analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

윤디자인+웹고딕.ZIP

Full analysis: https://app.any.run/tasks/2136ad8e-4f7e-472a-8031-1c0ed05eabfa
Verdict: Malicious activity
Analysis date: April 24, 2019, 02:07:30
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

F3EA3D6885803B24B875B86EDF83ADA5

SHA1:

8EBA3660BE1E3152BB2641C839ECA68F8FC1216E

SHA256:

53AA43660907A3201AF64D6392DA17A9A3F36D2A9D415670D6AE5CDF800D61C4

SSDEEP:

768:Atd1XyzqOUvnPkll0q92un5Ouz/r8Fp/WP+dubalRDPLP:w1x/PklpsMJ/rCp/0+dvTPD

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • À±µðÀÚÀÎ+À¥°íµñ.exe (PID: 1452)

  • SUSPICIOUS

    • Starts Internet Explorer

      • À±µðÀÚÀÎ+À¥°íµñ.exe (PID: 1452)

  • INFO

    • Creates files in the user directory

      • iexplore.exe (PID: 912)

    • Changes internet zones settings

      • iexplore.exe (PID: 2096)

    • Reads Internet Cache Settings

      • iexplore.exe (PID: 912)

    • Reads internet explorer settings

      • iexplore.exe (PID: 912)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: ????????+??????/???�.txt
ZipUncompressedSize: 158
ZipCompressedSize: 139
ZipCRC: 0xdc68f9d3
ZipModifyDate: 2012:05:16 21:46:17
ZipCompression: Deflated
ZipBitFlag: -
ZipRequiredVersion: 20
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
4
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe no specs à±µðàúàî+॰íµñ.exe no specs iexplore.exe iexplore.exe

Process information

PID
CMD
Path
Indicators
Parent process
2208"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\윤디자인+웹고딕.ZIP"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.60.0
1452"C:\Users\admin\Desktop\À±µðÀÚÀÎ+À¥°íµñ.exe" C:\Users\admin\Desktop\À±µðÀÚÀÎ+À¥°íµñ.exeexplorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
2096"C:\Program Files\Internet Explorer\iexplore.exe" -nohomeC:\Program Files\Internet Explorer\iexplore.exe
À±µðÀÚÀÎ+À¥°íµñ.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
912"C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2096 CREDAT:71937C:\Program Files\Internet Explorer\iexplore.exe
iexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
LOW
Description:
Internet Explorer
Version:
8.00.7600.16385 (win7_rtm.090713-1255)
Total events
798
Read events
728
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
10
Unknown types
4

Dropped files

PID
Process
Filename
Type
2208WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRa2208.20133\À±µðÀÚÀÎ+À¥°íµñ\À±µðÀÚÀÎ+À¥°íµñ.exe
MD5:
SHA256:
2096iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\favicon[1].ico
MD5:
SHA256:
2096iexplore.exeC:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
MD5:
SHA256:
912iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\72HJF1AO\ww1_no1aessmb_net[1].txt
MD5:
SHA256:
912iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.datdat
MD5:FCEA06F98A10157221F881FAB3157885
SHA256:8C3F0221FBB195871C386B8E8AFCFC18DEE3F3E42C7CF0365561D87BE3945537
912iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.iniini
MD5:4A3DEB274BB5F0212C2419D3D8D08612
SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38
2096iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Feeds Cache\desktop.iniini
MD5:4A3DEB274BB5F0212C2419D3D8D08612
SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38
912iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.iniini
MD5:4A3DEB274BB5F0212C2419D3D8D08612
SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38
912iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\72HJF1AO\js3[1].jstext
MD5:DB3CACFB57BA35D3FCFDBBCF7D46BD42
SHA256:A606134E35DB97024D04789609660C94F87F660DC259D91DB5180E32787D4DAD
912iexplore.exeC:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\72HJF1AO\desktop.iniini
MD5:4A3DEB274BB5F0212C2419D3D8D08612
SHA256:2842973D15A14323E08598BE1DFB87E54BF88A76BE8C7BC94C56B079446EDF38
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
6
DNS requests
4
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
2096
iexplore.exe
GET
200
185.53.179.29:80
http://ww1.no1aessmb.net/favicon.ico
DE
malicious
912
iexplore.exe
GET
200
185.53.179.29:80
http://ww1.no1aessmb.net/track.php?domain=no1aessmb.net&toggle=browserjs&uid=MTU1NjA3MTcyNC42MDU0OjAxZjhlY2U4YzUzY2U2Y2Q1ZDZhMDc3NGY2ZmU5NmM3OTlhODM3NzkxNTE5YjBjNGNiMTljYmY0NDA5ZjZhZTc6NWNiZmM1MmM5M2NiYQ%3D%3D
DE
binary
20 b
malicious
912
iexplore.exe
GET
208.91.196.46:80
http://iyfsearch.com/?dn=no1aessmb.net&pid=9PO755G95
VG
suspicious
912
iexplore.exe
GET
200
185.53.179.29:80
http://ww1.no1aessmb.net/?subid1=d9ab896a-6635-11e9-a8f3-4f810ac1323b
DE
html
988 b
malicious
912
iexplore.exe
GET
200
185.53.179.29:80
http://parkingcrew.net/assets/scripts/js3.js
DE
text
17.5 Kb
malicious
2096
iexplore.exe
GET
200
204.79.197.200:80
http://www.bing.com/favicon.ico
US
image
237 b
whitelisted
912
iexplore.exe
GET
302
95.211.117.215:80
http://no1aessmb.net/index2.html?search=@15p@Z@N+@%0m5q
NL
text
11 b
malicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
912
iexplore.exe
185.53.179.29:80
ww1.no1aessmb.net
Team Internet AG
DE
malicious
2096
iexplore.exe
204.79.197.200:80
www.bing.com
Microsoft Corporation
US
whitelisted
912
iexplore.exe
95.211.117.215:80
no1aessmb.net
LeaseWeb Netherlands B.V.
NL
malicious
912
iexplore.exe
208.91.196.46:80
iyfsearch.com
Confluence Networks Inc
VG
malicious
2096
iexplore.exe
185.53.179.29:80
ww1.no1aessmb.net
Team Internet AG
DE
malicious

DNS requests

Domain
IP
Reputation
www.bing.com
  • 204.79.197.200
  • 13.107.21.200
whitelisted
no1aessmb.net
  • 95.211.117.215
malicious
ww1.no1aessmb.net
  • 185.53.179.29
malicious
iyfsearch.com
  • 208.91.196.46
suspicious

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
윤디자인+웹고딕.ZIP