File name: | OP Tool.zip |
Full analysis: | https://app.any.run/tasks/6e5c7701-0e27-4213-be38-bd0d35cb8b32 |
Verdict: | Malicious activity |
Analysis date: | November 17, 2019, 04:14:17 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 32B2C86AADA8E7CF9D54C25BF5D274DB |
SHA1: | 02AA578DD2029226466B45E7148E22804D9FE524 |
SHA256: | 7D150AD8EB76D4419F3D0410EC3389FB06F1D018CBFCDD4BA471DCB35214FDB4 |
SSDEEP: | 24576:Y20XZ9jaTD2mprtu41l5nazVx9cmlApma4vC:YfXDaTD2mppn1fa5wb46 |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | Deflated |
ZipModifyDate: | 2019:10:01 18:50:26 |
ZipCRC: | 0xf62cc16b |
ZipCompressedSize: | 848548 |
ZipUncompressedSize: | 1314816 |
ZipFileName: | Trimmin's OP Tool.exe |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1944 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\OP Tool.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2096 | "C:\Users\admin\Desktop\Trimmin's OP Tool.exe" | C:\Users\admin\Desktop\Trimmin's OP Tool.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Description: Exit code: 0 Version: 0.0.0.0 | ||||
2040 | "C:\Users\admin\AppData\Local\Temp\Trimmin's OP Tool.exe" | C:\Users\admin\AppData\Local\Temp\Trimmin's OP Tool.exe | — | Trimmin's OP Tool.exe |
User: admin Integrity Level: MEDIUM Description: Viri Force OP Version: 1.0.0.0 | ||||
1268 | "C:\Users\admin\AppData\Local\Temp\Force OP.exe" | C:\Users\admin\AppData\Local\Temp\Force OP.exe | — | Trimmin's OP Tool.exe |
User: admin Integrity Level: MEDIUM Description: Exit code: 3221226540 Version: 0.0.0.0 | ||||
1712 | "C:\Users\admin\AppData\Local\Temp\Force OP.exe" | C:\Users\admin\AppData\Local\Temp\Force OP.exe | Trimmin's OP Tool.exe | |
User: admin Integrity Level: HIGH Description: Version: 0.0.0.0 | ||||
1788 | "C:\Windows\system32\Windows Services\win32.exe" | C:\Windows\system32\Windows Services\win32.exe | Force OP.exe | |
User: admin Integrity Level: HIGH Description: Version: 0.0.0.0 | ||||
352 | C:\Windows\Explorer.EXE | C:\Windows\explorer.exe | — | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1944 | WinRAR.exe | C:\Users\admin\Desktop\Files\config.yml | text | |
MD5:85635673A2F23A3C4DB4E09BDF39965E | SHA256:9F73F06C2D3EEA844E5A69BA6FABF012647FFB0365053FB915D296EBC6DA497E | |||
2096 | Trimmin's OP Tool.exe | C:\Users\admin\AppData\Local\Temp\Force OP.exe | executable | |
MD5:360C8B9467D82A820EA12FF1AC120C69 | SHA256:B45DFD409D367DFDB131B1D9C8F1022B1C62669F8ECAA76B3F06C07C70A70132 | |||
2096 | Trimmin's OP Tool.exe | C:\Users\admin\AppData\Local\Temp\Trimmin's OP Tool.exe | executable | |
MD5:9087EF66D89A7D269A4D119543021405 | SHA256:FB7028AA8017A7A85BE8FBF5775497AE23B95A8571C75FDBFB0A674EF1B1E88D | |||
1712 | Force OP.exe | C:\Windows\system32\Windows Services\win32.exe | executable | |
MD5:360C8B9467D82A820EA12FF1AC120C69 | SHA256:B45DFD409D367DFDB131B1D9C8F1022B1C62669F8ECAA76B3F06C07C70A70132 | |||
1944 | WinRAR.exe | C:\Users\admin\Desktop\Trimmin's OP Tool.exe | executable | |
MD5:34FC994B321E0692A07C89FB3D274C48 | SHA256:555758A04B4DD46B0A7C9D7C0BEAFBE6C403E138A39C5D8849184B5FA48E18FA |
Domain | IP | Reputation |
---|---|---|
apexhosting.serveminecraft.net |
| unknown |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET POLICY DNS Query to DynDNS Domain *.serveminecraft .net |