File name: | Debug.7z |
Full analysis: | https://app.any.run/tasks/cce75404-beb7-4e61-94fe-9ce85131176b |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 10:09:53 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-7z-compressed |
File info: | 7-zip archive data, version 0.4 |
MD5: | 6D4FA8AB3B7C2D9433C92141D1897608 |
SHA1: | 88DA8EE0C7E27DF69103B0719BDE71804A6714FB |
SHA256: | 83DFA333E40CAFC2C7E62FECDDC9F66A3441498C1EB5D5E36B31C469BC6E8506 |
SSDEEP: | 98304:LuLx3GvI4FtQJIgtVAu02ZBzJE66S3AEO9J+wSAq0iujUvR4bEQP+mM2y8CIHr:sx3GvI4F2JIsAUL6wAEMAzADiuo2V+X4 |
.7z | | | 7-Zip compressed archive (v0.4) (57.1) |
---|---|---|
.7z | | | 7-Zip compressed archive (gen) (42.8) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3740 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Debug.7z" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.91.0 | ||||
2484 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\system32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211) | ||||
1172 | C:\Windows\Explorer.EXE | C:\Windows\Explorer.EXE | — | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2200 | "C:\Users\admin\Desktop\nhjj.exe" | C:\Users\admin\Desktop\nhjj.exe | — | Explorer.EXE |
User: admin Integrity Level: MEDIUM Description: nhjj Exit code: 3221226540 Version: 1.0.0.0 | ||||
2488 | "C:\Users\admin\Desktop\nhjj.exe" | C:\Users\admin\Desktop\nhjj.exe | Explorer.EXE | |
User: admin Integrity Level: HIGH Description: nhjj Exit code: 3762504530 Version: 1.0.0.0 | ||||
568 | "C:\Users\admin\Desktop\nhjj.exe" | C:\Users\admin\Desktop\nhjj.exe | — | Explorer.EXE |
User: admin Integrity Level: MEDIUM Description: nhjj Exit code: 3221226540 Version: 1.0.0.0 | ||||
2532 | "C:\Users\admin\Desktop\nhjj.exe" | C:\Users\admin\Desktop\nhjj.exe | Explorer.EXE | |
User: admin Integrity Level: HIGH Description: nhjj Exit code: 3762504530 Version: 1.0.0.0 | ||||
3228 | "C:\Users\admin\Desktop\nhjj.exe" | C:\Users\admin\Desktop\nhjj.exe | — | Explorer.EXE |
User: admin Integrity Level: MEDIUM Description: nhjj Exit code: 3221226540 Version: 1.0.0.0 | ||||
3056 | "C:\Users\admin\Desktop\nhjj.exe" | C:\Users\admin\Desktop\nhjj.exe | Explorer.EXE | |
User: admin Integrity Level: HIGH Description: nhjj Exit code: 3762504530 Version: 1.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3740.26688\Microsoft.CodeAnalysis.CSharp.pdb | binary | |
MD5:A98122874E2FF3CD6E6378BFE703A1E7 | SHA256:810D3B427272E97806404359EA1D20EBF10C473B72E3F2B823101DEFED7003B8 | |||
3740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3740.26688\Microsoft.CodeAnalysis.pdb | binary | |
MD5:13E36F552634395ED7D3F5B21B54037C | SHA256:3A5D2A21B207930DD9F3A3CACDB24461284828DF951FEF88B8964A553DC411DC | |||
3740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3740.26688\Microsoft.CodeAnalysis.CSharp.xml | xml | |
MD5:C2BFE8D888685BCD19E9AAE5B04EA61C | SHA256:8501B3B28FB245FCF9604B67EAC1FA528717A9920172CBFA79CF3E478611EE45 | |||
3740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3740.26688\Microsoft.CodeAnalysis.xml | xml | |
MD5:B82470C782EABD9D3F092EE1E3B9D110 | SHA256:BC0E92D9A074985A65ED76F17D812FADCDB99A34E78BB879A4DBE3AAFAF915CE | |||
3740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3740.26688\nhjj.pdb | pdb | |
MD5:2F9015EF6A0CFDBE0D95CE8997AB5D29 | SHA256:708AA936682CBB901DDB8D718FC7F670F486A36A4C3F4DCD869DC53F9BA2A46A | |||
3740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3740.26688\System.Reflection.Metadata.xml | xml | |
MD5:DFC3787EACDA55856359EE7403552979 | SHA256:4F809E9285F67D2B76DF26FB84D27ED20C1CD573A8804A5B076D146D7D8D844C | |||
3740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3740.26688\cs\Microsoft.CodeAnalysis.CSharp.resources.dll | executable | |
MD5:C8AAC6A5B0EBBF6098B96963758684C6 | SHA256:3E20DA06FD49B2F388198FE725878FD6F8CFA330CC34BCC7C00AFD981E6E6A4B | |||
3740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3740.26688\cs\Microsoft.CodeAnalysis.resources.dll | executable | |
MD5:5F409411204666BC1AF78F0EE0D57D9C | SHA256:E9E762EAC8F66D93BA644E19DA627C4132CA015FDF032E474DDE9A75CE6C12F3 | |||
3740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3740.26688\es\Microsoft.CodeAnalysis.CSharp.resources.dll | executable | |
MD5:0B5EC84B7957CB8C31DF0EDE4CF5F8E7 | SHA256:518FA2EE48EB447D76D728483C2D87E415EB981B33B5452F7A928FAABB56987B | |||
3740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3740.26688\System.Buffers.xml | xml | |
MD5:1C55860DD93297A6EA2FAD2974834C3A | SHA256:2EC7FB12E11F9831E40524427F6D88A3C9FFDD56CCFA81D373467B75B479A578 |