File name: | OhGodAnETHlargementPill2.zip |
Full analysis: | https://app.any.run/tasks/d2198f17-cbe8-4de4-9ea6-15530d934597 |
Verdict: | Malicious activity |
Analysis date: | November 29, 2020, 15:43:21 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | BDA94860F1E32106830524A890E0C29B |
SHA1: | 9A7C14BC49F95AD1CFE477D54560D888858D8E7F |
SHA256: | 7688D311B615F063DC5BF828D6C5552CC19F55275CE01637D741BAEE4F8F987C |
SSDEEP: | 49152:mhhEIT7yiz10dPkP0hvQqxz4OJfby7uj6wLMicr:mhKIT7yiJykMZL1by76YL |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | README.md |
---|---|
ZipUncompressedSize: | 91 |
ZipCompressedSize: | 84 |
ZipCRC: | 0x0fd0df0b |
ZipModifyDate: | 2020:01:17 17:20:25 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1120 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\OhGodAnETHlargementPill2.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2116 | "C:\Users\admin\Desktop\ETHlargementPill-r2.exe" | C:\Users\admin\Desktop\ETHlargementPill-r2.exe | — | explorer.exe |
User: admin Company: Integrity Level: MEDIUM Description: Setup/Uninstall Exit code: 1 Version: 51.1052.0.0 | ||||
2216 | "C:\Users\admin\Desktop\ETHlargementPill-r2.exe" /SPAWNWND=$30174 /NOTIFYWND=$30174 | C:\Users\admin\Desktop\ETHlargementPill-r2.exe | ETHlargementPill-r2.exe | |
User: admin Company: Integrity Level: HIGH Description: Setup/Uninstall Exit code: 1 Version: 51.1052.0.0 | ||||
3184 | "C:\Users\admin\Desktop\ETHlargementPill-r2.exe" /VERYSILENT | C:\Users\admin\Desktop\ETHlargementPill-r2.exe | ETHlargementPill-r2.exe | |
User: admin Company: Integrity Level: HIGH Description: Setup/Uninstall Exit code: 0 Version: 51.1052.0.0 | ||||
2928 | "C:\Users\admin\AppData\Local\Temp\TaskAudio Driver.exe" | C:\Users\admin\AppData\Local\Temp\TaskAudio Driver.exe | — | ETHlargementPill-r2.exe |
User: admin Integrity Level: HIGH | ||||
2572 | "C:\Windows\system32\notepad.exe" | C:\Windows\system32\notepad.exe | — | TaskAudio Driver.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Notepad Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2072 | "C:\Windows\system32\cmd.exe" | C:\Windows\system32\cmd.exe | — | notepad.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1464 | "C:\Windows\system32\cmd.exe" | C:\Windows\system32\cmd.exe | — | notepad.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
960 | "C:\Windows\system32\cmd.exe" | C:\Windows\system32\cmd.exe | — | notepad.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2560 | "C:\Windows\system32\cmd.exe" | C:\Windows\system32\cmd.exe | — | notepad.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1120 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1120.45820\README.md | — | |
MD5:— | SHA256:— | |||
1120 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1120.45820\ETHlargementPill-r2.exe | — | |
MD5:— | SHA256:— | |||
1120 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1120.45820\OhGodAnETHlargementPill-r2 | — | |
MD5:— | SHA256:— | |||
1120 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1120.45820\ETHlargementPill-r2-0.bin | — | |
MD5:— | SHA256:— | |||
1120 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1120.45820\ETHlargementPill-r2-1.bin | — | |
MD5:— | SHA256:— | |||
3184 | ETHlargementPill-r2.exe | C:\Users\admin\AppData\Local\Temp\is-H9LPG.tmp | — | |
MD5:— | SHA256:— | |||
3184 | ETHlargementPill-r2.exe | C:\Users\admin\AppData\Local\Temp\is-OGN66.tmp | — | |
MD5:— | SHA256:— | |||
3184 | ETHlargementPill-r2.exe | C:\Users\admin\AppData\Local\Temp\is-2K38R.tmp | — | |
MD5:— | SHA256:— | |||
3184 | ETHlargementPill-r2.exe | C:\Users\admin\AppData\Local\Temp\is-FH16D.tmp | — | |
MD5:— | SHA256:— | |||
3184 | ETHlargementPill-r2.exe | C:\Users\admin\AppData\Local\Temp\OhGodAnETHlargementPill-r2 | o | |
MD5:90075AE438C3445B8B688519171D65A0 | SHA256:6F731C2372FAF51B26ADC96D4E8A1437A515F4F78DE8AD1AB81E63BF6D60056A |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 151.101.12.193:443 | i.imgur.com | Fastly | US | malicious |
Domain | IP | Reputation |
---|---|---|
i.imgur.com |
| shared |