File name: | 2.zip |
Full analysis: | https://app.any.run/tasks/d6f798bf-12e4-4320-b6a6-1302af94a978 |
Verdict: | Malicious activity |
Analysis date: | May 20, 2019, 13:14:02 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | DFDC4DB6FBDFD854FE2B4CF25F5EB3E8 |
SHA1: | 092300E64693BE11421595A8BAC4CA5120B8F7A5 |
SHA256: | 7D5B4AAEEBD78B5ABC9FE5E73F8719DEEE73F24071EDEE397BD512669013C805 |
SSDEEP: | 49152:ipQeenJFF9CNTQ7nMZwwS3fQoq0AOVylsNK5YHFVs:lhnJzMTQqwwEfQoq0yzYc |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | AgileDotNet.VMRuntime.dll |
---|---|
ZipUncompressedSize: | 161280 |
ZipCompressedSize: | 31402 |
ZipCRC: | 0x015edf16 |
ZipModifyDate: | 2019:03:13 12:53:25 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2716 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\2.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2920 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
3252 | "C:\Users\admin\Desktop\PSN Software By Daniel VIP.exe" | C:\Users\admin\Desktop\PSN Software By Daniel VIP.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Description: PSN Software Exit code: 4294967295 Version: 7.0.0.0 | ||||
2044 | C:\Windows\Explorer.EXE | C:\Windows\explorer.exe | — | — |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3572 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\ERROR.txt | C:\Windows\system32\NOTEPAD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3940 | "C:\Users\admin\Desktop\PSN Software By Daniel VIP.exe" | C:\Users\admin\Desktop\PSN Software By Daniel VIP.exe | explorer.exe | |
User: admin Integrity Level: HIGH Description: PSN Software Exit code: 4294967295 Version: 7.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2716 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2716.6844\AgileDotNet.VMRuntime.dll | — | |
MD5:— | SHA256:— | |||
2716 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2716.6844\Newtonsoft.Json.dll | — | |
MD5:— | SHA256:— | |||
2716 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2716.6844\PSN Software By Daniel VIP.exe | — | |
MD5:— | SHA256:— | |||
2716 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2716.6844\ReVMRuntime.dll | — | |
MD5:— | SHA256:— | |||
2716 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2716.6844\xNet.dll | — | |
MD5:— | SHA256:— | |||
3252 | PSN Software By Daniel VIP.exe | C:\Users\admin\Desktop\ERROR.txt | text | |
MD5:3E01A9CA062E8C7807522BFB2F1BEE1D | SHA256:25BA4FD4887F439BEF1796CA3DD9BD47D17718B0E0A8C38F2A58DEF211B98BEB | |||
2044 | explorer.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1b4dd67f29cb1962.automaticDestinations-ms | automaticdestinations-ms | |
MD5:C90961D5F4E01A5AAE2AE8F3B693E0B5 | SHA256:864C098C421DF9C218795ED4FFE3B3B555650B4FA0B3C0E5E2DFCFD784B442AF | |||
2044 | explorer.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012019052020190521\index.dat | dat | |
MD5:E12CDF7785EE4A32857B1E0100050811 | SHA256:CCF7F90BBE89FD030E00A7D072C3DE0D95B40A98EE6CC599C89F0244C3C13D13 | |||
2044 | explorer.exe | C:\Users\admin\Desktop\AgileDotNet.VMRuntime.dll | executable | |
MD5:11D0C20EBE0410F44841AFAC8EB0DE15 | SHA256:E1310FE3CE461D52BB5D5CC753532888CBE171F081D2E90CE476C30559FF890B | |||
2044 | explorer.exe | C:\Users\admin\Desktop\PSN Software By Daniel VIP.exe | executable | |
MD5:0A87DF5CED3CA23F19F00A425EF91A55 | SHA256:4C939570FDD770694CAFFB1B382B42C1308BD64C776E74A6696EDA253ECAE9ED |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3940 | PSN Software By Daniel VIP.exe | GET | — | 212.8.246.138:80 | http://vm512363.had.su/2.txt | NL | — | — | suspicious |
3940 | PSN Software By Daniel VIP.exe | GET | 301 | 172.217.18.110:80 | http://google.com/ | US | html | 219 b | whitelisted |
3940 | PSN Software By Daniel VIP.exe | GET | 302 | 216.58.207.68:80 | http://www.google.com/ | US | html | 231 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3940 | PSN Software By Daniel VIP.exe | 172.217.18.110:80 | — | Google Inc. | US | whitelisted |
3940 | PSN Software By Daniel VIP.exe | 212.8.246.138:80 | vm512363.had.su | ITL Company | NL | suspicious |
3940 | PSN Software By Daniel VIP.exe | 216.58.207.68:80 | www.google.com | Google Inc. | US | whitelisted |
3252 | PSN Software By Daniel VIP.exe | 172.217.18.110:80 | — | Google Inc. | US | whitelisted |
3940 | PSN Software By Daniel VIP.exe | 216.58.207.68:443 | www.google.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
dns.msftncsi.com |
| shared |
www.google.com |
| whitelisted |
vm512363.had.su |
| suspicious |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET DNS Query for .su TLD (Soviet Union) Often Malware Related |
3940 | PSN Software By Daniel VIP.exe | Potentially Bad Traffic | ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related |