| File name: | OSAYDE MSR 880 Demo.zip |
| Full analysis: | https://app.any.run/tasks/2e044ffb-696f-49aa-851b-276c2b583e9f |
| Verdict: | Malicious activity |
| Analysis date: | September 19, 2023, 00:31:03 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| MIME: | application/zip |
| File info: | Zip archive data, at least v2.0 to extract |
| MD5: | 42E88A7B427131D46FD154A5AD18A3DE |
| SHA1: | D39F0FFC4073A54BCC19B5745C87BD9FB60ABB60 |
| SHA256: | 835625615C7523ED3D2FDC496250862DE02C8BB9CEA470E29CB944366FE12E1F |
| SSDEEP: | 196608:bkBDkn4KcfxiZNHvBDVdCPp3QiTBZ3IlMNFhG5bdWVPOV1T10hw6:wk4PxiZ1v5CFxY+2mPOVp1ow6 |
MALICIOUS
Loads dropped or rewritten executable
- MSR880_Ver1.0.exe (PID: 2856)
Application was dropped or rewritten from another process
- MSR880_Ver1.0.exe (PID: 2856)
SUSPICIOUS
Drops a system driver (possible attempt to evade defenses)
- WinRAR.exe (PID: 3484)
INFO
Manual execution by a user
- MSR880_Ver1.0.exe (PID: 2856)
Checks supported languages
- MSR880_Ver1.0.exe (PID: 2856)
Reads the computer name
- MSR880_Ver1.0.exe (PID: 2856)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .zip | | | ZIP compressed archive (100) |
|---|
EXIF
ZIP
| ZipFileName: | OSAYDE MSR 880 Demo/ |
|---|---|
| ZipUncompressedSize: | - |
| ZipCompressedSize: | - |
| ZipCRC: | 0x00000000 |
| ZipModifyDate: | 2016:11:29 10:51:10 |
| ZipCompression: | None |
| ZipBitFlag: | - |
| ZipRequiredVersion: | 20 |
Total processes
36
Monitored processes
3
Malicious processes
1
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2552 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe | |||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211) Modules
| |||||||||||||||
| 2856 | "C:\Users\admin\Desktop\OSAYDE MSR 880 Demo\MSR880_Ver1.0.exe" | C:\Users\admin\Desktop\OSAYDE MSR 880 Demo\MSR880_Ver1.0.exe | — | explorer.exe | |||||||||||
User: admin Integrity Level: MEDIUM Description: m160 Microsoft 基础类应用程序 Exit code: 0 Version: 1, 0, 0, 1 Modules
| |||||||||||||||
| 3484 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\OSAYDE MSR 880 Demo.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe | |||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 Modules
| |||||||||||||||
Total events
1 679
Read events
1 667
Write events
12
Delete events
0
Modification events
| (PID) Process: | (3484) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E |
| Operation: | write | Name: | LanguageList |
Value: en-US | |||
| (PID) Process: | (3484) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
| (PID) Process: | (3484) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
| (PID) Process: | (3484) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop\phacker.zip | |||
| (PID) Process: | (3484) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | name |
Value: 120 | |||
| (PID) Process: | (3484) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | size |
Value: 80 | |||
| (PID) Process: | (3484) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | type |
Value: 120 | |||
| (PID) Process: | (3484) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | mtime |
Value: 100 | |||
| (PID) Process: | (2552) SearchProtocolHost.exe | Key: | HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\178\52C64B7E |
| Operation: | write | Name: | LanguageList |
Value: en-US | |||
Executable files
7
Suspicious files
9
Text files
3
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\MSR880 User Manual.pdf | — | |
MD5:— | SHA256:— | |||
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\API Guide Ver1.0\API\Lib160.lib | binary | |
MD5:7A09F25D0D22973166227D5A0910C74E | SHA256:7D33383EE0036136A0EA49C049C040F4D8AC242060E5449BA1942D76C6B33EC8 | |||
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\API Guide Ver1.0\API Guide Ver1.0.rar | compressed | |
MD5:355BF95BD1F668753D4BD4A183737174 | SHA256:FCAC98A271AE7A82EE355E2E2BC8498B47F2FD643A6247A76BAF8EBEB291ACC2 | |||
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\API Guide Ver1.0\API Guide V1.0.pdf | ||
MD5:0EA0A661F6CEC195D02D7B93355E723E | SHA256:C19C79CD885E30C6BAF8CF68704263E74C640BBDD75E51AB90EAD3EF5A9DD301 | |||
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\API Guide Ver1.0\API\160.h | text | |
MD5:78E86904FBD7EEF13D9015B95164DF2B | SHA256:466AD40920D8C200D0EF0BE0403592CE3F009FC3646571EDB90D7E02B1CE9A6F | |||
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\API Guide Ver1.0\API\Lib160.dll | executable | |
MD5:A40B6BF8F4CAF054D92C2799850A3D27 | SHA256:02E04BD61425FDDEE18430D62357F4099DDD629A8FDA6E57D4038B7FB0DDB0A9 | |||
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\API Guide Ver1.0\notice.pdf | ||
MD5:60BFA9ADB3711902BED919607BB2AAC9 | SHA256:475F0B7405EFE7B32029BD9A56C2112FAF39E05C548B479746DAA76D988C5DC9 | |||
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\API Guide Ver1.0\Tool\winXP PCSC driver\usbccid.inf | text | |
MD5:847D52826E564CC823A53133E97EDEBC | SHA256:92ADF715E8AF162170B04BBB238DDE9917F5B205800F816C99D23F24203511C2 | |||
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\API Guide Ver1.0\Tool\winXP PCSC driver\usbccid.sys | executable | |
MD5:2825E0E294686A26506690059E1F437A | SHA256:58FA57DA9077312142237DC8ADB5371B291255E9806CE76DB09380D767BC4114 | |||
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\NTC1603197E SHENZHEN HTT Magstrip Swipe Reader MSR606E CE-EMC+ñ-T.pdf | ||
MD5:A0A44EC6034C07B7CCBA14427E3C4866 | SHA256:90478E9CE4F8D77EBA4DE8D62800AF3EE57EDF660ED23C4A052B56BC68F3D234 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
3284 | svchost.exe | 239.255.255.250:1900 | — | — | — | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |