD5:17CB9596AA45630207E40BAEEFE65D07 | SHA256:1B06C7D510D20821D3D9DA3608F04B7A169EB0555B5E2B0C88E08F91E2A68801 | |||
292 | java.exe | C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp | text | |
MD5:00F3F10E40DBBED5DAE827CC285EBB85 | SHA256:5B9FA947E94A8497D7236578C42ACFCBBECB746000015CC7D6665BC05E5F1F68 |