File name: | PolarisBiosEditor1.7.5.rar |
Full analysis: | https://app.any.run/tasks/edb0fed6-952e-4fd0-a37e-a7b84a59d316 |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 09:48:40 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | B6A1B510035EE0BFA562F938775741FD |
SHA1: | C6436E2C432B804157FB86C5ADF9D0C16952112F |
SHA256: | 6517511BE249FC9B2DA3A56A477C49A0EFF3CFDECAD318321583EAF397045DF3 |
SSDEEP: | 24576:vCULr0lnG0xrTjK9VW4OcpKRtePsMw/5MpAxEuei3iHe5gBiPu5evN1Bmtc/Tixl:vLr0vhW7OcpecPvw/5MsiHsgBiPu5mHe |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2492 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\PolarisBiosEditor1.7.5.rar" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
3444 | "C:\Users\admin\Desktop\PolarisBiosEditor1.7.5\PolarisBiosEditor.exe" | C:\Users\admin\Desktop\PolarisBiosEditor1.7.5\PolarisBiosEditor.exe | — | Explorer.EXE |
User: admin Company: PolarisBiosEditor Integrity Level: MEDIUM Description: Setup/Uninstall Exit code: 1 Version: 51.1052.0.0 | ||||
3244 | "C:\Users\admin\Desktop\PolarisBiosEditor1.7.5\PolarisBiosEditor.exe" /SPAWNWND=$101B0 /NOTIFYWND=$101B0 | C:\Users\admin\Desktop\PolarisBiosEditor1.7.5\PolarisBiosEditor.exe | PolarisBiosEditor.exe | |
User: admin Company: PolarisBiosEditor Integrity Level: HIGH Description: Setup/Uninstall Exit code: 1 Version: 51.1052.0.0 | ||||
1400 | "C:\Users\admin\Desktop\PolarisBiosEditor1.7.5\PolarisBiosEditor.exe" /VERYSILENT | C:\Users\admin\Desktop\PolarisBiosEditor1.7.5\PolarisBiosEditor.exe | PolarisBiosEditor.exe | |
User: admin Company: PolarisBiosEditor Integrity Level: HIGH Description: Setup/Uninstall Exit code: 0 Version: 51.1052.0.0 | ||||
2904 | "C:\Users\admin\AppData\Roaming\wsqmcons.exe" | C:\Users\admin\AppData\Roaming\wsqmcons.exe | — | PolarisBiosEditor.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows SQM Consolidator Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2608 | "C:\Users\admin\AppData\Roaming\PolarisBiosEditor.exe" | C:\Users\admin\AppData\Roaming\PolarisBiosEditor.exe | PolarisBiosEditor.exe | |
User: admin Company: https://mining-bios.eu Integrity Level: HIGH Description: PolarisBiosEditor Version: 1.7.5.0 | ||||
3284 | "C:\Windows\system32\cmd.exe" | C:\Windows\system32\cmd.exe | wsqmcons.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2492 | WinRAR.exe | C:\Users\admin\Desktop\PolarisBiosEditor1.7.5\PolarisBiosEditor-0.bin | binary | |
MD5:48E0BFCC97A35B1C5CAE5AE8FA8C5F04 | SHA256:2530565506347A5EE22AB794993B03E4973B517063EACD475C77768B6126244A | |||
1400 | PolarisBiosEditor.exe | C:\Users\admin\AppData\Roaming\z.txt | text | |
MD5:F8CFB4FDFA2C09C789A2E9A17268F788 | SHA256:65CACEEFED69D30CC8AF330AA3F46AB7CF55BA5118529F7423D2CA3AFB92E220 | |||
1400 | PolarisBiosEditor.exe | C:\Users\admin\AppData\Roaming\u.txt | text | |
MD5:B86B661EAE3FE944A776B3C60E05595F | SHA256:6298A56B5C8EBB70886149A9E23E9C630498AE45E73399877EF6BB490F6D4184 | |||
1400 | PolarisBiosEditor.exe | C:\Users\admin\AppData\Roaming\user.bin | binary | |
MD5:0CCCBE67A89513EC9072AE43CCF0CA36 | SHA256:0160889C87CB5BEF893A2D0FD1A1AE22EE09610CF05E1F488E9ED390660EC9D5 | |||
1400 | PolarisBiosEditor.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows NT\Version_PolarisBiosEditor.lnk | lnk | |
MD5:1EBD651F55F257AF2FEF6D2A05C3FE4F | SHA256:82C3FBD36BBB2A78DC00E7FFB96297A5D384F35593452F6A2D7C0009DDD77D23 | |||
1400 | PolarisBiosEditor.exe | C:\Users\admin\AppData\Roaming\is-GAA54.tmp | text | |
MD5:B86B661EAE3FE944A776B3C60E05595F | SHA256:6298A56B5C8EBB70886149A9E23E9C630498AE45E73399877EF6BB490F6D4184 | |||
1400 | PolarisBiosEditor.exe | C:\Users\admin\AppData\Roaming\tdh.dll | executable | |
MD5:F7756D100B17A0129A9016F3F9C6FE78 | SHA256:3772F2224CAE9B2E3A56A2863E0F7E2081AE20DCDBD5DE56D35D548E8C19FDFD | |||
2492 | WinRAR.exe | C:\Users\admin\Desktop\PolarisBiosEditor1.7.5\PolarisBiosEditor.exe | executable | |
MD5:59B8660CC5CE4DE6F7144075039C0C2C | SHA256:94A03B4D748CB9B3687076AF26209475FC811C016229C033922838A092DA035F | |||
1400 | PolarisBiosEditor.exe | C:\Users\admin\AppData\Roaming\is-FV2DD.tmp | text | |
MD5:F8CFB4FDFA2C09C789A2E9A17268F788 | SHA256:65CACEEFED69D30CC8AF330AA3F46AB7CF55BA5118529F7423D2CA3AFB92E220 | |||
1400 | PolarisBiosEditor.exe | C:\Users\admin\AppData\Roaming\is-U7VUE.tmp | executable | |
MD5:F7756D100B17A0129A9016F3F9C6FE78 | SHA256:3772F2224CAE9B2E3A56A2863E0F7E2081AE20DCDBD5DE56D35D548E8C19FDFD |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2608 | PolarisBiosEditor.exe | 185.199.111.133:443 | raw.githubusercontent.com | GitHub, Inc. | NL | suspicious |
3284 | cmd.exe | 151.139.128.11:443 | imagizer.imageshack.com | Highwinds Network Group, Inc. | US | malicious |
880 | svchost.exe | 151.139.128.11:443 | imagizer.imageshack.com | Highwinds Network Group, Inc. | US | malicious |
— | — | 151.139.128.11:443 | imagizer.imageshack.com | Highwinds Network Group, Inc. | US | malicious |
Domain | IP | Reputation |
---|---|---|
raw.githubusercontent.com |
| shared |
imagizer.imageshack.com |
| whitelisted |
dns.msftncsi.com |
| shared |
PID | Process | Class | Message |
---|---|---|---|
880 | svchost.exe | Potentially Bad Traffic | ET INFO TLS Handshake Failure |