File name: | Skyjack.zip |
Full analysis: | https://app.any.run/tasks/54a4bec5-b58d-4f69-826d-04b693ad54e2 |
Verdict: | Malicious activity |
Analysis date: | September 11, 2019, 01:19:53 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | E289FDFC2568497A18C3972624B54A77 |
SHA1: | FBAB326D258D803ABA6708358DE812488925F941 |
SHA256: | 827AEDFE4401255C30B6573D6990D07A3BBFE2DAAE5E8D8D09C155186D91647C |
SSDEEP: | 384:B2CjMNPv21TwZ6gtMCUlAU5lhHOxJS+w9OHM+tLqfaD06FfSOXu6fy:BFM21TO6MaljvHOxMrGpB5tFfSO+ey |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | Deflated |
ZipModifyDate: | 2019:09:10 18:57:07 |
ZipCRC: | 0x5ca96194 |
ZipCompressedSize: | 14851 |
ZipUncompressedSize: | 37888 |
ZipFileName: | SkyjackManualSystem.exe |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2884 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Skyjack.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3608 | "C:\Program Files\WinRAR\WinRAR.exe" -elevate2884 | C:\Program Files\WinRAR\WinRAR.exe | WinRAR.exe | |
User: admin Company: Alexander Roshal Integrity Level: HIGH Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3496 | "C:\Windows\explorer.exe" | C:\Windows\explorer.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3352 | "C:\SkyjackManualSystem.exe" | C:\SkyjackManualSystem.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Exit code: 8851 | ||||
2628 | "C:\Users\admin\AppData\Local\Temp\FB7B.tmp\b2e.exe" C:\Users\admin\AppData\Local\Temp\FB7B.tmp\b2e.exe C:\ "C:\SkyjackManualSystem.exe" | C:\Users\admin\AppData\Local\Temp\FB7B.tmp\b2e.exe | — | SkyjackManualSystem.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
560 | cmd /c ""C:\Users\admin\AppData\Local\Temp\FD50.tmp\batfile.bat" " | C:\Windows\system32\cmd.exe | — | b2e.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3012 | "C:\UpdateUSB\AutoUpdateUSB.exe" | C:\UpdateUSB\AutoUpdateUSB.exe | — | cmd.exe |
User: admin Company: Linamar Corporation Integrity Level: MEDIUM Description: AutoUpdateUSB Exit code: 3221226540 Version: 1.0.0.0 | ||||
3460 | "C:\UpdateUSB\AutoUpdateUSB.exe" | C:\UpdateUSB\AutoUpdateUSB.exe | cmd.exe | |
User: admin Company: Linamar Corporation Integrity Level: HIGH Description: AutoUpdateUSB Version: 1.0.0.0 | ||||
2200 | cmd /c ""C:\Users\admin\AppData\Local\Temp\selfdel0.bat" " | C:\Windows\system32\cmd.exe | — | b2e.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2628 | b2e.exe | C:\Users\admin\AppData\Local\Temp\selfdel0.bat | — | |
MD5:— | SHA256:— | |||
3608 | WinRAR.exe | C:\SkyjackManualSystem.exe | executable | |
MD5:189C0458DBCD521E327FCB92D808541F | SHA256:19186F2926FEA8310A181102C27898F54712B13DE471DE0D4C780A7E34788565 | |||
3352 | SkyjackManualSystem.exe | C:\Users\admin\AppData\Local\Temp\FB7B.tmp\b2e.exe | executable | |
MD5:9E695749B855B6161976D8076399B309 | SHA256:31E2A8F9155FC9A6BDB3EB31632D54601C6F3F41FC158418458F486CBDD9AB9E | |||
3608 | WinRAR.exe | C:\UpdateUSB\AutoUpdateUSB.exe | executable | |
MD5:CD291E38D98726AF11A6F3B2B613BFBB | SHA256:1C751FE5F72BDF063059EB26EA1F2BC243F61CDE8C040E74CFFA38BA8AF0610D | |||
2628 | b2e.exe | C:\Users\admin\AppData\Local\Temp\FD50.tmp\batfile.bat | text | |
MD5:752C4F4852843AA528E5576D9A3A7449 | SHA256:6F84BFBFA5CB42CC1333D13414493C303F1E816ADC9888E553B46CD0EED9895D |