File name: | ef694b89ad7addb9a16bb6f26f1efaf7.zip |
Full analysis: | https://app.any.run/tasks/23cb6b08-16e5-4db6-9c6b-d0488ceae0f2 |
Verdict: | Malicious activity |
Analysis date: | December 18, 2018, 18:25:36 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 472DAD457F3FA25BB2DDC4651BC5B1AA |
SHA1: | 02F4EA9B9CB396084A4C84524FD0C8B610E79C1F |
SHA256: | 71AB4A7737C27C681AFD5BFEAD465BC5517F07D75117FCDD578B326978AD1751 |
SSDEEP: | 98304:yuSH6TDf+rn2t/qrut1FC2UgXNfEC2SKZLAg07:oHWDfin2Jqy6eNMC27x07 |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | 0x0009 |
ZipCompression: | Deflated |
ZipModifyDate: | 2017:10:05 10:37:23 |
ZipCRC: | 0x0ed3df61 |
ZipCompressedSize: | 3670511 |
ZipUncompressedSize: | 7680216 |
ZipFileName: | ef694b89ad7addb9a16bb6f26f1efaf7 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3056 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\ef694b89ad7addb9a16bb6f26f1efaf7.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2468 | "C:\Users\admin\Desktop\ef694b89ad7addb9a16bb6f26f1efaf7.exe" | C:\Users\admin\Desktop\ef694b89ad7addb9a16bb6f26f1efaf7.exe | — | explorer.exe |
User: admin Company: Piriform Ltd Integrity Level: MEDIUM Description: CCleaner Exit code: 0 Version: 5, 33, 00, 6162 | ||||
2720 | "C:\Users\admin\Desktop\ef694b89ad7addb9a16bb6f26f1efaf7.exe" /uac | C:\Users\admin\Desktop\ef694b89ad7addb9a16bb6f26f1efaf7.exe | ef694b89ad7addb9a16bb6f26f1efaf7.exe | |
User: admin Company: Piriform Ltd Integrity Level: HIGH Description: CCleaner Exit code: 0 Version: 5, 33, 00, 6162 | ||||
1324 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | ef694b89ad7addb9a16bb6f26f1efaf7.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3464 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1324 CREDAT:79873 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3332 | "C:\Users\admin\Desktop\ef694b89ad7addb9a16bb6f26f1efaf7.exe" | C:\Users\admin\Desktop\ef694b89ad7addb9a16bb6f26f1efaf7.exe | explorer.exe | |
User: admin Company: Piriform Ltd Integrity Level: HIGH Description: CCleaner Exit code: 0 Version: 5, 33, 00, 6162 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3056 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3056.8052\ef694b89ad7addb9a16bb6f26f1efaf7 | — | |
MD5:— | SHA256:— | |||
2720 | ef694b89ad7addb9a16bb6f26f1efaf7.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\cookies.sqlite-shm | — | |
MD5:— | SHA256:— | |||
2720 | ef694b89ad7addb9a16bb6f26f1efaf7.exe | C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\qldyz51w.default\webappsstore.sqlite-shm | — | |
MD5:— | SHA256:— | |||
2720 | ef694b89ad7addb9a16bb6f26f1efaf7.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\AS6UM7HARNPQI7OW85MG.temp | — | |
MD5:— | SHA256:— | |||
2720 | ef694b89ad7addb9a16bb6f26f1efaf7.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\LPKQUXTENOZ3Y720089E.temp | — | |
MD5:— | SHA256:— | |||
1324 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
1324 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
1324 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF91724241750275EC.TMP | — | |
MD5:— | SHA256:— | |||
1324 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF20641EB274AEE46C.TMP | — | |
MD5:— | SHA256:— | |||
1324 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF9EE26B6FBAFB9AC6.TMP | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2720 | ef694b89ad7addb9a16bb6f26f1efaf7.exe | GET | 301 | 151.101.0.64:80 | http://www.piriform.com/auto?a=0&p=cc&v=5.33.6162&l=1033&lk=&mk=IJR6-W5SV-5KYR-QBZD-6BY4-RN5Z-WAV9-RVK2-VJCA&o=6.1W3&au=1 | US | — | — | whitelisted |
3332 | ef694b89ad7addb9a16bb6f26f1efaf7.exe | GET | 301 | 151.101.0.64:80 | http://www.piriform.com/auto?a=0&p=cc&v=5.33.6162&l=1033&lk=&mk=IJR6-W5SV-5KYR-QBZD-6BY4-RN5Z-WAV9-RVK2-VJCA&o=6.1W3&au=1 | US | — | — | whitelisted |
1324 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1324 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2720 | ef694b89ad7addb9a16bb6f26f1efaf7.exe | 151.101.0.64:80 | www.piriform.com | Fastly | US | whitelisted |
2720 | ef694b89ad7addb9a16bb6f26f1efaf7.exe | 151.101.2.202:443 | www.ccleaner.com | Fastly | US | suspicious |
2720 | ef694b89ad7addb9a16bb6f26f1efaf7.exe | 151.101.0.64:443 | www.piriform.com | Fastly | US | whitelisted |
3464 | iexplore.exe | 151.101.0.64:443 | www.piriform.com | Fastly | US | whitelisted |
3332 | ef694b89ad7addb9a16bb6f26f1efaf7.exe | 151.101.0.64:443 | www.piriform.com | Fastly | US | whitelisted |
3332 | ef694b89ad7addb9a16bb6f26f1efaf7.exe | 151.101.0.64:80 | www.piriform.com | Fastly | US | whitelisted |
3332 | ef694b89ad7addb9a16bb6f26f1efaf7.exe | 151.101.2.202:443 | www.ccleaner.com | Fastly | US | suspicious |
Domain | IP | Reputation |
---|---|---|
www.piriform.com |
| whitelisted |
www.ccleaner.com |
| whitelisted |
www.bing.com |
| whitelisted |