File name: | Virus Infection.zip |
Full analysis: | https://app.any.run/tasks/6ad658f6-5852-43f4-b6a0-cf416eb9f654 |
Verdict: | Malicious activity |
Analysis date: | January 14, 2022, 23:58:01 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 563328B7A1439A567E7B87C8232F5F44 |
SHA1: | 93D7E9C693364A359F535A4DCA250E61C7429D59 |
SHA256: | 70AD044E9AE1BEAAA97CD9C5478278A765ECC42628C3B1BD13710619821FDF5A |
SSDEEP: | 196608:8Njv+NYQf47AGyT4qreHeoX5icSVHnSHGrVYl7QS9kDkt4G/79Ss5RsQMCA:avOf47CTxe+oX5jSVHSu8QS9kD4J/0Y+ |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | 0x0001 |
ZipCompression: | None |
ZipModifyDate: | 2019:12:30 01:13:19 |
ZipCRC: | 0xec5a7f51 |
ZipCompressedSize: | 129346 |
ZipUncompressedSize: | 129346 |
ZipFileName: | AutoRun.akw.346c9322bc80ff97e126a7a7c3836d31.exe |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3860 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Virus Infection.zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | ||||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 Modules
| |||||||||||||||
3368 | "C:\Users\admin\Desktop\New folder\Sality.gen.55a00c72391b2e89c4500.exe" | C:\Users\admin\Desktop\New folder\Sality.gen.55a00c72391b2e89c4500.exe | Explorer.EXE | ||||||||||||
User: admin Company: Tonec Inc. Integrity Level: MEDIUM Description: Internet Download Manager agent for click monitoring in IE-based browsers Version: 6, 22, 1, 1 Modules
| |||||||||||||||
784 | taskeng.exe {3901DEF8-731D-4EFC-B458-65638CE999E3} | C:\Windows\system32\taskeng.exe | svchost.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Task Scheduler Engine Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
592 | "C:\Windows\system32\Dwm.exe" | C:\Windows\system32\Dwm.exe | svchost.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Desktop Window Manager Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
1656 | C:\Windows\Explorer.EXE | C:\Windows\Explorer.EXE | — | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
1120 | C:\Windows\System32\ctfmon.exe | C:\Windows\System32\ctfmon.exe | taskeng.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: CTF Loader Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
3076 | C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} | C:\Windows\system32\DllHost.exe | svchost.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: COM Surrogate Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
3272 | "C:\Users\admin\Desktop\New folder\Renamer.j.13047ece5b2000329b0ef36f5d45b70a.exe" | C:\Users\admin\Desktop\New folder\Renamer.j.13047ece5b2000329b0ef36f5d45b70a.exe | Explorer.EXE | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
3628 | "C:\Users\admin\Desktop\New folder\Renamer.k.73dff1c450ac7df11c7b3f7f3d261569.exe" | C:\Users\admin\Desktop\New folder\Renamer.k.73dff1c450ac7df11c7b3f7f3d261569.exe | Explorer.EXE | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
3176 | "C:\Users\admin\Desktop\New folder\Renamer.r.b83f9d710264a26cbe2cd36a3de05088.exe" | C:\Users\admin\Desktop\New folder\Renamer.r.b83f9d710264a26cbe2cd36a3de05088.exe | Explorer.EXE | ||||||||||||
User: admin Integrity Level: MEDIUM Exit code: 3221225477 Modules
|
(PID) Process: | (1656) Explorer.EXE | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (3860) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (3860) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (3860) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (1656) Explorer.EXE | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.zip\OpenWithList |
Operation: | write | Name: | MRUList |
Value: a | |||
(PID) Process: | (3860) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
(PID) Process: | (3860) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
(PID) Process: | (3860) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\Virus Infection.zip | |||
(PID) Process: | (3860) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (3860) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3860 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3860.35006\AutoRun.akw.346c9322bc80ff97e126a7a7c3836d31.exe | executable | |
MD5:346C9322BC80FF97E126A7A7C3836D31 | SHA256:FE0023D84CFEFBE4A8F22E7C9E3CFA35B64F2CBCCFE5C7A0C4CC6502CE49CB70 | |||
3860 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3860.35006\Sality.a.4575f1b529a64524ea52b160bb8fc08f.exe | executable | |
MD5:4575F1B529A64524EA52B160BB8FC08F | SHA256:F63D716BBA0290D410C0CF83C9CD8450B970F6AA0C31D9220EE18E3BB2C2E389 | |||
3860 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3860.35006\Sality.aa.29f7a632ac271d2f9f38244359cc1422.exe | executable | |
MD5:29F7A632AC271D2F9F38244359CC1422 | SHA256:F8B85EFE253A4A3CA7885F0AB9785EB07DA338064D0580EBB9CC7CC85EAB7A56 | |||
3860 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3860.35006\Hidrag.a.d99ccff80df6a7f290fdeeed1b341ae5.exe | executable | |
MD5:D99CCFF80DF6A7F290FDEEED1B341AE5 | SHA256:E9EF7A854CB2E8594B72CF273AAC8B9576A4760643BBC0F8F09D505B02CE7C69 | |||
3860 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3860.35006\Sality.aa.19e1c7f135f68a611774b74fdde7c654.exe | executable | |
MD5:19E1C7F135F68A611774B74FDDE7C654 | SHA256:7A7FDC74AD34EEBBA03EF14210B82F3DE575780AF9BE06B13B4BAA2ECDE37BB5 | |||
3860 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3860.35006\Renamer.r.b83f9d710264a26cbe2cd36a3de05088.exe | executable | |
MD5:B83F9D710264A26CBE2CD36A3DE05088 | SHA256:7CA4912FA1E45BC87CFCAA758177E533E09A0862B3B77F87578D87A9A8960E20 | |||
3860 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3860.35006\Renamer.h.f6b1d9829e787805d5f4c096350e8cfc.exe | executable | |
MD5:F6B1D9829E787805D5F4C096350E8CFC | SHA256:D590E77F2B9F45FFE1C0E28A44105B6A50DDA63865A07D11F77147E154931946 | |||
3860 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3860.35006\Parite.b.5c15290b2664afab8cb40.exe | executable | |
MD5:AAFF9E122D25C15290B2664AFAB8CB40 | SHA256:C4B7F097A8CD947923C22B88B49201C87248C09B11019C37E6723AC5C9857DBF | |||
3860 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3860.35006\Nimnul.c.cc58573c97ac19f61e1c2f36098061cf.exe | executable | |
MD5:CC58573C97AC19F61E1C2F36098061CF | SHA256:F07692154642AFBF01F12081E7DC6C124B80D2C5A80BA164534E81385945C4B1 | |||
3860 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3860.35006\Pioneer.cz.58fab99607afc5da878c0.exe | executable | |
MD5:8FA01C020B258FAB99607AFC5DA878C0 | SHA256:06ADB5C99DBDE201127495697C0C11798FA7032A98FC4AF40C85CC24AA4BD238 |
Domain | IP | Reputation |
---|---|---|
www.google-analytics.com |
| whitelisted |
Process | Message |
---|---|
gParite.b.5c15290b2664afab8cb40.exe | PCRatStact |
gParite.b.5c15290b2664afab8cb40.exe | ��ACtiveX ��װ |
gParite.b.5c15290b2664afab8cb40.exe | {BFC13D9B-24A1-4c37-8638-0FB5E347E064} |
gParite.b.5c15290b2664afab8cb40.exe | ACtiveX ��װ��� |
gParite.b.5c15290b2664afab8cb40.exe | ��������¼ |
gParite.b.5c15290b2664afab8cb40.exe | д��ini�ļ� |
gParite.b.5c15290b2664afab8cb40.exe | C:\Windows\system32\inpsutmlb.exe_lang.ini |
gParite.b.5c15290b2664afab8cb40.exe | u1ajHXZAyHBB3nhP4HTSHw== |
gParite.b.5c15290b2664afab8cb40.exe | icon=0 |
gParite.b.5c15290b2664afab8cb40.exe | ReleaseResource�ɹ� |