File name: | install-809.rar |
Full analysis: | https://app.any.run/tasks/ed8a59bf-8df3-433c-a6af-fc9aa6d0e78a |
Verdict: | Malicious activity |
Analysis date: | May 21, 2022, 04:37:00 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32 |
MD5: | 851875EB4D4EC083C25239A40AA7AF0C |
SHA1: | 40CC2D8CF87C43E5DE25ACC91A495BBDCB67FF2A |
SHA256: | 7E0287564B654063C45B93D2D2404C76505BE037F91BF0E0E86BC694B2B00F32 |
SSDEEP: | 49152:BMhSQ8L4fDmVXOgwGfpGW3QAeCczjmfrF2taFAe3A:BMwQGVXOrUpx3QAejfmfrQt+AeQ |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
ArchivedFileName: | install-809.ex1 |
---|---|
PackingMethod: | Best Compression |
ModifyDate: | 2010:04:26 00:44:17 |
OperatingSystem: | Win32 |
UncompressedSize: | 1836531 |
CompressedSize: | 1647100 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
824 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\install-809.rar" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | ||||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 Modules
| |||||||||||||||
3700 | "C:\Users\admin\Desktop\install-809.exe" | C:\Users\admin\Desktop\install-809.exe | — | Explorer.EXE | |||||||||||
User: admin Integrity Level: MEDIUM Exit code: 3221226540 Modules
| |||||||||||||||
2800 | "C:\Users\admin\Desktop\install-809.exe" | C:\Users\admin\Desktop\install-809.exe | Explorer.EXE | ||||||||||||
User: admin Integrity Level: HIGH Exit code: 0 Modules
| |||||||||||||||
316 | C:\Users\admin\AppData\Roaming\APManager\apmanager.exe | C:\Users\admin\AppData\Roaming\APManager\apmanager.exe | install-809.exe | ||||||||||||
User: admin Integrity Level: HIGH Exit code: 0 Modules
| |||||||||||||||
2316 | "C:\Windows\system32\taskmgr.exe" /4 | C:\Windows\system32\taskmgr.exe | — | Explorer.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Task Manager Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
3496 | C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503} | C:\Windows\system32\DllHost.exe | — | svchost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: COM Surrogate Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
780 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Roaming\APManager\settings.ini | C:\Windows\system32\NOTEPAD.EXE | — | Explorer.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
2328 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Roaming\APManager\settings.ini | C:\Windows\system32\NOTEPAD.EXE | — | Explorer.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
2344 | "C:\Users\admin\AppData\Roaming\APManager\uninstall.exe" | C:\Users\admin\AppData\Roaming\APManager\uninstall.exe | — | Explorer.EXE | |||||||||||
User: admin Integrity Level: MEDIUM Exit code: 3221226540 Modules
| |||||||||||||||
1040 | "C:\Users\admin\AppData\Roaming\APManager\uninstall.exe" | C:\Users\admin\AppData\Roaming\APManager\uninstall.exe | Explorer.EXE | ||||||||||||
User: admin Integrity Level: HIGH Exit code: 0 Modules
|
(PID) Process: | (824) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (824) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (824) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (824) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
(PID) Process: | (824) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
(PID) Process: | (824) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\install-809.rar | |||
(PID) Process: | (824) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (824) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (824) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (824) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
824 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb824.48356\install-809.ex1 | binary | |
MD5:E5A12569714E0170CF7DD70D2CEAD94B | SHA256:C9A28D42210D4ABAD7CE6DD90829744BB9D9EF70DE58F8FCB6635C380F661DCC | |||
2800 | install-809.exe | C:\Users\admin\AppData\Roaming\APManager\languages\Danish.lng | text | |
MD5:1E8739ED929D702F6E8A9762C15249C2 | SHA256:9084FEF116AE779255B4F02558F0E702A607FCD93B94A0C82BB641024097764A | |||
2800 | install-809.exe | C:\Users\admin\AppData\Roaming\APManager\languages\English.lng | text | |
MD5:07085DE5F288A4AF975301D446B5E33B | SHA256:5026F9AF6CE420F4C30853758D9B5E1B9F0042DED6026A925EE180AEA661E872 | |||
824 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb824.48866\install-809.ex1 | executable | |
MD5:663BE6DF6004F677D3D3E223FD8B0DDB | SHA256:DA33DE94D959F9F195A95F6063ED1575653F4B839E6046F12126F019D65B5917 | |||
2800 | install-809.exe | C:\Users\admin\AppData\Roaming\APManager\wallpaper.jpg | image | |
MD5:9A96E0C4848609AF12690DC9D2450DD8 | SHA256:044737DE8F5072781B926FD60814834FA4FAD375ABEC0FAF81EDF51EF706A0AC | |||
2800 | install-809.exe | C:\Users\admin\AppData\Roaming\APManager\apmanager.exe | executable | |
MD5:244FCD5F107657D07BB87EFCBEB02619 | SHA256:326DF344386B5CFBAB77544D642DF2D92BDF6D98AE2F00B6785A6E232CEAC050 | |||
2800 | install-809.exe | C:\Users\admin\AppData\Roaming\APManager\uninstall.exe | executable | |
MD5:B160228B65284CFFB270DF786B97E42F | SHA256:D55930758A9B074E75FAD33A195D2F8757240DDB151C48E3FDAF8E5FF9F86257 | |||
2800 | install-809.exe | C:\Users\admin\AppData\Roaming\APManager\languages\Portuguese.lng | text | |
MD5:34788C48C5D67583EA2BAC179037A182 | SHA256:84152BDAFBDAAA209C2A0E8BBF400D71663C92E10C50D247490A4F6849692F68 | |||
2800 | install-809.exe | C:\Users\Administrator\Desktop\AP Manager.lnk | lnk | |
MD5:A2E41AA0D53C522CBF8D4658B51A905A | SHA256:6185D3A6C92C4367E0B54B7EDCF4AE108123F20070A5027689F72080BAB6BD7B | |||
2800 | install-809.exe | C:\Users\admin\AppData\Roaming\APManager\languages\Czech.lng | text | |
MD5:DDDBCE036DADAAC069230B1343F59270 | SHA256:D5631B1F16E08AA03A619582B181034851454B4876573C457BA96A6D38448223 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
316 | apmanager.exe | GET | — | 91.209.238.10:80 | http://91.209.238.10/m5tools/whois.php?short | GB | — | — | unknown |
316 | apmanager.exe | GET | — | 91.209.238.10:80 | http://91.209.238.10/m5install/809/1 | GB | — | — | unknown |
316 | apmanager.exe | GET | — | 91.209.238.10:80 | http://91.209.238.10/m5lawsuits/page2.php?lng=English | GB | — | — | unknown |
316 | apmanager.exe | GET | — | 91.209.238.10:80 | http://91.209.238.10/m5tools/ip.php | GB | — | — | unknown |
316 | apmanager.exe | GET | — | 91.209.238.10:80 | http://91.209.238.10/m5lawsuits/page1.php?lng=English | GB | — | — | unknown |
316 | apmanager.exe | GET | — | 91.209.238.10:80 | http://91.209.238.10/m5tools/whois.php?lng=English | GB | — | — | unknown |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
316 | apmanager.exe | 91.209.238.10:80 | — | Crown Office and Procurator Fiscal Service | GB | unknown |