| File name: | OSAYDE MSR 880 Demo.zip |
| Full analysis: | https://app.any.run/tasks/2e044ffb-696f-49aa-851b-276c2b583e9f |
| Verdict: | Malicious activity |
| Analysis date: | September 19, 2023, 00:31:03 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| MIME: | application/zip |
| File info: | Zip archive data, at least v2.0 to extract |
| MD5: | 42E88A7B427131D46FD154A5AD18A3DE |
| SHA1: | D39F0FFC4073A54BCC19B5745C87BD9FB60ABB60 |
| SHA256: | 835625615C7523ED3D2FDC496250862DE02C8BB9CEA470E29CB944366FE12E1F |
| SSDEEP: | 196608:bkBDkn4KcfxiZNHvBDVdCPp3QiTBZ3IlMNFhG5bdWVPOV1T10hw6:wk4PxiZ1v5CFxY+2mPOVp1ow6 |
MALICIOUS
Application was dropped or rewritten from another process
- MSR880_Ver1.0.exe (PID: 2856)
Loads dropped or rewritten executable
- MSR880_Ver1.0.exe (PID: 2856)
SUSPICIOUS
Drops a system driver (possible attempt to evade defenses)
- WinRAR.exe (PID: 3484)
INFO
Manual execution by a user
- MSR880_Ver1.0.exe (PID: 2856)
Reads the computer name
- MSR880_Ver1.0.exe (PID: 2856)
Checks supported languages
- MSR880_Ver1.0.exe (PID: 2856)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .zip | | | ZIP compressed archive (100) |
|---|
EXIF
ZIP
| ZipFileName: | OSAYDE MSR 880 Demo/ |
|---|---|
| ZipUncompressedSize: | - |
| ZipCompressedSize: | - |
| ZipCRC: | 0x00000000 |
| ZipModifyDate: | 2016:11:29 10:51:10 |
| ZipCompression: | None |
| ZipBitFlag: | - |
| ZipRequiredVersion: | 20 |
Total processes
36
Monitored processes
3
Malicious processes
1
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2552 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe | |||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211) Modules
| |||||||||||||||
| 2856 | "C:\Users\admin\Desktop\OSAYDE MSR 880 Demo\MSR880_Ver1.0.exe" | C:\Users\admin\Desktop\OSAYDE MSR 880 Demo\MSR880_Ver1.0.exe | — | explorer.exe | |||||||||||
User: admin Integrity Level: MEDIUM Description: m160 Microsoft 基础类应用程序 Exit code: 0 Version: 1, 0, 0, 1 Modules
| |||||||||||||||
| 3484 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\OSAYDE MSR 880 Demo.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe | |||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 Modules
| |||||||||||||||
Total events
1 679
Read events
1 667
Write events
12
Delete events
0
Modification events
| (PID) Process: | (3484) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\178\52C64B7E |
| Operation: | write | Name: | LanguageList |
Value: en-US | |||
| (PID) Process: | (3484) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
| (PID) Process: | (3484) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
| (PID) Process: | (3484) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop\phacker.zip | |||
| (PID) Process: | (3484) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | name |
Value: 120 | |||
| (PID) Process: | (3484) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | size |
Value: 80 | |||
| (PID) Process: | (3484) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | type |
Value: 120 | |||
| (PID) Process: | (3484) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | mtime |
Value: 100 | |||
| (PID) Process: | (2552) SearchProtocolHost.exe | Key: | HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\178\52C64B7E |
| Operation: | write | Name: | LanguageList |
Value: en-US | |||
Executable files
7
Suspicious files
9
Text files
3
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\MSR880 User Manual.pdf | — | |
MD5:— | SHA256:— | |||
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\API Guide Ver1.0\Tool\TABCTL32.OCX | executable | |
MD5:DC925B6D77BA9ECB532E2F6750BE943B | SHA256:D10A197FD53E65DC910CA4AED86CB674C613FF14CE6436D1A445BB27A7A499E0 | |||
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\API Guide Ver1.0\Tool\winXP PCSC driver\notice.txt | text | |
MD5:C94D56ACE4710AEFE25A20AAFCC6BB31 | SHA256:95D7504DAB1891FD78915D32646BC94135D7E8558ED7AAD50E56988B270F72F8 | |||
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\API Guide Ver1.0\Tool\winXP PCSC driver\usbccid.PNF | binary | |
MD5:2A4BAF2D9E3F6547FECAD152A056B25B | SHA256:4A8E19CDB278FBC1E17AA33C4BEEA543232AE9FB3719B59706BC06A74BDCD173 | |||
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\API Guide Ver1.0\Tool\magcard.rar | compressed | |
MD5:BAE433D0DB5F68A8359A10CF2E528B09 | SHA256:29A3FF859DD634B9127C9EAB8002B8BCAB5A28CCBDC7E01206E7AABFBB727022 | |||
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\API Guide Ver1.0\Tool\setup.exe | executable | |
MD5:CB6C2F22BF7900421922DEADF051DC6C | SHA256:B90D3DBDD1E4AE44E0C93BA1B35955585554F583E8F20C9E5F03C35D0AE32A32 | |||
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\API Guide Ver1.0\Tool\winXP PCSC driver\usbccid.cat | binary | |
MD5:D76C27D0C43AE2ADE72A737EE93D24BC | SHA256:16D27ECD64C18A63005FFC21023B1B426F12D634E4D6D153CDC0668EB8873D2D | |||
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\API Guide Ver1.0\Tool\winXP PCSC driver\usbccid.inf | text | |
MD5:847D52826E564CC823A53133E97EDEBC | SHA256:92ADF715E8AF162170B04BBB238DDE9917F5B205800F816C99D23F24203511C2 | |||
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\API Guide Ver1.0\notice.pdf | ||
MD5:60BFA9ADB3711902BED919607BB2AAC9 | SHA256:475F0B7405EFE7B32029BD9A56C2112FAF39E05C548B479746DAA76D988C5DC9 | |||
| 3484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3484.49282\OSAYDE MSR 880 Demo\API Guide Ver1.0\Tool\winXP PCSC driver\usbccid.sys | executable | |
MD5:2825E0E294686A26506690059E1F437A | SHA256:58FA57DA9077312142237DC8ADB5371B291255E9806CE76DB09380D767BC4114 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
3
DNS requests
0
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
3284 | svchost.exe | 239.255.255.250:1900 | — | — | — | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |