download: | coonzie.rar |
Full analysis: | https://app.any.run/tasks/1ed3632d-bd80-4e07-ae9e-cf8027f07595 |
Verdict: | Malicious activity |
Analysis date: | February 19, 2019, 04:11:33 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 93D5DCEAD0359638073D5D7ED32AA073 |
SHA1: | 722A0E91EE57CB0114006C847A298F40B3E3AA17 |
SHA256: | 7352D9CC074C066B65C37C4949FD02292822EEEC7DA6C9FE7912BBEB92194083 |
SSDEEP: | 24576:WreLXN0LziqRPLHa8URfn3N8YNya6VWPQfxW4eH1BOKiVLRA8LE:gK0LziqRDA3HyaqWPQfunEVLRA8LE |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3036 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\coonzie.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
760 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2220 | "C:\Users\admin\Desktop\Coonzie.exe" | C:\Users\admin\Desktop\Coonzie.exe | explorer.exe | |
User: admin Company: egg Integrity Level: MEDIUM Description: Coonzie Version: 1.0.0.0 | ||||
3796 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | Coonzie.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
1860 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3796 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3376 | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe -Embedding | C:\Windows\system32\Macromed\Flash\FlashUtil32_26_0_0_131_ActiveX.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe® Flash® Player Installer/Uninstaller 26.0 r0 Version: 26,0,0,131 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3036 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3036.2397\Bunifu_UI_v1.5.3.dll | — | |
MD5:— | SHA256:— | |||
3796 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3796 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
1860 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\quest[1].txt | — | |
MD5:— | SHA256:— | |||
1860 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\U2ZG9DE0\oksdk[1].js | text | |
MD5:E7041094CACE12DE243AB69EC85736D5 | SHA256:D3AB629C56CECDE61062379DC1140881FD050F17385E4244C28F0CF23A3C989B | |||
1860 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\js[1] | text | |
MD5:8D88485065617D3A271A1228B33604B1 | SHA256:A626F6392F9E8C8DB001EC8A0DC6D0BACC85AED16EA7DB1475117EA39DACB917 | |||
3036 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3036.2397\Coonzie.exe | executable | |
MD5:5EB494AFA1DC62EF2B6AB5B1508F29EA | SHA256:6DBF8F1DC857C10C18C0FFD5FA35339563F72ADA1AF49915C105C5CE1006E8A0 | |||
1860 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@google[1].txt | text | |
MD5:C44A746E71F0D291B38158E5E6FBE27C | SHA256:B96631F4C73FD4A50EA9CA0B481BA098CCF8EB232678828810AD59A1EE6C860A | |||
1860 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\quest[1].htm | html | |
MD5:E27D6A92F23C1C250B1F2C333BC58C2A | SHA256:FE7A8F536FA80F6EEF53B99CA8900E87E81581B616A1681F0B9CBD3A965AB8FA | |||
3036 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3036.2397\WeAreDevs_API.dll | executable | |
MD5:2244C2800311A7C4F2141CD1E5D162AB | SHA256:A79318C2174CA45B6DB8A2564A8679CFBEE16EC6A2FD726603BB04B15A702DDF |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3796 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1860 | iexplore.exe | 216.58.207.78:443 | apis.google.com | Google Inc. | US | whitelisted |
1860 | iexplore.exe | 77.88.21.90:443 | an.yandex.ru | YANDEX LLC | RU | whitelisted |
1860 | iexplore.exe | 93.158.134.119:443 | mc.yandex.ru | YANDEX LLC | RU | whitelisted |
1860 | iexplore.exe | 172.217.18.2:443 | www.googletagservices.com | Google Inc. | US | whitelisted |
3796 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
1860 | iexplore.exe | 74.125.206.156:443 | stats.g.doubleclick.net | Google Inc. | US | whitelisted |
2220 | Coonzie.exe | 104.20.208.21:443 | pastebin.com | Cloudflare Inc | US | shared |
1860 | iexplore.exe | 216.58.207.42:443 | ajax.googleapis.com | Google Inc. | US | whitelisted |
1860 | iexplore.exe | 109.234.153.51:443 | setquest.com | OOO Network of data-centers Selectel | RU | unknown |
1860 | iexplore.exe | 172.217.23.174:443 | www.google-analytics.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
pastebin.com |
| shared |
www.bing.com |
| whitelisted |
setquest.com |
| whitelisted |
apis.google.com |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
ajax.googleapis.com |
| whitelisted |
vk.com |
| whitelisted |
maxcdn.bootstrapcdn.com |
| whitelisted |
mc.yandex.ru |
| whitelisted |
www.google-analytics.com |
| whitelisted |