File name: | auu.rar |
Full analysis: | https://app.any.run/tasks/ab757126-4542-46be-8e07-7d058350d0e6 |
Verdict: | Malicious activity |
Analysis date: | March 31, 2020, 08:34:38 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | C9120696039D6D5B26A4F1948F17B2E5 |
SHA1: | 8A91B365AEE73D2D200DAAC2D364575301B870DF |
SHA256: | 79357AFCBEC66BE0031CFB71B9EFC7D4690417957090B22DC4EC7E4D7DC98591 |
SSDEEP: | 24576:1pGTe2foW8HWRJkR/j5GMyziEXMHBhx/HTjaSTYiBI+5CW2UA2DWQI4pf6UGTe2c:GIW8HWRJkJthwMhD3aSbBI+YU5MIW8HP |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2804 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\auu.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3548 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
3424 | "C:\Users\admin\Desktop\NordVpn Checker Account By X-KILLER\NordVpn Checker Account By X-KILLER.exe" | C:\Users\admin\Desktop\NordVpn Checker Account By X-KILLER\NordVpn Checker Account By X-KILLER.exe | explorer.exe | |
User: admin Integrity Level: HIGH Description: interface Exit code: 0 Version: 1.0.0.0 | ||||
3128 | "C:\Windows\Program Files (x86)\Microsoft Host Interface\bin\Microsoft Windows Protocol Services Host.exe" {Arguments If Needed} | C:\Windows\Program Files (x86)\Microsoft Host Interface\bin\Microsoft Windows Protocol Services Host.exe | — | NordVpn Checker Account By X-KILLER.exe |
User: admin Integrity Level: HIGH Description: Microsoft Windows Protocol Services Host Version: 1.0.0.0 | ||||
3996 | "C:\Users\admin\Desktop\NordVpn Checker Account By X-KILLER\bin\X-KILLER Serv.exe" {Arguments If Needed} | C:\Users\admin\Desktop\NordVpn Checker Account By X-KILLER\bin\X-KILLER Serv.exe | NordVpn Checker Account By X-KILLER.exe | |
User: admin Integrity Level: HIGH Description: checker by X-KILLER Version: 1.0.0.0 | ||||
3924 | "C:\Windows\Program Files (x86)\Microsoft Host Interface\bin\Host del servicio Monitor.exe" | C:\Windows\Program Files (x86)\Microsoft Host Interface\bin\Host del servicio Monitor.exe | — | Microsoft Windows Protocol Services Host.exe |
User: admin Integrity Level: HIGH Description: Microsoft Windows Protocol Monitor Version: 1.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2804 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2804.2424\NordVpn Checker Account By X-KILLER\SkinSoft.VisualStyler.dll | — | |
MD5:— | SHA256:— | |||
2804 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2804.2424\NordVpn Checker Account By X-KILLER\Virus Total\desktop.ini | — | |
MD5:— | SHA256:— | |||
2804 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2804.2424\NordVpn Checker Account By X-KILLER\Virus Total\scan.txt | — | |
MD5:— | SHA256:— | |||
2804 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2804.2424\NordVpn Checker Account By X-KILLER\xNet.dll | — | |
MD5:— | SHA256:— | |||
3424 | NordVpn Checker Account By X-KILLER.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Startup.lnk | lnk | |
MD5:6379E03EF3C569AAC6B11AA9A45A041D | SHA256:CAA47864AE8B45E59248EAA0B63AC4EAB7B1094F386135672CC339A58A351409 | |||
2804 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2804.2424\NordVpn Checker Account By X-KILLER\NordVpn Checker Account By X-KILLER.exe | executable | |
MD5:157DC17352A09048D99C70FF590647B4 | SHA256:B5D2E8ECAFD75E10E5A8E095DE13D702F8FB0E32024C0C188C9208A052356592 | |||
2804 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2804.2424\NordVpn Checker Account By X-KILLER\bin\SkinSoft.VisualStyler.dll | executable | |
MD5:2D84A619D4BD339F860CB48AF0C9B6C8 | SHA256:365FFDE7DF914840EB21C96F34C39912A4B031E3814B8E902B67ACEE6DFF65A1 | |||
2804 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2804.2424\NordVpn Checker Account By X-KILLER\bin\Microsoft Windows Protocol Services Host.exe | executable | |
MD5:CD6242455E74BEEEF78E9954E4F8F4E6 | SHA256:35EAFBF9D0B2AEB388C7BDD133A08BBA856C3569734824A6926754ABD26B28E1 | |||
3424 | NordVpn Checker Account By X-KILLER.exe | C:\Windows\Program Files (x86)\Microsoft Host Interface\bin\Host del servicio Monitor.exe | executable | |
MD5:94E8BA6252CD134661B36ED83B205C8E | SHA256:1DA772EFD33F6FFDB470CE076F3F5DB87F8691B980A2022B111B859C0ADC2AB0 | |||
2804 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2804.2424\NordVpn Checker Account By X-KILLER\bin\X-KILLER Serv.exe | executable | |
MD5:97F09CDC26D5D74CF7F63E4223809F46 | SHA256:8381D7E7C7F0D1BFF3D18FCB6B8DFC63D6A8943887E4BC105C8F225513EED832 |