File name: | Virus Infection.zip |
Full analysis: | https://app.any.run/tasks/5127e63b-5f29-462a-b837-d5fdc2160ebc |
Verdict: | Malicious activity |
Analysis date: | January 14, 2022, 23:55:50 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 563328B7A1439A567E7B87C8232F5F44 |
SHA1: | 93D7E9C693364A359F535A4DCA250E61C7429D59 |
SHA256: | 70AD044E9AE1BEAAA97CD9C5478278A765ECC42628C3B1BD13710619821FDF5A |
SSDEEP: | 196608:8Njv+NYQf47AGyT4qreHeoX5icSVHnSHGrVYl7QS9kDkt4G/79Ss5RsQMCA:avOf47CTxe+oX5jSVHSu8QS9kD4J/0Y+ |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | 0x0001 |
ZipCompression: | None |
ZipModifyDate: | 2019:12:30 01:13:19 |
ZipCRC: | 0xec5a7f51 |
ZipCompressedSize: | 129346 |
ZipUncompressedSize: | 129346 |
ZipFileName: | AutoRun.akw.346c9322bc80ff97e126a7a7c3836d31.exe |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3608 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Virus Infection.zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | ||||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 Modules
| |||||||||||||||
3692 | "C:\Windows\explorer.exe" | C:\Windows\explorer.exe | — | Explorer.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
3788 | "C:\Users\admin\Desktop\New folder\Neshta.a.4e2c76a133e445783fa00.exe" | C:\Users\admin\Desktop\New folder\Neshta.a.4e2c76a133e445783fa00.exe | Explorer.EXE | ||||||||||||
User: admin Integrity Level: MEDIUM Exit code: 0 Modules
| |||||||||||||||
1888 | "C:\Users\admin\AppData\Local\Temp\3582-490\Neshta.a.4e2c76a133e445783fa00.exe" | C:\Users\admin\AppData\Local\Temp\3582-490\Neshta.a.4e2c76a133e445783fa00.exe | — | Neshta.a.4e2c76a133e445783fa00.exe | |||||||||||
User: admin Company: Valve Corporation Integrity Level: MEDIUM Description: x64launcher.exe Exit code: 1 Version: 02.92.69.85 Modules
| |||||||||||||||
1496 | "C:\Users\admin\Desktop\New folder\Pioneer.cz.58fab99607afc5da878c0.exe" | C:\Users\admin\Desktop\New folder\Pioneer.cz.58fab99607afc5da878c0.exe | Explorer.EXE | ||||||||||||
User: admin Integrity Level: MEDIUM Exit code: 0 Modules
| |||||||||||||||
3776 | "C:\Users\admin\AppData\Local\Temp\3582-490\Pioneer.cz.58fab99607afc5da878c0.exe" | C:\Users\admin\AppData\Local\Temp\3582-490\Pioneer.cz.58fab99607afc5da878c0.exe | — | Pioneer.cz.58fab99607afc5da878c0.exe | |||||||||||
User: admin Company: AVAST Software Integrity Level: MEDIUM Description: Avast Antivirus Installer Exit code: 3221226540 Version: 18.3.260.0 Modules
| |||||||||||||||
2468 | "C:\Users\admin\AppData\Local\Temp\3582-490\Pioneer.cz.58fab99607afc5da878c0.exe" | C:\Users\admin\AppData\Local\Temp\3582-490\Pioneer.cz.58fab99607afc5da878c0.exe | Pioneer.cz.58fab99607afc5da878c0.exe | ||||||||||||
User: admin Company: AVAST Software Integrity Level: HIGH Description: Avast Antivirus Installer Exit code: 0 Version: 18.3.260.0 Modules
| |||||||||||||||
2668 | "C:\Users\admin\Desktop\New folder\Parite.b.5c15290b2664afab8cb40.exe" | C:\Users\admin\Desktop\New folder\Parite.b.5c15290b2664afab8cb40.exe | Explorer.EXE | ||||||||||||
User: admin Integrity Level: MEDIUM Exit code: 0 Modules
| |||||||||||||||
3192 | "C:\Users\admin\AppData\Local\Temp\3582-490\Parite.b.5c15290b2664afab8cb40.exe" | C:\Users\admin\AppData\Local\Temp\3582-490\Parite.b.5c15290b2664afab8cb40.exe | — | Parite.b.5c15290b2664afab8cb40.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: install Exit code: 3221226540 Version: 3, 0, 0, 0 Modules
| |||||||||||||||
628 | "C:\Users\admin\AppData\Local\Temp\3582-490\Parite.b.5c15290b2664afab8cb40.exe" | C:\Users\admin\AppData\Local\Temp\3582-490\Parite.b.5c15290b2664afab8cb40.exe | Parite.b.5c15290b2664afab8cb40.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: install Exit code: 0 Version: 3, 0, 0, 0 Modules
|
(PID) Process: | (3608) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (3608) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (3608) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (3608) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
(PID) Process: | (3608) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
(PID) Process: | (3608) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\Virus Infection.zip | |||
(PID) Process: | (3608) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (3608) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (3608) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (3608) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3608 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3608.22202\Hidrag.a.d99ccff80df6a7f290fdeeed1b341ae5.exe | executable | |
MD5:D99CCFF80DF6A7F290FDEEED1B341AE5 | SHA256:E9EF7A854CB2E8594B72CF273AAC8B9576A4760643BBC0F8F09D505B02CE7C69 | |||
3608 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3608.22202\Renamer.k.73dff1c450ac7df11c7b3f7f3d261569.exe | executable | |
MD5:73DFF1C450AC7DF11C7B3F7F3D261569 | SHA256:910661D15113E1BB4FA8A7C819D54EE0B6969DA73B1FBCB414D6199032528BE7 | |||
3608 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3608.22202\Nimnul.c.cc58573c97ac19f61e1c2f36098061cf.exe | executable | |
MD5:CC58573C97AC19F61E1C2F36098061CF | SHA256:F07692154642AFBF01F12081E7DC6C124B80D2C5A80BA164534E81385945C4B1 | |||
1108 | Explorer.EXE | C:\Users\admin\Desktop\New folder\Nimnul.c.cc58573c97ac19f61e1c2f36098061cf.exe | executable | |
MD5:CC58573C97AC19F61E1C2F36098061CF | SHA256:F07692154642AFBF01F12081E7DC6C124B80D2C5A80BA164534E81385945C4B1 | |||
3608 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3608.22202\Neshta.a.4e2c76a133e445783fa00.exe | executable | |
MD5:05B931C1C704E2C76A133E445783FA00 | SHA256:26F3239EFEEE13EF98DC6395298CBC943E45F246CE73F7D138D3E787E782E26A | |||
3608 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3608.22202\Renamer.h.f6b1d9829e787805d5f4c096350e8cfc.exe | executable | |
MD5:F6B1D9829E787805D5F4C096350E8CFC | SHA256:D590E77F2B9F45FFE1C0E28A44105B6A50DDA63865A07D11F77147E154931946 | |||
3608 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3608.22202\Renamer.r.b83f9d710264a26cbe2cd36a3de05088.exe | executable | |
MD5:B83F9D710264A26CBE2CD36A3DE05088 | SHA256:7CA4912FA1E45BC87CFCAA758177E533E09A0862B3B77F87578D87A9A8960E20 | |||
3608 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3608.22202\Sality.ae.53a84290774665e9fcfc1576680c25c0.exe | executable | |
MD5:53A84290774665E9FCFC1576680C25C0 | SHA256:0B31FCBACA9227F3C4BED00E36B6206D6D27B23C3F93330C9BD3645245EA12ED | |||
3608 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3608.22202\Sality.aa.19e1c7f135f68a611774b74fdde7c654.exe | executable | |
MD5:19E1C7F135F68A611774B74FDDE7C654 | SHA256:7A7FDC74AD34EEBBA03EF14210B82F3DE575780AF9BE06B13B4BAA2ECDE37BB5 | |||
3608 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3608.22202\Sality.s.795c5088f67de4bfbf81fcbf8b0fea1f.exe | executable | |
MD5:795C5088F67DE4BFBF81FCBF8B0FEA1F | SHA256:E34A59CFA956FB35C201BEAD3B4D78521CC78EDB86F4455BC1CFED820290608F |
Domain | IP | Reputation |
---|---|---|
www.google-analytics.com |
| whitelisted |
Process | Message |
---|---|
Parite.b.5c15290b2664afab8cb40.exe | PCRatStact |
Parite.b.5c15290b2664afab8cb40.exe | ��ACtiveX ��װ |
Parite.b.5c15290b2664afab8cb40.exe | {20991BB9-644B-46b6-AFB0-34510C1B8E8E} |
Parite.b.5c15290b2664afab8cb40.exe | ACtiveX ��װ��� |
Parite.b.5c15290b2664afab8cb40.exe | ��������¼ |
Parite.b.5c15290b2664afab8cb40.exe | д��ini�ļ� |
Parite.b.5c15290b2664afab8cb40.exe | C:\Windows\system32\inxjymong.exe_lang.ini |
Parite.b.5c15290b2664afab8cb40.exe | u1ajHXZAyHBB3nhP4HTSHw== |
Parite.b.5c15290b2664afab8cb40.exe | icon=0 |
Parite.b.5c15290b2664afab8cb40.exe | ReleaseResource�ɹ� |