File name: | 2773e3dc59472296cb0024ba7715a64e.zip |
Full analysis: | https://app.any.run/tasks/2dd14b4c-451e-4c5c-a0a4-d517ecff0d73 |
Verdict: | Malicious activity |
Analysis date: | June 28, 2023, 02:06:18 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | B877491211BFCFF842912FD055588799 |
SHA1: | D19E7A79B08BAE01B00AC447F6CFD236EF055474 |
SHA256: | 6D230F1F3A10F78741545A9D6FBD43BBB0A6A55FEFCA245760D5DB92AC3CC1CD |
SSDEEP: | 3072:aAYjkooRsGE5zhcE+MhDcOHhcrD3gmsn7Hbt2edV0OI9Oez9DB4v/RfPE+5ApuPw:zY4/Ezz+ML2q7kvNcezVavJdZP/B8ccT |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 788 |
---|---|
ZipBitFlag: | 0x0001 |
ZipCompression: | Deflated |
ZipModifyDate: | 2016:04:13 18:02:34 |
ZipCRC: | 0x3c351d58 |
ZipCompressedSize: | 242871 |
ZipUncompressedSize: | 290304 |
ZipFileName: | 2773e3dc59472296cb0024ba7715a64e.exe |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3524 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\2773e3dc59472296cb0024ba7715a64e.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | ||||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.91.0 Modules
| |||||||||||||||
3912 | "C:\Users\admin\Desktop\2773e3dc59472296cb0024ba7715a64e.exe" | C:\Users\admin\Desktop\2773e3dc59472296cb0024ba7715a64e.exe | explorer.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Description: Firefox Exit code: 0 Version: 37.0.2.5583 Modules
| |||||||||||||||
1808 | "C:\Users\admin\AppData\Local\Drpbx\drpbx.exe" C:\Users\admin\Desktop\2773e3dc59472296cb0024ba7715a64e.exe | C:\Users\admin\AppData\Local\Drpbx\drpbx.exe | — | 2773e3dc59472296cb0024ba7715a64e.exe | |||||||||||
User: admin Integrity Level: MEDIUM Description: Firefox Version: 37.0.2.5583 Modules
| |||||||||||||||
4004 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\etadministration.rtf" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Exit code: 0 Version: 14.0.6024.1000 Modules
| |||||||||||||||
3696 | "C:\Users\admin\Desktop\2773e3dc59472296cb0024ba7715a64e.exe" | C:\Users\admin\Desktop\2773e3dc59472296cb0024ba7715a64e.exe | explorer.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Description: Firefox Exit code: 0 Version: 37.0.2.5583 Modules
|
(PID) Process: | (3524) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16D\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (3524) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
(PID) Process: | (3524) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
(PID) Process: | (3524) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop\phacker.zip | |||
(PID) Process: | (3524) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (3524) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (3524) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (3524) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (3524) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface |
Operation: | write | Name: | ShowPassword |
Value: 0 | |||
(PID) Process: | (3912) 2773e3dc59472296cb0024ba7715a64e.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
4004 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR507A.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3912 | 2773e3dc59472296cb0024ba7715a64e.exe | C:\Users\admin\AppData\Roaming\Frfx\firefox.exe | executable | |
MD5:2773E3DC59472296CB0024BA7715A64E | SHA256:3AE96F73D805E1D3995253DB4D910300D8442EA603737A1428B613061E7F61E7 | |||
3912 | 2773e3dc59472296cb0024ba7715a64e.exe | C:\Users\admin\AppData\Local\Drpbx\drpbx.exe | executable | |
MD5:2773E3DC59472296CB0024BA7715A64E | SHA256:3AE96F73D805E1D3995253DB4D910300D8442EA603737A1428B613061E7F61E7 | |||
1808 | drpbx.exe | C:\MSOCache\All Users\{90140000-0015-0411-0000-0000000FF1CE}-C\AccessMUI.xml.fun | binary | |
MD5:28441B8C917510D970D6180D613CE8E0 | SHA256:5965C7D4E0173C8DFB8F976D47B0EC3FC8D3FF2200B39155E1440D7EDDA7CC53 | |||
4004 | WINWORD.EXE | C:\Users\admin\Desktop\~$administration.rtf | binary | |
MD5:ABDE4DC920251DFA9349A37F0632E1E1 | SHA256:6A6C5C36FADB7E444ABB3D231411EA8810401CF690075D5C9269A80D312E8211 | |||
1808 | drpbx.exe | C:\MSOCache\All Users\{90140000-0015-0411-0000-0000000FF1CE}-C\branding.xml.fun | binary | |
MD5:4DB4DDE56A7D1D8B4BA2487F3834F59B | SHA256:5E665BA65BA94CDA7C8775B6D64877691B8C28F3714FF0FDF354905D5EA0CCBC | |||
1808 | drpbx.exe | C:\MSOCache\All Users\{90140000-0015-040C-0000-0000000FF1CE}-C\Setup.xml.fun | binary | |
MD5:9D19D98D71BBB006AED9379F74906F6B | SHA256:E32F5C1558986B99421C3F197F1FEFDF2CB485693FF4AD4963904CBBBEBB9574 | |||
4004 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.dat | text | |
MD5:B7F156A5A19F720D86DB4C51040A2749 | SHA256:48AC94B46551C504BDEAEF5CA1F2A832C2C539F522343701AF964A9DB32088F6 | |||
1808 | drpbx.exe | C:\MSOCache\All Users\{90140000-0015-0407-0000-0000000FF1CE}-C\branding.xml.fun | binary | |
MD5:AF3B47EE3239EE27A36DF974BA6FF35A | SHA256:FD6C354E84802174AB77076F4167F39BD68CAB971EC46A80000BDB8150F05CF5 | |||
1808 | drpbx.exe | C:\MSOCache\All Users\{90140000-0015-040C-0000-0000000FF1CE}-C\AccessMUI.xml.fun | binary | |
MD5:C004E8491FF15DE08F1FA4E4C998A799 | SHA256:11F36C2CDDB7ACFBE430A304D826F2D3921826B33B08A9A82624AD6ADB3D3C74 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
292 | svchost.exe | 239.255.255.250:1900 | — | — | — | whitelisted |
1076 | svchost.exe | 224.0.0.252:5355 | — | — | — | unknown |