File name: | 2oi7.cn3vrt.rsptify1.2.1.zip |
Full analysis: | https://app.any.run/tasks/375d487d-75b5-4b95-b0d6-b3acc51bf3b7 |
Verdict: | Malicious activity |
Analysis date: | October 04, 2022, 21:17:05 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 18ACE70B892558B892013F8CEB43B606 |
SHA1: | 886977A71BF963C5A69006AD248CB0E55D68E1C7 |
SHA256: | 601FEB7803DD08DBFBDC61C060CA408A2EF35859EC1605DB0E0BDCA02E2D39CA |
SSDEEP: | 49152:OT69/lxHwmgCaZO8BMQo5Ftqwuj/8YqN0j+Gks+dkBQSw5/8O:OGbxHwHMTtqwuWN0jCoBQSwxl |
.zip | | | ZIP compressed archive (100) |
---|
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3392 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\2oi7.cn3vrt.rsptify1.2.1.zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | ||||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 Modules
| |||||||||||||||
2792 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\Rar$DIa3392.40750\instructions.txt | C:\Windows\system32\NOTEPAD.EXE | — | WinRAR.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
3844 | "C:\Users\admin\Desktop\SpotifyConverter.exe" | C:\Users\admin\Desktop\SpotifyConverter.exe | — | Explorer.EXE | |||||||||||
User: admin Company: TunesKit, Inc. Integrity Level: MEDIUM Description: TunesKit Spotify Converter Setup Exit code: 3221226540 Version: 1.2.1.100 Modules
| |||||||||||||||
3140 | "C:\Users\admin\Desktop\SpotifyConverter.exe" | C:\Users\admin\Desktop\SpotifyConverter.exe | Explorer.EXE | ||||||||||||
User: admin Company: TunesKit, Inc. Integrity Level: HIGH Description: TunesKit Spotify Converter Setup Exit code: 0 Version: 1.2.1.100 Modules
| |||||||||||||||
1744 | "C:\Users\admin\AppData\Local\Temp\is-S43S2.tmp\SpotifyConverter.tmp" /SL5="$7012A,1609185,134144,C:\Users\admin\Desktop\SpotifyConverter.exe" | C:\Users\admin\AppData\Local\Temp\is-S43S2.tmp\SpotifyConverter.tmp | SpotifyConverter.exe | ||||||||||||
User: admin Integrity Level: HIGH Description: Setup/Uninstall Exit code: 0 Version: 51.52.0.0 Modules
| |||||||||||||||
680 | "C:\Program Files\Internet Explorer\iexplore.exe" http://www.tuneskit.com/spotify-converter-for-win/user-guide.html | C:\Program Files\Internet Explorer\iexplore.exe | — | SpotifyConverter.tmp | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
2292 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:680 CREDAT:275457 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
3372 | "C:\Windows\explorer.exe" | C:\Windows\explorer.exe | — | Explorer.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
3640 | "C:\Program Files\TunesKit Spotify Converter\Patch.exe" | C:\Program Files\TunesKit Spotify Converter\Patch.exe | — | Explorer.EXE | |||||||||||
User: admin Integrity Level: MEDIUM Exit code: 3221226540 Modules
| |||||||||||||||
2356 | "C:\Program Files\TunesKit Spotify Converter\Patch.exe" | C:\Program Files\TunesKit Spotify Converter\Patch.exe | Explorer.EXE | ||||||||||||
User: admin Integrity Level: HIGH Exit code: 3221225547 Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3392 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3392.40525\Patch.exe | executable | |
MD5:43DF18B1EC765D05B604CA8087054D80 | SHA256:C8BCC42E819EA0D0131DAE43C16EDC0EECBDE80A01C838DA9DBAA26255DC6E96 | |||
1744 | SpotifyConverter.tmp | C:\Program Files\TunesKit Spotify Converter\SpotifyConverter.exe | executable | |
MD5:881C29C9CB868559B6F31AAF31C2B7DD | SHA256:76CAD9633849E2C1274D72B8F74D91A1E664348FC6621A7AE7409F4E601D6E03 | |||
1744 | SpotifyConverter.tmp | C:\Program Files\TunesKit Spotify Converter\ConvertLibrary.dll | executable | |
MD5:2DB94CFBE89DF4B165E53EB77962E000 | SHA256:5B28329963F548AF9304B9F4801437F978133359EF9DE7473D7F15E053A10F8F | |||
1744 | SpotifyConverter.tmp | C:\Program Files\TunesKit Spotify Converter\is-96TC6.tmp | executable | |
MD5:2DB94CFBE89DF4B165E53EB77962E000 | SHA256:5B28329963F548AF9304B9F4801437F978133359EF9DE7473D7F15E053A10F8F | |||
3392 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa3392.40750\instructions.txt | text | |
MD5:6595EC68C031B7ACB2BB46D41AA4606F | SHA256:2E6E55C082CC759C19ED55A9B342628FBDE2FEA2C36B7F4BFF2D78E57191334D | |||
3392 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3392.40525\Visit - PirateCity.NET.url | url | |
MD5:84FDEBE5032C3E8D87892D8637475465 | SHA256:90209D2C9B1EB8A48340D65B28E972043E280BA7107EB072A154BED87F4EE1A3 | |||
3392 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3392.40525\SpotifyConverter.exe | executable | |
MD5:F40F93D6332DF1FF057B89C8E84DAB26 | SHA256:565A33F00D71F1464C60FC4BC830389F8629B3D425D56CD50872854EAC6D4745 | |||
1744 | SpotifyConverter.tmp | C:\Program Files\TunesKit Spotify Converter\is-GMPHI.tmp | executable | |
MD5:881C29C9CB868559B6F31AAF31C2B7DD | SHA256:76CAD9633849E2C1274D72B8F74D91A1E664348FC6621A7AE7409F4E601D6E03 | |||
3140 | SpotifyConverter.exe | C:\Users\admin\AppData\Local\Temp\is-S43S2.tmp\SpotifyConverter.tmp | executable | |
MD5:C1306F4050827812118ED15C45B1D9EC | SHA256:1CE8C4374D8B8C37DD7681C54B47A38C26C4203A1755520624DEA91C7B9308FB | |||
1744 | SpotifyConverter.tmp | C:\Program Files\TunesKit Spotify Converter\WinSparkle.dll | executable | |
MD5:51AA45D5F9DDC28BCEAB746DD4A46A3F | SHA256:44C2ED7544D72650B3591D9A4523F7C72FDAEF2A98681F67F301290D3B788B35 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2292 | iexplore.exe | GET | 301 | 172.67.73.193:80 | http://www.tuneskit.com/spotify-converter-for-win/user-guide.html | US | html | 274 b | suspicious |
2292 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEAo3h2ReX7SMIk79G%2B0UDDw%3D | US | der | 1.47 Kb | whitelisted |
868 | SpotifyConverter.exe | GET | 301 | 172.67.73.193:80 | http://www.tuneskit.com/app_update_files/spotifyconverter/win_update.xml | US | html | 281 b | suspicious |
868 | SpotifyConverter.exe | GET | 200 | 104.26.6.197:80 | http://tuneskit.com/api/appuser?did=618800AEABCA&install_at=20221004221857&pid=321&sign=53768175cb5746cb4851b4d0d6cbee09&summary=TunesKit%20Spotify%20Converter(1.2.1.100),%20Windows%207%20Service%20Pack%201%20(6.1.7601) | US | binary | 155 b | suspicious |
2292 | iexplore.exe | GET | 200 | 8.238.189.126:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fb80389f517f0321 | US | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2292 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | EDGECAST | GB | whitelisted |
2292 | iexplore.exe | 172.67.73.193:80 | www.tuneskit.com | CLOUDFLARENET | US | suspicious |
868 | SpotifyConverter.exe | 172.67.73.193:80 | www.tuneskit.com | CLOUDFLARENET | US | suspicious |
2292 | iexplore.exe | 8.238.189.126:80 | ctldl.windowsupdate.com | LEVEL3 | US | suspicious |
868 | SpotifyConverter.exe | 104.26.6.197:80 | www.tuneskit.com | CLOUDFLARENET | US | suspicious |
2292 | iexplore.exe | 188.114.96.3:443 | www.viwizard.com | CLOUDFLARENET | NL | malicious |
2292 | iexplore.exe | 172.67.73.193:443 | www.tuneskit.com | CLOUDFLARENET | US | suspicious |
868 | SpotifyConverter.exe | 172.67.73.193:443 | www.tuneskit.com | CLOUDFLARENET | US | suspicious |
Domain | IP | Reputation |
---|---|---|
www.tuneskit.com |
| suspicious |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
www.viwizard.com |
| malicious |
tuneskit.com |
| suspicious |
Process | Message |
---|---|
SpotifyConverter.exe | WinSparkle: ----------------------------
|
SpotifyConverter.exe | WinSparkle: *** USING INSECURE URL: appcast feed from http://www.tuneskit.com/app_update_files/spotifyconverter/win_update.xml ***
|
SpotifyConverter.exe | WinSparkle: ----------------------------
|
SpotifyConverter.exe | WinSparkle: ----------------------------
|
SpotifyConverter.exe | WinSparkle: *** USING INSECURE URL: appcast feed from http://www.tuneskit.com/app_update_files/spotifyconverter/win_update.xml ***
|
SpotifyConverter.exe | WinSparkle: ----------------------------
|