| File name: | OSAYDE MSR 880 Demo.zip |
| Full analysis: | https://app.any.run/tasks/2e044ffb-696f-49aa-851b-276c2b583e9f |
| Verdict: | Malicious activity |
| Analysis date: | September 19, 2023, 00:31:03 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| MIME: | application/zip |
| File info: | Zip archive data, at least v2.0 to extract |
| MD5: | 42E88A7B427131D46FD154A5AD18A3DE |
| SHA1: | D39F0FFC4073A54BCC19B5745C87BD9FB60ABB60 |
| SHA256: | 835625615C7523ED3D2FDC496250862DE02C8BB9CEA470E29CB944366FE12E1F |
| SSDEEP: | 196608:bkBDkn4KcfxiZNHvBDVdCPp3QiTBZ3IlMNFhG5bdWVPOV1T10hw6:wk4PxiZ1v5CFxY+2mPOVp1ow6 |
MALICIOUS
Application was dropped or rewritten from another process
- MSR880_Ver1.0.exe (PID: 2856)
Loads dropped or rewritten executable
- MSR880_Ver1.0.exe (PID: 2856)
SUSPICIOUS
Drops a system driver (possible attempt to evade defenses)
- WinRAR.exe (PID: 3484)
INFO
Reads the computer name
- MSR880_Ver1.0.exe (PID: 2856)
Checks supported languages
- MSR880_Ver1.0.exe (PID: 2856)
Manual execution by a user
- MSR880_Ver1.0.exe (PID: 2856)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .zip | | | ZIP compressed archive (100) |
|---|
EXIF
ZIP
| ZipFileName: | OSAYDE MSR 880 Demo/ |
|---|---|
| ZipUncompressedSize: | - |
| ZipCompressedSize: | - |
| ZipCRC: | 0x00000000 |
| ZipModifyDate: | 2016:11:29 10:51:10 |
| ZipCompression: | None |
| ZipBitFlag: | - |
| ZipRequiredVersion: | 20 |
Total processes
36
Monitored processes
3
Malicious processes
1
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2552 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe | |||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211) Modules
| |||||||||||||||
| 2856 | "C:\Users\admin\Desktop\OSAYDE MSR 880 Demo\MSR880_Ver1.0.exe" | C:\Users\admin\Desktop\OSAYDE MSR 880 Demo\MSR880_Ver1.0.exe | — | explorer.exe | |||||||||||
User: admin Integrity Level: MEDIUM Description: m160 Microsoft 基础类应用程序 Exit code: 0 Version: 1, 0, 0, 1 Modules
| |||||||||||||||
| 3484 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\OSAYDE MSR 880 Demo.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe | |||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 Modules
| |||||||||||||||
Total events
1 679
Read events
1 667
Write events
12
Delete events
0
Modification events
| (PID) Process: | (3484) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E |
| Operation: | write | Name: | LanguageList |
Value: en-US | |||
| (PID) Process: | (3484) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
| (PID) Process: | (3484) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
| (PID) Process: | (3484) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop\phacker.zip | |||
| (PID) Process: | (3484) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | name |
Value: 120 | |||
| (PID) Process: | (3484) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | size |
Value: 80 | |||
| (PID) Process: | (3484) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | type |
Value: 120 | |||
| (PID) Process: | (3484) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | mtime |
Value: 100 | |||
| (PID) Process: | (2552) SearchProtocolHost.exe | Key: | HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\178\52C64B7E |
| Operation: | write | Name: | LanguageList |
Value: en-US | |||
Executable files
7
Suspicious files
9
Text files
3
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\MSR880 User Manual.pdf | — | |
MD5:— | SHA256:— | |||
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\API Guide Ver1.0\API Guide Ver1.0.rar | compressed | |
MD5:355BF95BD1F668753D4BD4A183737174 | SHA256:FCAC98A271AE7A82EE355E2E2BC8498B47F2FD643A6247A76BAF8EBEB291ACC2 | |||
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\API Guide Ver1.0\API\Lib160.dll | executable | |
MD5:A40B6BF8F4CAF054D92C2799850A3D27 | SHA256:02E04BD61425FDDEE18430D62357F4099DDD629A8FDA6E57D4038B7FB0DDB0A9 | |||
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\API Guide Ver1.0\API Guide V1.0.pdf | ||
MD5:0EA0A661F6CEC195D02D7B93355E723E | SHA256:C19C79CD885E30C6BAF8CF68704263E74C640BBDD75E51AB90EAD3EF5A9DD301 | |||
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\API Guide Ver1.0\Tool\magcard.rar | compressed | |
MD5:BAE433D0DB5F68A8359A10CF2E528B09 | SHA256:29A3FF859DD634B9127C9EAB8002B8BCAB5A28CCBDC7E01206E7AABFBB727022 | |||
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\API Guide Ver1.0\Tool\notice.txt | text | |
MD5:28145E0F5B9E0E4B65D7A1566A2C1E2E | SHA256:219643F071B6658DC1C4B283961B94449A15E9DD22B7B5A4584C07D7579144BC | |||
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\API Guide Ver1.0\Tool\winXP PCSC driver\notice.txt | text | |
MD5:C94D56ACE4710AEFE25A20AAFCC6BB31 | SHA256:95D7504DAB1891FD78915D32646BC94135D7E8558ED7AAD50E56988B270F72F8 | |||
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\API Guide Ver1.0\Tool\setup.exe | executable | |
MD5:CB6C2F22BF7900421922DEADF051DC6C | SHA256:B90D3DBDD1E4AE44E0C93BA1B35955585554F583E8F20C9E5F03C35D0AE32A32 | |||
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\API Guide Ver1.0\Tool\winXP PCSC driver\usbccid.PNF | binary | |
MD5:2A4BAF2D9E3F6547FECAD152A056B25B | SHA256:4A8E19CDB278FBC1E17AA33C4BEEA543232AE9FB3719B59706BC06A74BDCD173 | |||
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\API Guide Ver1.0\API\Lib160.lib | binary | |
MD5:7A09F25D0D22973166227D5A0910C74E | SHA256:7D33383EE0036136A0EA49C049C040F4D8AC242060E5449BA1942D76C6B33EC8 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
3284 | svchost.exe | 239.255.255.250:1900 | — | — | — | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |