File name: | f5026526d98571a5956d0586159e9e0e733cf85d.zip |
Full analysis: | https://app.any.run/tasks/1c7da4e5-10d8-4def-a6a4-50e747645b49 |
Verdict: | Malicious activity |
Analysis date: | November 30, 2020, 06:57:53 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | F077FCE555E146A312217FC1104ADAB1 |
SHA1: | 8FE394FD70BA17391250E3C1C5200589F845B175 |
SHA256: | 6C1C22BFD43C194350D140BF8FE022C9048159D48F62447887A7202AC23512EE |
SSDEEP: | 3072:ROkOMvQhtySSgHdLdRPsUIkurQDZoSf8Q2PkZcKe3YDElTfRxwwMOKqE3p1D:RxHOwJgJdRPrIkurQDhf8HOtIlnZTE5d |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | f5026526d98571a5956d0586159e9e0e733cf85d |
---|---|
ZipUncompressedSize: | 557176 |
ZipCompressedSize: | 195672 |
ZipCRC: | 0xda4baa7e |
ZipModifyDate: | 2020:09:02 02:14:01 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0002 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2636 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\f5026526d98571a5956d0586159e9e0e733cf85d.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3300 | "C:\Users\admin\Desktop\2.exe" | C:\Users\admin\Desktop\2.exe | explorer.exe | |
User: admin Integrity Level: HIGH Description: XQueueServerTest.exe Version: 1, 2, 0, 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2636 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2636.32514\f5026526d98571a5956d0586159e9e0e733cf85d | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3300 | 2.exe | POST | — | 107.5.122.110:80 | http://107.5.122.110/FjfX/ | US | — | — | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3300 | 2.exe | 107.5.122.110:80 | — | Comcast Cable Communications, LLC | US | malicious |
PID | Process | Class | Message |
---|---|---|---|
3300 | 2.exe | A Network Trojan was detected | ET CNC Feodo Tracker Reported CnC Server group 1 |