File name: | Debug.7z |
Full analysis: | https://app.any.run/tasks/72d4b0c6-dfb4-4e6d-aec0-5039476d3583 |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 10:08:22 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-7z-compressed |
File info: | 7-zip archive data, version 0.4 |
MD5: | 6D4FA8AB3B7C2D9433C92141D1897608 |
SHA1: | 88DA8EE0C7E27DF69103B0719BDE71804A6714FB |
SHA256: | 83DFA333E40CAFC2C7E62FECDDC9F66A3441498C1EB5D5E36B31C469BC6E8506 |
SSDEEP: | 98304:LuLx3GvI4FtQJIgtVAu02ZBzJE66S3AEO9J+wSAq0iujUvR4bEQP+mM2y8CIHr:sx3GvI4F2JIsAUL6wAEMAzADiuo2V+X4 |
.7z | | | 7-Zip compressed archive (v0.4) (57.1) |
---|---|---|
.7z | | | 7-Zip compressed archive (gen) (42.8) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3212 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Debug.7z" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.91.0 | ||||
3604 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\system32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211) | ||||
3176 | "C:\Users\admin\Desktop\nhjj.exe" | C:\Users\admin\Desktop\nhjj.exe | — | Explorer.EXE |
User: admin Integrity Level: MEDIUM Description: nhjj Exit code: 3221226540 Version: 1.0.0.0 | ||||
4024 | "C:\Users\admin\Desktop\nhjj.exe" | C:\Users\admin\Desktop\nhjj.exe | Explorer.EXE | |
User: admin Integrity Level: HIGH Description: nhjj Exit code: 2148734720 Version: 1.0.0.0 | ||||
2520 | "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.7.2&processName=nhjj.exe&platform=0000&osver=5&isServer=0&shimver=4.0.30319.34209 | C:\Program Files\Internet Explorer\iexplore.exe | — | nhjj.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3380 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2520 CREDAT:275457 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2152 | "C:\Users\admin\Desktop\nhjj.exe" | C:\Users\admin\Desktop\nhjj.exe | — | Explorer.EXE |
User: admin Integrity Level: MEDIUM Description: nhjj Exit code: 3221226540 Version: 1.0.0.0 | ||||
2804 | "C:\Users\admin\Desktop\nhjj.exe" | C:\Users\admin\Desktop\nhjj.exe | Explorer.EXE | |
User: admin Integrity Level: HIGH Description: nhjj Exit code: 2148734720 Version: 1.0.0.0 | ||||
3520 | "C:\Program Files\Internet Explorer\iexplore.exe" http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch&plcid=0x409&o1=.NETFramework,Version=v4.7.2&processName=nhjj.exe&platform=0000&osver=5&isServer=0&shimver=4.0.30319.34209 | C:\Program Files\Internet Explorer\iexplore.exe | — | nhjj.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3948 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3520 CREDAT:275457 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3212 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3212.17101\Microsoft.CodeAnalysis.CSharp.pdb | binary | |
MD5:A98122874E2FF3CD6E6378BFE703A1E7 | SHA256:810D3B427272E97806404359EA1D20EBF10C473B72E3F2B823101DEFED7003B8 | |||
3212 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3212.17101\Microsoft.CodeAnalysis.xml | xml | |
MD5:B82470C782EABD9D3F092EE1E3B9D110 | SHA256:BC0E92D9A074985A65ED76F17D812FADCDB99A34E78BB879A4DBE3AAFAF915CE | |||
3212 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3212.17101\Microsoft.CodeAnalysis.CSharp.xml | xml | |
MD5:C2BFE8D888685BCD19E9AAE5B04EA61C | SHA256:8501B3B28FB245FCF9604B67EAC1FA528717A9920172CBFA79CF3E478611EE45 | |||
3212 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3212.17101\cs\Microsoft.CodeAnalysis.CSharp.resources.dll | executable | |
MD5:C8AAC6A5B0EBBF6098B96963758684C6 | SHA256:3E20DA06FD49B2F388198FE725878FD6F8CFA330CC34BCC7C00AFD981E6E6A4B | |||
3212 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3212.17101\nhjj.pdb | pdb | |
MD5:2F9015EF6A0CFDBE0D95CE8997AB5D29 | SHA256:708AA936682CBB901DDB8D718FC7F670F486A36A4C3F4DCD869DC53F9BA2A46A | |||
3212 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3212.17101\de\Microsoft.CodeAnalysis.CSharp.resources.dll | executable | |
MD5:32EB03D9F08052661973130ADDD79FB9 | SHA256:42028FB07B22CE3BFCDA10352ECFAC64E6A9B88FA488CFBAC5F2142647A995CB | |||
3212 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3212.17101\es\Microsoft.CodeAnalysis.CSharp.resources.dll | executable | |
MD5:0B5EC84B7957CB8C31DF0EDE4CF5F8E7 | SHA256:518FA2EE48EB447D76D728483C2D87E415EB981B33B5452F7A928FAABB56987B | |||
3212 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3212.17101\Microsoft.CodeAnalysis.pdb | binary | |
MD5:13E36F552634395ED7D3F5B21B54037C | SHA256:3A5D2A21B207930DD9F3A3CACDB24461284828DF951FEF88B8964A553DC411DC | |||
3212 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3212.17101\nhjj.exe.config | xml | |
MD5:98DBB4A9BC384DCA6B79A47886C42891 | SHA256:4E12056F6C6FF7D05F4DFD957586AEB41FE563677C57AE2FC43AFF8AA2BCF970 | |||
3212 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3212.17101\es\Microsoft.CodeAnalysis.resources.dll | executable | |
MD5:7980A9D365D8BFD1A644C23CF84CFCFD | SHA256:DBB5C7D7CB2898FEACE653BF3055776D0D581CF8DB0845DD306F0BB16EBE70FE |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3948 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
3380 | iexplore.exe | GET | 200 | 178.79.242.128:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?19a1f92e954799a8 | DE | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3948 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3380 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3948 | iexplore.exe | 104.89.38.104:443 | go.microsoft.com | Akamai Technologies, Inc. | NL | malicious |
3380 | iexplore.exe | 104.89.38.104:443 | go.microsoft.com | Akamai Technologies, Inc. | NL | malicious |
3380 | iexplore.exe | 178.79.242.128:80 | ctldl.windowsupdate.com | Limelight Networks, Inc. | DE | malicious |
— | — | 192.168.100.2:53 | — | — | — | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.microsoft.com |
| whitelisted |
go.microsoft.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
dotnet.microsoft.com |
| whitelisted |