File name: | TÀI LIỆU HÀNG HÓA 2019.7z |
Full analysis: | https://app.any.run/tasks/276dc254-785c-4b1b-be5f-74ad3fc11885 |
Verdict: | Malicious activity |
Threats: | Netwire is an advanced RAT — it is a malware that takes control of infected PCs and allows its operators to perform various actions. Unlike many RATs, this one can target every major operating system, including Windows, Linux, and MacOS. |
Analysis date: | May 20, 2019, 11:58:41 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-7z-compressed |
File info: | 7-zip archive data, version 0.4 |
MD5: | BCCA5A81B99B3EBC92BAA80398373248 |
SHA1: | F786C50D66680DFA9B7383D946E9BB7D56B9BD04 |
SHA256: | 5486657ABBBD562198AA0020AC84FD5D149381CD17BCC99DE5927311B73E3C00 |
SSDEEP: | 3072:qVovasINzD47ym4xJJW3dwDf9TLzi8jT0WLtwg13mqKnB/VCcW:MNQem4xJJPfNLzdjT0yUqqVO |
.7z | | | 7-Zip compressed archive (v0.4) (57.1) |
---|---|---|
.7z | | | 7-Zip compressed archive (gen) (42.8) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2960 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\TÀI LIỆU HÀNG HÓA 2019.7z" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2416 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2960.4410\TÀI LIỆU HÀNG HÓA 2019.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2960.4410\TÀI LIỆU HÀNG HÓA 2019.exe | — | WinRAR.exe |
User: admin Company: CHESTNUT4 Integrity Level: MEDIUM Exit code: 0 Version: 1.01.0005 | ||||
2996 | C:\Users\admin\AppData\Local\Temp\Rar$EXa2960.4410\TÀI LIỆU HÀNG HÓA 2019.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2960.4410\TÀI LIỆU HÀNG HÓA 2019.exe | TÀI LIỆU HÀNG HÓA 2019.exe | |
User: admin Company: CHESTNUT4 Integrity Level: MEDIUM Version: 1.01.0005 | ||||
3496 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2960.7647\TÀI LIỆU HÀNG HÓA 2019.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2960.7647\TÀI LIỆU HÀNG HÓA 2019.exe | — | WinRAR.exe |
User: admin Company: CHESTNUT4 Integrity Level: MEDIUM Exit code: 0 Version: 1.01.0005 | ||||
3848 | C:\Users\admin\AppData\Local\Temp\Rar$EXa2960.7647\TÀI LIỆU HÀNG HÓA 2019.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2960.7647\TÀI LIỆU HÀNG HÓA 2019.exe | — | TÀI LIỆU HÀNG HÓA 2019.exe |
User: admin Company: CHESTNUT4 Integrity Level: MEDIUM Version: 1.01.0005 |
(PID) Process: | (2960) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (2960) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (2960) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (2960) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\TÀI LIỆU HÀNG HÓA 2019.7z | |||
(PID) Process: | (2960) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (2960) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (2960) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (2960) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (2960) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
(PID) Process: | (2960) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2960 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2960.4410\TÀI LIỆU HÀNG HÓA 2019.exe | executable | |
MD5:95D30E03EE30D9BCB3DB9E0CAAF1D4E6 | SHA256:D92A4D000C4571398FE5A2B578C5F9D3CBFB6EDEA1DDD59BE5E418B28CAE9D2D | |||
2960 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2960.7647\TÀI LIỆU HÀNG HÓA 2019.exe | executable | |
MD5:95D30E03EE30D9BCB3DB9E0CAAF1D4E6 | SHA256:D92A4D000C4571398FE5A2B578C5F9D3CBFB6EDEA1DDD59BE5E418B28CAE9D2D |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2996 | TÀI LIỆU HÀNG HÓA 2019.exe | 185.244.31.116:32144 | duc1234.duckdns.org | — | — | malicious |
Domain | IP | Reputation |
---|---|---|
duc1234.duckdns.org |
| malicious |
PID | Process | Class | Message |
---|---|---|---|
— | — | Misc activity | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain |
— | — | Misc activity | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain |
2996 | TÀI LIỆU HÀNG HÓA 2019.exe | A Network Trojan was detected | MALWARE [PTsecurity] Netwire.RAT |
— | — | Misc activity | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain |
2996 | TÀI LIỆU HÀNG HÓA 2019.exe | A Network Trojan was detected | MALWARE [PTsecurity] Netwire.RAT |
2996 | TÀI LIỆU HÀNG HÓA 2019.exe | A Network Trojan was detected | ET TROJAN Possible Netwire RAT Client HeartBeat C2 |
2996 | TÀI LIỆU HÀNG HÓA 2019.exe | A Network Trojan was detected | ET TROJAN Possible Netwire RAT Client HeartBeat C2 |
2996 | TÀI LIỆU HÀNG HÓA 2019.exe | Generic Protocol Command Decode | SURICATA STREAM FIN2 FIN with wrong seq |
— | — | Misc activity | ET INFO DYNAMIC_DNS Query to *.duckdns. Domain |
2996 | TÀI LIỆU HÀNG HÓA 2019.exe | A Network Trojan was detected | MALWARE [PTsecurity] Netwire.RAT |