File name: | Skyjack.zip |
Full analysis: | https://app.any.run/tasks/5e25fd79-02ea-49f2-81a2-b3f8adef5b6a |
Verdict: | Malicious activity |
Analysis date: | September 11, 2019, 01:17:46 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | E289FDFC2568497A18C3972624B54A77 |
SHA1: | FBAB326D258D803ABA6708358DE812488925F941 |
SHA256: | 827AEDFE4401255C30B6573D6990D07A3BBFE2DAAE5E8D8D09C155186D91647C |
SSDEEP: | 384:B2CjMNPv21TwZ6gtMCUlAU5lhHOxJS+w9OHM+tLqfaD06FfSOXu6fy:BFM21TO6MaljvHOxMrGpB5tFfSO+ey |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | SkyjackManualSystem.exe |
---|---|
ZipUncompressedSize: | 37888 |
ZipCompressedSize: | 14851 |
ZipCRC: | 0x5ca96194 |
ZipModifyDate: | 2019:09:10 18:57:07 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3464 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\Skyjack.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3760 | "C:\Users\admin\Desktop\Skyjack\SkyjackManualSystem.exe" | C:\Users\admin\Desktop\Skyjack\SkyjackManualSystem.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Exit code: 8851 | ||||
2936 | "C:\Users\admin\AppData\Local\Temp\DF1A.tmp\b2e.exe" C:\Users\admin\AppData\Local\Temp\DF1A.tmp\b2e.exe C:\Users\admin\Desktop\Skyjack "C:\Users\admin\Desktop\Skyjack\SkyjackManualSystem.exe" | C:\Users\admin\AppData\Local\Temp\DF1A.tmp\b2e.exe | — | SkyjackManualSystem.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
3480 | cmd /c ""C:\Users\admin\AppData\Local\Temp\DFF5.tmp\batfile.bat" " | C:\Windows\system32\cmd.exe | — | b2e.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1456 | cmd /c ""C:\Users\admin\AppData\Local\Temp\selfdel0.bat" " | C:\Windows\system32\cmd.exe | — | b2e.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3268 | "C:\Users\admin\Desktop\Skyjack\SkyjackManualSystem.exe" | C:\Users\admin\Desktop\Skyjack\SkyjackManualSystem.exe | explorer.exe | |
User: admin Integrity Level: HIGH Exit code: 8851 | ||||
2664 | "C:\Users\admin\AppData\Local\Temp\12DC.tmp\b2e.exe" C:\Users\admin\AppData\Local\Temp\12DC.tmp\b2e.exe C:\Users\admin\Desktop\Skyjack "C:\Users\admin\Desktop\Skyjack\SkyjackManualSystem.exe" | C:\Users\admin\AppData\Local\Temp\12DC.tmp\b2e.exe | — | SkyjackManualSystem.exe |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
3684 | cmd /c ""C:\Users\admin\AppData\Local\Temp\1414.tmp\batfile.bat" " | C:\Windows\system32\cmd.exe | — | b2e.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2224 | cmd /c ""C:\Users\admin\AppData\Local\Temp\selfdel0.bat" " | C:\Windows\system32\cmd.exe | — | b2e.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
(PID) Process: | (3464) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (3464) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (3464) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (3464) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop\Skyjack.zip | |||
(PID) Process: | (3464) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (3464) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (3464) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (3464) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (3464) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop\Skyjack | |||
(PID) Process: | (3464) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin |
Operation: | write | Name: | Placement |
Value: 2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2936 | b2e.exe | C:\Users\admin\AppData\Local\Temp\selfdel0.bat | — | |
MD5:— | SHA256:— | |||
2664 | b2e.exe | C:\Users\admin\AppData\Local\Temp\selfdel0.bat | — | |
MD5:— | SHA256:— | |||
3464 | WinRAR.exe | C:\Users\admin\Desktop\Skyjack\SkyjackManualSystem.exe | executable | |
MD5:189C0458DBCD521E327FCB92D808541F | SHA256:19186F2926FEA8310A181102C27898F54712B13DE471DE0D4C780A7E34788565 | |||
3760 | SkyjackManualSystem.exe | C:\Users\admin\AppData\Local\Temp\DF1A.tmp\b2e.exe | executable | |
MD5:9E695749B855B6161976D8076399B309 | SHA256:31E2A8F9155FC9A6BDB3EB31632D54601C6F3F41FC158418458F486CBDD9AB9E | |||
2664 | b2e.exe | C:\Users\admin\AppData\Local\Temp\1414.tmp\batfile.bat | text | |
MD5:752C4F4852843AA528E5576D9A3A7449 | SHA256:6F84BFBFA5CB42CC1333D13414493C303F1E816ADC9888E553B46CD0EED9895D | |||
3268 | SkyjackManualSystem.exe | C:\Users\admin\AppData\Local\Temp\12DC.tmp\b2e.exe | executable | |
MD5:9E695749B855B6161976D8076399B309 | SHA256:31E2A8F9155FC9A6BDB3EB31632D54601C6F3F41FC158418458F486CBDD9AB9E | |||
2936 | b2e.exe | C:\Users\admin\AppData\Local\Temp\DFF5.tmp\batfile.bat | text | |
MD5:752C4F4852843AA528E5576D9A3A7449 | SHA256:6F84BFBFA5CB42CC1333D13414493C303F1E816ADC9888E553B46CD0EED9895D | |||
3464 | WinRAR.exe | C:\Users\admin\Desktop\Skyjack\UpdateUSB\AutoUpdateUSB.exe | executable | |
MD5:CD291E38D98726AF11A6F3B2B613BFBB | SHA256:1C751FE5F72BDF063059EB26EA1F2BC243F61CDE8C040E74CFFA38BA8AF0610D |