File name: | xmlparse.bin.zip |
Full analysis: | https://app.any.run/tasks/0f4603b9-acf7-4470-8c82-fa87e7fa3ba0 |
Verdict: | Malicious activity |
Analysis date: | March 21, 2019, 20:30:23 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 3DAFD38EBA6DE8BE6D777ECF94B0BA9E |
SHA1: | 1A838A99AA60AD58D6012336025F574E78B6B5CD |
SHA256: | 5417C4BF24D953425E3006FD63AFC561AF4B1856A827F83DD25514FA122E623D |
SSDEEP: | 6144:41M2eNr2RWUdCD4gOSjsgsKqe6MWMw54ut0TgOB8UXao1bCNvM:WUAWqC85SohUaMw54utgSUX31iU |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 788 |
---|---|
ZipBitFlag: | 0x0001 |
ZipCompression: | Deflated |
ZipModifyDate: | 2019:03:21 17:52:00 |
ZipCRC: | 0x2e387ed0 |
ZipCompressedSize: | 315371 |
ZipUncompressedSize: | 318896 |
ZipFileName: | xmlparse.bin |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2368 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\xmlparse.bin.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3612 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2868 | "C:\Windows\explorer.exe" | C:\Windows\explorer.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1696 | C:\Windows\Explorer.EXE | C:\Windows\explorer.exe | — | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2196 | "C:\Windows\system32\cmd.exe" | C:\Windows\system32\cmd.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 3221225786 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2132 | cmd.exe /C reg add "HKCU\SOFTWARE\microsoft\windows\currentversion\run" /v ServiceDLL /t REG_EXPAND_SZ /d "rundll32 C:\Users\admin\AppData\Local\Temp\xmlparse.dll, sega" /f | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1252 | reg add "HKCU\SOFTWARE\microsoft\windows\currentversion\run" /v ServiceDLL /t REG_EXPAND_SZ /d "rundll32 C:\Users\admin\AppData\Local\Temp\xmlparse.dll, sega" /f | C:\Windows\system32\reg.exe | cmd.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Registry Console Tool Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2568 | "C:\Windows\system32\taskmgr.exe" /4 | C:\Windows\system32\taskmgr.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Task Manager Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1360 | "C:\Windows\system32\mmc.exe" "C:\Windows\system32\services.msc" | C:\Windows\system32\mmc.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Management Console Exit code: 3221226540 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2108 | "C:\Windows\system32\mmc.exe" "C:\Windows\system32\services.msc" | C:\Windows\system32\mmc.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Management Console Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2368 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\__rzi_2368.26558 | — | |
MD5:— | SHA256:— | |||
4052 | mmc.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\views[1] | — | |
MD5:— | SHA256:— | |||
2368 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\xmlparse.bin.zip | compressed | |
MD5:E4FE95685853A3DCDBB0C1415ACD917F | SHA256:DAD2B9E55B0E0586E9B0B97519451B524894CD3BA3D755329899F29C9519D4F1 | |||
1696 | explorer.exe | C:\Users\admin\Desktop\xmlparse.dll | executable | |
MD5:6675C63A2534FD65B3B2DA751F2B393F | SHA256:BEE3B2710F7E874CE05E6B8B45CC20E021B9C00EE337238598E71E7315128333 | |||
1696 | explorer.exe | C:\Users\admin\AppData\Local\Temp\xmlparse.dll | executable | |
MD5:6675C63A2534FD65B3B2DA751F2B393F | SHA256:BEE3B2710F7E874CE05E6B8B45CC20E021B9C00EE337238598E71E7315128333 | |||
2368 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb2368.26697\xmlparse.dll | executable | |
MD5:6675C63A2534FD65B3B2DA751F2B393F | SHA256:BEE3B2710F7E874CE05E6B8B45CC20E021B9C00EE337238598E71E7315128333 | |||
2108 | mmc.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\views[1] | html | |
MD5:A726593A8261930E4786375106FC6BFE | SHA256:E6BFDFBB9A0649EA9D38DE4255C355C581097E6A1035A54943260B22AD45F172 | |||
2108 | mmc.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\views[1] | html | |
MD5:A726593A8261930E4786375106FC6BFE | SHA256:E6BFDFBB9A0649EA9D38DE4255C355C581097E6A1035A54943260B22AD45F172 | |||
4052 | mmc.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\views[1] | html | |
MD5:A726593A8261930E4786375106FC6BFE | SHA256:E6BFDFBB9A0649EA9D38DE4255C355C581097E6A1035A54943260B22AD45F172 | |||
4052 | mmc.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\views[1] | html | |
MD5:A726593A8261930E4786375106FC6BFE | SHA256:E6BFDFBB9A0649EA9D38DE4255C355C581097E6A1035A54943260B22AD45F172 |