File name: | awconfig.rar |
Full analysis: | https://app.any.run/tasks/3ecc76e3-cad5-4123-b1c1-ea6be961a698 |
Verdict: | Malicious activity |
Analysis date: | September 11, 2019, 07:58:45 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 8A27DB56D688B9CCC8FB8C3F6C8A995F |
SHA1: | 6C4E03BB83B9B125EE50642762F89E052CBC837B |
SHA256: | 6446E1660460053B2665B4769A369FC64C98A89160634F2850850698DAEFD553 |
SSDEEP: | 384:khc1amaHOAMFUWYbvdERbT766OqqaCM9yskI1fB713BpOhO49ohJFix3sISUi+Sx:2uaRuAa9YTyRvrHA6Jdsc4yhDIi+6yw |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2872 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\awconfig.rar" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3432 | "C:\Program Files\Opera\opera.exe" | C:\Program Files\Opera\opera.exe | explorer.exe | |
User: admin Company: Opera Software Integrity Level: MEDIUM Description: Opera Internet Browser Version: 1748 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2872 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2872.25714\awconfig | — | |
MD5:— | SHA256:— | |||
3432 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\oprE69C.tmp | — | |
MD5:— | SHA256:— | |||
3432 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\oprE6DB.tmp | — | |
MD5:— | SHA256:— | |||
3432 | opera.exe | C:\Users\admin\AppData\Local\Opera\Opera\cache\sesn\opr00001.tmp | — | |
MD5:— | SHA256:— | |||
3432 | opera.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\PS1Z9S50L6HDTQ0PQMYD.temp | — | |
MD5:— | SHA256:— | |||
3432 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\oprEE6.tmp | — | |
MD5:— | SHA256:— | |||
3432 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\sessions\opr1AAF.tmp | — | |
MD5:— | SHA256:— | |||
3432 | opera.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\16ec093b8f51508f.customDestinations-ms~RF16f1c7.TMP | binary | |
MD5:309173A3D7AC96E52CA7BB6E941C2CF1 | SHA256:D0DE40593BCE48BB74D7DF605809BEAA2C8DC578294215278DCEB978D10B4C6F | |||
3432 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\tasks.xml | xml | |
MD5:27D20E8450A066DD245BE323C864FC7B | SHA256:63B1551C88E1D75D2245BAE467D10FE89748B7B6C7F1D865574629FAD09C1458 | |||
3432 | opera.exe | C:\Users\admin\AppData\Roaming\Opera\Opera\opssl6.dat | binary | |
MD5:FCCCCC75861EF0FE746E8A18EFF620B4 | SHA256:B9F4A7DD6DAED0F425A09B66E619421F35673A9FA191A330566CBC811F2F5068 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3432 | opera.exe | GET | 302 | 216.58.208.35:80 | http://www.google.com.ua/search?client=opera&q=anofile&sourceid=opera&ie=utf-8&oe=utf-8&channel=suggest | US | html | 336 b | whitelisted |
3432 | opera.exe | GET | 302 | 216.58.208.35:80 | http://www.google.com.ua/search?q=anofile&sourceid=opera&ie=utf-8&oe=utf-8&channel=suggest | US | html | 320 b | whitelisted |
3432 | opera.exe | GET | 200 | 93.184.220.29:80 | http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl | US | der | 528 b | whitelisted |
3432 | opera.exe | GET | 200 | 172.217.22.3:80 | http://ocsp.pki.goog/gts1o1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEBl7GqnL5JVcAgAAAABB5oE%3D | US | der | 471 b | whitelisted |
3432 | opera.exe | GET | 200 | 172.217.18.174:80 | http://clients1.google.com/complete/search?q=anofile&client=opera-suggest-omnibox&hl=de | US | text | 101 b | whitelisted |
3432 | opera.exe | GET | 200 | 172.217.18.174:80 | http://clients1.google.com/complete/search?q=ano&client=opera-suggest-omnibox&hl=de | US | text | 114 b | whitelisted |
3432 | opera.exe | GET | 200 | 172.217.18.174:80 | http://clients1.google.com/complete/search?q=anof&client=opera-suggest-omnibox&hl=de | US | text | 111 b | whitelisted |
3432 | opera.exe | GET | 200 | 172.217.22.3:80 | http://crl.pki.goog/gsr2/gsr2.crl | US | der | 815 b | whitelisted |
3432 | opera.exe | GET | 200 | 172.217.22.3:80 | http://ocsp.pki.goog/gts1o1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEEanTyVp9ezcCAAAAAARu4s%3D | US | der | 471 b | whitelisted |
3432 | opera.exe | GET | 200 | 192.35.177.64:80 | http://crl.identrust.com/DSTROOTCAX3CRL.crl | US | der | 896 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3432 | opera.exe | 185.26.182.94:443 | certs.opera.com | Opera Software AS | — | whitelisted |
3432 | opera.exe | 172.217.23.163:443 | id.google.com | Google Inc. | US | whitelisted |
3432 | opera.exe | 185.26.182.112:80 | sitecheck2.opera.com | Opera Software AS | — | malicious |
3432 | opera.exe | 216.58.208.35:80 | www.google.com.ua | Google Inc. | US | whitelisted |
3432 | opera.exe | 192.35.177.64:80 | crl.identrust.com | IdenTrust | US | malicious |
3432 | opera.exe | 93.184.220.29:80 | crl4.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3432 | opera.exe | 216.58.208.35:443 | www.google.com.ua | Google Inc. | US | whitelisted |
3432 | opera.exe | 194.32.146.61:443 | anonfile.com | — | — | unknown |
3432 | opera.exe | 172.217.22.3:80 | crl.pki.goog | Google Inc. | US | whitelisted |
3432 | opera.exe | 172.217.22.35:443 | id.google.com.ua | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
certs.opera.com |
| whitelisted |
crl4.digicert.com |
| whitelisted |
clients1.google.com |
| whitelisted |
www.google.com.ua |
| whitelisted |
sitecheck2.opera.com |
| whitelisted |
crl.pki.goog |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
id.google.com.ua |
| whitelisted |
id.google.com |
| whitelisted |
anonfile.com |
| whitelisted |