File name: | daprovare (1).rar |
Full analysis: | https://app.any.run/tasks/bbfa49e9-06d5-4965-97d8-cefd8a723bd0 |
Verdict: | Malicious activity |
Analysis date: | November 16, 2019, 20:46:54 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 3B4503CEA21FDC60BC8F76EFBABBB8E5 |
SHA1: | 6B474A089366B8EA4765B8ED0A33C5977E31F0EF |
SHA256: | 7017DD101CDD2C7CBB5F6AEE8D2F52DDFE443B42272505396D20DDA9256B8B07 |
SSDEEP: | 196608:xHt3JIaIjWaRcOqATB9CFms5rhOSHkkdwA+tpOGtxwJjl1R4:TaewcOqkBoprb3dwAM0G3wNi |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2968 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\daprovare (1).rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3460 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
3316 | "C:\Users\admin\Desktop\Files\LR\X2.exe" | C:\Users\admin\Desktop\Files\LR\X2.exe | — | explorer.exe |
User: admin Company: <X2 ARQC> Integrity Level: MEDIUM Description: <X2> Version: 2.1.0.1 |
(PID) Process: | (2968) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (2968) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (2968) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (2968) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\daprovare (1).rar | |||
(PID) Process: | (2968) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (2968) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (2968) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (2968) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (2968) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop | |||
(PID) Process: | (3460) SearchProtocolHost.exe | Key: | HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\12B\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US |
PID | Process | Filename | Type | |
---|---|---|---|---|
2968 | WinRAR.exe | C:\Users\admin\Desktop\Files\LR\X2.pdb | — | |
MD5:— | SHA256:— | |||
2968 | WinRAR.exe | C:\Users\admin\Desktop\Files\bins-ok.pdf | ||
MD5:0439B26F57A09DC46ECF934E0D7AD268 | SHA256:555BB305048744399528D65C00902FB429AF06F84403A8EB8B3B9FD2DC61F8F7 | |||
2968 | WinRAR.exe | C:\Users\admin\Desktop\Files\LR\Bin.db | sqlite | |
MD5:E6C370D46734506107BB4858B8CCE6D8 | SHA256:EB38EFAE4F1E8B9739597DFDAA48C8BF4B4E4C2251C113C63A64B24A71E3A513 | |||
2968 | WinRAR.exe | C:\Users\admin\Desktop\Files\Cardpeek currency.pdf | ||
MD5:85CD66E15297BD83618EB610E2C51EDC | SHA256:13F04DFDD19C23CC0CD53FDB870D0B960C0E16FEB828CE4C6685A6F6574A2EF9 | |||
2968 | WinRAR.exe | C:\Users\admin\Desktop\Files\cardpeek-0.8.1-win32-setup.exe | executable | |
MD5:E294732C5941459F9837EEE662798E13 | SHA256:2A522699BF4D1C3730BCBC1E071882389E2E3DAF3551D6492B351D98A05FC7D1 | |||
2968 | WinRAR.exe | C:\Users\admin\Desktop\Files\LR\X2.exe | executable | |
MD5:7D70650F98B77655EC5920B38E717121 | SHA256:9AB475A639779B6BF2E55FF77BA9C368346B00BC9AB0E982E5EAC3A53AB10CE2 | |||
2968 | WinRAR.exe | C:\Users\admin\Desktop\Files\Dump shops.txt | text | |
MD5:E673B6D2655FDA22B6AAA93E73A4A065 | SHA256:AA3F826577EA44A371D1EE8580597BBD02F4FE94D877CEF883D6794ABBA318F7 | |||
2968 | WinRAR.exe | C:\Users\admin\Desktop\Files\LR\cardtemp.dat | binary | |
MD5:F1D3FF8443297732862DF21DC4E57262 | SHA256:DF3F619804A92FDB4057192DC43DD748EA778ADC52BC498CE80524C014B81119 | |||
2968 | WinRAR.exe | C:\Users\admin\Desktop\Files\LR\X2.lib | obj | |
MD5:C96884A9FD7E6305A5F4972222AAFD1A | SHA256:1600B8928CEA94572789182E8A97F5BBF545DC1281B698F4DDCDA8A98516070B | |||
2968 | WinRAR.exe | C:\Users\admin\Desktop\Files\LR\GlobalPlatform.dll | executable | |
MD5:4696B9FAE32C96D487DAA887D830261B | SHA256:D516E641E63F4195C374ECEDBEE074C345AF178D703FA0761C990141E056B992 |