File name: | Release.zip |
Full analysis: | https://app.any.run/tasks/3fec42a8-be00-44d8-95ca-e358a7e05762 |
Verdict: | Malicious activity |
Analysis date: | January 14, 2022, 21:22:40 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 0B77799FBBFEFF4CC608830AA4C543E8 |
SHA1: | 10CF3C68218E9FEF2A370CDE0C0C249D078809C5 |
SHA256: | 57289250571863ECF91CCF60CA6386DB00410E4401914AA5FF06728F8443DBAC |
SSDEEP: | 196608:0XpwF21zF2cJ4IKKORJwfZ6o1NhH0hxrlaboAwlTwF215cEV2cuKfKKORJwFZ6mH:apwQ1B4IKBiR6otH0nrlaEAw5wQ13SKj |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | 0x0008 |
ZipCompression: | Deflated |
ZipModifyDate: | 2022:01:14 14:53:13 |
ZipCRC: | 0x0f3da4f2 |
ZipCompressedSize: | 123983 |
ZipUncompressedSize: | 315392 |
ZipFileName: | Release/mysql.data.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3624 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Release.zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
3536 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\system32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211) | ||||
2984 | "C:\Users\admin\Desktop\Release\Etiff.exe" | C:\Users\admin\Desktop\Release\Etiff.exe | Explorer.EXE | |
User: admin Company: Microsoft Integrity Level: MEDIUM Description: Etiff Version: 3.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3624 | WinRAR.exe | C:\Users\admin\Desktop\Release\app.publish\Application Files\Etiff_2_0_0_31\TiffCrop.exe.deploy | executable | |
MD5:BABA636192DBD6DBABD7D6B13021A887 | SHA256:FB2E25B2DA1CA489B59A09BF064F3DDD96538398B01DB3DD52AFBBFFC345A5AB | |||
3624 | WinRAR.exe | C:\Users\admin\Desktop\Release\app.publish\Application Files\Etiff_2_0_0_31\Leadtools.WinForms.dll.deploy | executable | |
MD5:3B4A114CA4B954C9B7F718D5DA048029 | SHA256:EF2859E55C19490E67DBDCC939DD1E02517D363DB08243DDCE97C2A384DC42CD | |||
3624 | WinRAR.exe | C:\Users\admin\Desktop\Release\app.publish\Application Files\Etiff_2_0_0_31\Leadtools.ImageProcessing.Effects.dll.deploy | executable | |
MD5:570D329A73D264E510E1486AC1774512 | SHA256:06B283D1B708B9DB13FD04948CBF0FDDA866226C85468FA9F8EE30944323F30B | |||
3624 | WinRAR.exe | C:\Users\admin\Desktop\Release\app.publish\Application Files\Etiff_2_0_0_31\GdPicture.NET.dll.deploy | executable | |
MD5:87898566EB201D031F0C1D0A73D6ACF8 | SHA256:ED1270B5F483F588F84226BE163CB3340622C91B827A94BC749A874C4580CE6A | |||
3624 | WinRAR.exe | C:\Users\admin\Desktop\Release\app.publish\setup.exe | executable | |
MD5:9D4671B68C0CCC7F553546BC92ADE90C | SHA256:ADA201093CF83A02062397B8314B59D98177DE0E574B8992510987E760D92E72 | |||
3624 | WinRAR.exe | C:\Users\admin\Desktop\Release\app.publish\Application Files\Etiff_2_0_0_31\Leadtools.Codecs.Tif.dll.deploy | executable | |
MD5:15AA9C77BFFF95DC5C7A98C046C683A3 | SHA256:254B2A9DD3C32A3E824D25750D8F4CB8E385EE6D99275EC140DBC8E48EE352FA | |||
3624 | WinRAR.exe | C:\Users\admin\Desktop\Release\app.publish\Application Files\Etiff_2_0_0_31\Leadtools.Codecs.Fax.dll.deploy | executable | |
MD5:5F1922744D6FBBEB4C2650C7392BFF25 | SHA256:8573386A05986A98A7ED206BB9235E1037D72294C8DC422D4325E089B8DC34AB | |||
3624 | WinRAR.exe | C:\Users\admin\Desktop\Release\app.publish\Application Files\Etiff_2_0_0_31\GdPicture.NET.PDF.dll.deploy | executable | |
MD5:CA45469CDA4E19667579E8337CED3BFA | SHA256:23459EFF6B2A5313211A782BCE9B112894419A3227B38D5599B5302AD31318CC | |||
3624 | WinRAR.exe | C:\Users\admin\Desktop\Release\app.publish\Application Files\Etiff_2_0_0_31\Leadtools.Codecs.dll.deploy | executable | |
MD5:84A5AAF9E7891E35E239587B0BE6A496 | SHA256:0DA8B74BBF94AD0957819F4077E6976226BCF5FF48AECF3ECD7AA7F77E524AE3 | |||
3624 | WinRAR.exe | C:\Users\admin\Desktop\Release\app.publish\Application Files\Etiff_2_0_0_31\Leadtools.ImageProcessing.Utilities.dll.deploy | executable | |
MD5:E864366BD24FDBF7D455AA0D3D5BF598 | SHA256:A296DABD98FAFEC0425DFA0ED3D88E7BCC76BAE11DD31F0B9392AF2CE225B638 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 192.168.100.67:63342 | — | — | — | malicious |
— | — | 192.168.100.67:63051 | — | — | — | malicious |
— | — | 192.168.100.67:63341 | — | — | — | malicious |
— | — | 192.168.100.67:63602 | — | — | — | malicious |
— | — | 192.168.100.67:63050 | — | — | — | malicious |
— | — | 192.168.100.67:62825 | — | — | — | malicious |
— | — | 192.168.100.67:64400 | — | — | — | malicious |
— | — | 192.168.100.67:63603 | — | — | — | malicious |
— | — | 192.168.100.67:64401 | — | — | — | malicious |
Process | Message |
---|---|
Etiff.exe |
*** HR originated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
|
Etiff.exe |
*** HR propagated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
|
Etiff.exe |
*** HR originated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
|
Etiff.exe |
*** HR propagated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
|
Etiff.exe |
*** HR originated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
|
Etiff.exe |
*** HR propagated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
|
Etiff.exe |
*** HR originated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
|
Etiff.exe |
*** HR propagated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
|
Etiff.exe |
*** HR originated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\copyout.cpp, line 1302
|
Etiff.exe |
*** HR propagated: -2147024774
*** Source File: d:\iso_whid\x86fre\base\isolation\com\enumidentityattribute.cpp, line 144
|