File name: | install-809.rar |
Full analysis: | https://app.any.run/tasks/80cb4164-b89d-46ec-a9da-aae924809f06 |
Verdict: | Malicious activity |
Analysis date: | May 21, 2022, 04:18:29 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32 |
MD5: | 851875EB4D4EC083C25239A40AA7AF0C |
SHA1: | 40CC2D8CF87C43E5DE25ACC91A495BBDCB67FF2A |
SHA256: | 7E0287564B654063C45B93D2D2404C76505BE037F91BF0E0E86BC694B2B00F32 |
SSDEEP: | 49152:BMhSQ8L4fDmVXOgwGfpGW3QAeCczjmfrF2taFAe3A:BMwQGVXOrUpx3QAejfmfrQt+AeQ |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
ArchivedFileName: | install-809.ex1 |
---|---|
PackingMethod: | Best Compression |
ModifyDate: | 2010:04:26 00:44:17 |
OperatingSystem: | Win32 |
UncompressedSize: | 1836531 |
CompressedSize: | 1647100 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1332 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\install-809.rar" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
2932 | "C:\Users\admin\Desktop\install-809.exe" | C:\Users\admin\Desktop\install-809.exe | — | Explorer.EXE |
User: admin Integrity Level: MEDIUM Exit code: 3221226540 | ||||
456 | "C:\Users\admin\Desktop\install-809.exe" | C:\Users\admin\Desktop\install-809.exe | Explorer.EXE | |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
3988 | C:\Users\admin\AppData\Roaming\APManager\apmanager.exe | C:\Users\admin\AppData\Roaming\APManager\apmanager.exe | install-809.exe | |
User: admin Integrity Level: HIGH | ||||
3524 | "C:\Users\admin\AppData\Roaming\APManager\apmanager.exe" | C:\Users\admin\AppData\Roaming\APManager\apmanager.exe | Explorer.EXE | |
User: admin Integrity Level: MEDIUM Exit code: 0 |
(PID) Process: | (1332) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (1332) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (1332) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (1332) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
(PID) Process: | (1332) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
(PID) Process: | (1332) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\install-809.rar | |||
(PID) Process: | (1332) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (1332) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (1332) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (1332) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
456 | install-809.exe | C:\Users\admin\AppData\Roaming\APManager\languages\French.lng | text | |
MD5:FB9A47EAE7377AF9B301B77E75D64FFA | SHA256:04F5E320F08F3676D0F2EB354FA44A68B0D11492F92B9B33741C8EF6BBDA1346 | |||
456 | install-809.exe | C:\Users\admin\AppData\Roaming\APManager\wallpaper.jpg | image | |
MD5:9A96E0C4848609AF12690DC9D2450DD8 | SHA256:044737DE8F5072781B926FD60814834FA4FAD375ABEC0FAF81EDF51EF706A0AC | |||
456 | install-809.exe | C:\Users\admin\AppData\Roaming\APManager\languages\Dutch.lng | text | |
MD5:441416CB25650C882C49A6B0557F249B | SHA256:A395F57C997E77969FB9943B5BA258D6F17E2ADDED9152C7ECFCA99617037B70 | |||
456 | install-809.exe | C:\Users\admin\AppData\Roaming\APManager\languages\Czech.lng | text | |
MD5:DDDBCE036DADAAC069230B1343F59270 | SHA256:D5631B1F16E08AA03A619582B181034851454B4876573C457BA96A6D38448223 | |||
1332 | WinRAR.exe | C:\Users\admin\Desktop\install-809.ex1 | executable | |
MD5:663BE6DF6004F677D3D3E223FD8B0DDB | SHA256:DA33DE94D959F9F195A95F6063ED1575653F4B839E6046F12126F019D65B5917 | |||
456 | install-809.exe | C:\Users\admin\AppData\Roaming\APManager\languages\Italian.lng | text | |
MD5:09181E2419BD6A44E745F013694C321F | SHA256:69256FFEED274F192294BAC2E426A892743921A040C7F043F97A44B829882471 | |||
456 | install-809.exe | C:\Users\admin\AppData\Roaming\APManager\languages\German.lng | text | |
MD5:D54315C6871300716BB598078971A4F7 | SHA256:3519C7CF14C7D4A5014F2406EA1A741FE2B02B9E2440BDD7053A7D403E118C86 | |||
456 | install-809.exe | C:\Users\Administrator\Desktop\AP Manager.lnk | lnk | |
MD5:AEED4C9C1C32E37F545F5B84ED01C9C9 | SHA256:0D07E84ED157E5A6556A3477370E1FA4DF40CA3EAE9AB41CAF3FACB6C197101B | |||
456 | install-809.exe | C:\Users\admin\Desktop\AP Manager.lnk | lnk | |
MD5:2B6FF0E99474EA70219915D1EC8FEEB2 | SHA256:C6836C9EB126615968D8C7455031FA2AD84CA57FF543B928219CAACDAEA681FA | |||
456 | install-809.exe | C:\Users\admin\AppData\Roaming\APManager\languages\Portuguese.lng | text | |
MD5:34788C48C5D67583EA2BAC179037A182 | SHA256:84152BDAFBDAAA209C2A0E8BBF400D71663C92E10C50D247490A4F6849692F68 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3988 | apmanager.exe | GET | — | 91.209.238.10:80 | http://91.209.238.10/m5tools/whois.php?short | GB | — | — | unknown |
3988 | apmanager.exe | GET | — | 91.209.238.10:80 | http://91.209.238.10/m5tools/ip.php | GB | — | — | unknown |
3524 | apmanager.exe | GET | — | 91.209.238.10:80 | http://91.209.238.10/m5install/809/1 | GB | — | — | unknown |
3524 | apmanager.exe | GET | — | 91.209.238.10:80 | http://91.209.238.10/m5tools/ip.php | GB | — | — | unknown |
3524 | apmanager.exe | GET | — | 91.209.238.10:80 | http://91.209.238.10/m5tools/whois.php?short | GB | — | — | unknown |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3524 | apmanager.exe | 91.209.238.10:80 | — | Crown Office and Procurator Fiscal Service | GB | unknown |
3988 | apmanager.exe | 91.209.238.10:80 | — | Crown Office and Procurator Fiscal Service | GB | unknown |