File name: | Axenat.zip |
Full analysis: | https://app.any.run/tasks/f929769d-07c2-4dd9-8c19-9e1917b23cc0 |
Verdict: | Malicious activity |
Analysis date: | September 30, 2020, 02:47:52 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v1.0 to extract |
MD5: | 5B5779FE1178539ED9E13C161D82C13E |
SHA1: | 9C9DD3B32135979CB12135A0D17B33E9D3A229EA |
SHA256: | 6D9BB76551D212EA9A47019DB263926FDAE0191D98B4DB6111AD158B3452B2E6 |
SSDEEP: | 98304:uxJoyeufLCs8Z4OtHuJ/Vy+Jk5GsKKl7Xgd2C5+QclgmC/v+k:uxJofuLCs8mmuJ/+GdKl7m2CVcC/mk |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | Axenat/ |
---|---|
ZipUncompressedSize: | - |
ZipCompressedSize: | - |
ZipCRC: | 0x00000000 |
ZipModifyDate: | 2020:06:09 00:49:01 |
ZipCompression: | None |
ZipBitFlag: | - |
ZipRequiredVersion: | 10 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2080 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Axenat.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
756 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2080.43016\Axenat\Axenat.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2080.43016\Axenat\Axenat.exe | — | WinRAR.exe |
User: admin Integrity Level: MEDIUM Description: StealerBin Exit code: 0 Version: 1.0.0.0 | ||||
2244 | "C:\Users\admin\Desktop\Axenat.exe" | C:\Users\admin\Desktop\Axenat.exe | explorer.exe | |
User: admin Integrity Level: HIGH Description: StealerBin Exit code: 0 Version: 1.0.0.0 | ||||
2244 | "C:\Users\admin\Desktop\Axenat.exe" | C:\Users\admin\Desktop\Axenat.exe | explorer.exe | |
User: admin Integrity Level: HIGH Description: StealerBin Exit code: 0 Version: 1.0.0.0 |
(PID) Process: | (2080) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (2080) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (2080) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\13B\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (2080) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\Axenat.zip | |||
(PID) Process: | (2080) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (2080) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (2080) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (2080) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (2080) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
(PID) Process: | (2080) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2080 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2080.44114\Axenat\Axenat.exe | — | |
MD5:— | SHA256:— | |||
2080 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2080.43016\Axenat\Axenat.exe | executable | |
MD5:B24786ADC85768D38E69A04911841478 | SHA256:26BDBAC453D590AAE6AB3485CD70A8D87BC7AE5B548406115EA9D19395B3E88E | |||
2080 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2080.43016\Axenat\Osiris.dll | executable | |
MD5:B7DC1C80D890E992ED20E7648E97BB73 | SHA256:87A9F82BF4E96993B4F34DB48712E22EB68EBAD7E051EFE789305143EB75208F | |||
2080 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2080.43016\Axenat\OTC.dll | executable | |
MD5:6CD11F93B4F335E3760519079EADB978 | SHA256:9552579A442DCB20689F8EF348688ABE3744D9DCAC466030D8FF320CC889AF00 | |||
2080 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2080.43016\Axenat\PageRank.dll | executable | |
MD5:B2F23D79EFC6CB304AA31C16D6BC89B8 | SHA256:A5F3010B36E56EF93B81FFAB83D4CD2BE12EABC5F8427A12E137D8A845570B82 | |||
2080 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2080.43016\Axenat\DevComponents.DotNetBar2.dll | executable | |
MD5:D068CE38F5F9CAED1E63FFB1169EDE92 | SHA256:08C17E74BE6CEEE14634C12BCEE4985490620C2C39986D2EFC367CC86F3339C7 |