File name: | 6681081937854464.zip |
Full analysis: | https://app.any.run/tasks/3057f9cb-9b2f-444e-a12d-3dc89cf1c653 |
Verdict: | Malicious activity |
Analysis date: | November 16, 2019, 08:51:26 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 87C82B2D261DFA7A05FCEBFFE02F4FBA |
SHA1: | B8067014FBB4A7F5CE371685C737A2B8CB3AA7B2 |
SHA256: | 797EB47367B43B8478BD4ACE76A3FD1DB33C765ACF6F4E04BC757E856657CDCA |
SSDEEP: | 12288:p1naj+3WVqzZNvZfPME64AVN64Ajw8OrKnq/GS:XMCTvZHM4AXgwnAq// |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | 0x0009 |
ZipCompression: | Deflated |
ZipModifyDate: | 1980:00:00 00:00:00 |
ZipCRC: | 0xdab2328b |
ZipCompressedSize: | 697403 |
ZipUncompressedSize: | 708608 |
ZipFileName: | 5b7dbc2dd059900da712e79a21a3d5dff4ece1d005d888478b2f8315cee6d56d |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2132 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\6681081937854464.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe | |||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 Modules
| |||||||||||||||
940 | "C:\Users\admin\Desktop\s.exe" | C:\Users\admin\Desktop\s.exe | — | explorer.exe | |||||||||||
User: admin Company: MPT34M Integrity Level: MEDIUM Description: cr4cking th3 cod3 4 fun! Exit code: 3221226540 Version: 1.0 Modules
| |||||||||||||||
976 | "C:\Users\admin\Desktop\s.exe" | C:\Users\admin\Desktop\s.exe | explorer.exe | ||||||||||||
User: admin Company: MPT34M Integrity Level: HIGH Description: cr4cking th3 cod3 4 fun! Version: 1.0 Modules
| |||||||||||||||
2076 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | s.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
4028 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | s.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
1928 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2076 CREDAT:79873 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
3928 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4028 CREDAT:79873 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
2132 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb2132.31508\5b7dbc2dd059900da712e79a21a3d5dff4ece1d005d888478b2f8315cee6d56d | — | |
MD5:— | SHA256:— | |||
4028 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
4028 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2076 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2076 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2076 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF8135E833D896F091.TMP | — | |
MD5:— | SHA256:— | |||
2076 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFA50A9E676F8D0E8D.TMP | — | |
MD5:— | SHA256:— | |||
2076 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF9058FED689343F18.TMP | — | |
MD5:— | SHA256:— | |||
2076 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFE0C2B8BD39F776D6.TMP | — | |
MD5:— | SHA256:— | |||
2076 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{64A2FB30-084E-11EA-AB41-5254004A04AF}.dat | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1928 | iexplore.exe | GET | — | 91.223.82.39:80 | http://www.mpt34m.net/images/zen_18_dropdown_v1_2_1.gif | NL | — | — | malicious |
1928 | iexplore.exe | GET | — | 91.223.82.39:80 | http://www.mpt34m.net/images/zen_18_dropdown_v1_2_4.gif | NL | — | — | malicious |
1928 | iexplore.exe | GET | — | 91.223.82.39:80 | http://www.mpt34m.net/images/zen_18_dropdown_v1_2_5.gif | NL | — | — | malicious |
1928 | iexplore.exe | GET | 200 | 91.223.82.39:80 | http://www.mpt34m.net/documents/scripts.js | NL | text | 90 b | malicious |
1928 | iexplore.exe | GET | — | 91.223.82.39:80 | http://www.mpt34m.net/1amos_1.png | NL | — | — | malicious |
1928 | iexplore.exe | GET | — | 91.223.82.39:80 | http://www.mpt34m.net/extimages/scripts/login_r.png | NL | — | — | malicious |
1928 | iexplore.exe | GET | — | 91.223.82.39:80 | http://www.mpt34m.net/extimages/scripts/login_m.png | NL | — | — | malicious |
1928 | iexplore.exe | GET | 200 | 91.223.82.39:80 | http://www.mpt34m.net/ | NL | html | 15.7 Kb | malicious |
1928 | iexplore.exe | GET | 200 | 91.223.82.39:80 | http://www.mpt34m.net/documents/textstyles_nf.css | NL | text | 35.3 Kb | malicious |
1928 | iexplore.exe | GET | 200 | 91.223.82.39:80 | http://www.mpt34m.net/images/bgmpt03_bestselenium.jpg | NL | image | 216 Kb | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4028 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2076 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
1928 | iexplore.exe | 216.58.206.10:443 | ajax.googleapis.com | Google Inc. | US | whitelisted |
1928 | iexplore.exe | 173.194.76.82:443 | html5shiv.googlecode.com | Google Inc. | US | whitelisted |
1928 | iexplore.exe | 91.223.82.39:80 | www.mpt34m.net | Iws Networks LLC | NL | malicious |
1928 | iexplore.exe | 69.171.250.25:443 | connect.facebook.net | Facebook, Inc. | US | suspicious |
1928 | iexplore.exe | 31.13.92.36:443 | www.facebook.com | Facebook, Inc. | IE | whitelisted |
1928 | iexplore.exe | 69.171.250.25:80 | connect.facebook.net | Facebook, Inc. | US | suspicious |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
www.mpt34m.net |
| malicious |
html5shiv.googlecode.com |
| whitelisted |
ajax.googleapis.com |
| whitelisted |
connect.facebook.net |
| whitelisted |
www.facebook.com |
| whitelisted |