File name: | CrystalDiskInfo8_1_0.zip |
Full analysis: | https://app.any.run/tasks/32303ff8-902e-4d9e-903b-4ffb383fad2a |
Verdict: | Malicious activity |
Analysis date: | May 21, 2019, 02:10:31 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v1.0 to extract |
MD5: | 563D0AE995DC41973260681DAB96AD7A |
SHA1: | BA60A6C8C9533EFE65B3C33901E0516CE09504A8 |
SHA256: | 840F394F6AAD421BC24FDA4F1625A318C4F1C136D1067BE0C8AB621AF81743EC |
SSDEEP: | 98304:A74DdJdi5O4M/vvgKQCaPJw6fsYByuRUYSpsU7bzS4/wPbyKZxy9MmQ:FdJdi5OhIKQ4EkASpsU7ZsyQxClQ |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 10 |
---|---|
ZipBitFlag: | - |
ZipCompression: | None |
ZipModifyDate: | 2019:04:22 21:45:11 |
ZipCRC: | 0x00000000 |
ZipCompressedSize: | - |
ZipUncompressedSize: | - |
ZipFileName: | CdiResource/ |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2232 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\CrystalDiskInfo8_1_0.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3628 | "C:\Users\admin\Desktop\DiskInfo32.exe" | C:\Users\admin\Desktop\DiskInfo32.exe | — | explorer.exe |
User: admin Company: Crystal Dew World Integrity Level: MEDIUM Description: CrystalDiskInfo Exit code: 3221226540 Version: 8.1.0.2019 | ||||
916 | "C:\Users\admin\Desktop\DiskInfo32.exe" | C:\Users\admin\Desktop\DiskInfo32.exe | explorer.exe | |
User: admin Company: Crystal Dew World Integrity Level: HIGH Description: CrystalDiskInfo Version: 8.1.0.2019 | ||||
2860 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\ablemodel.rtf" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Exit code: 0 Version: 14.0.6024.1000 | ||||
2760 | "C:\Program Files\CCleaner\CCleaner.exe" | C:\Program Files\CCleaner\CCleaner.exe | — | explorer.exe |
User: admin Company: Piriform Ltd Integrity Level: MEDIUM Description: CCleaner Exit code: 0 Version: 5, 35, 0, 6210 | ||||
592 | "C:\Program Files\CCleaner\CCleaner.exe" /uac | C:\Program Files\CCleaner\CCleaner.exe | taskeng.exe | |
User: admin Company: Piriform Ltd Integrity Level: HIGH Description: CCleaner Exit code: 0 Version: 5, 35, 0, 6210 | ||||
1976 | "C:\Program Files\CCleaner\CCleaner.exe" /monitor | C:\Program Files\CCleaner\CCleaner.exe | CCleaner.exe | |
User: admin Company: Piriform Ltd Integrity Level: HIGH Description: CCleaner Version: 5, 35, 0, 6210 | ||||
3204 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | CCleaner.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2972 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3204 CREDAT:79873 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3676 | "C:\Program Files\Mozilla Firefox\firefox.exe" | C:\Program Files\Mozilla Firefox\firefox.exe | explorer.exe | |
User: admin Company: Mozilla Corporation Integrity Level: MEDIUM Description: Firefox Version: 65.0.2 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2232 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2232.15807\CdiResource\AlertMail.exe | executable | |
MD5:46A29DAB77E0C3FF5B7E0EA2F1E5B7C8 | SHA256:A9B8A51A99B4C63038C948C5BDA54750EA85E0D9B4DB7D78FB4DAC9D8854FEEA | |||
2232 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2232.15807\CdiResource\dialog\image\buttonEnable.png | image | |
MD5:FB6BD83144C157F965B020763481B2C0 | SHA256:45EB98AE366BD57046F42E7B9C52552505BECD6F467A10781D00BCE0E0E39D6C | |||
2232 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2232.15807\CdiResource\dialog\Graph.html | html | |
MD5:006B850CE85CFBCC92BBEE6966BDF0D5 | SHA256:647860CDA8FDF6F344B835472C04ACB929EA411270F780B4FA27161E9E145C35 | |||
2232 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2232.15807\CdiResource\dialog\Graph.css | text | |
MD5:92D30E5381370231C4888B57D29D27C6 | SHA256:5D6EDF2D14B16C1C47E85609346874593B4E989214AFDBFEF4D849A30F9F719F | |||
2232 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2232.15807\CdiResource\dialog\image\buttonDisable.png | image | |
MD5:8CE9F3A5880F1C753F75E814A77EED91 | SHA256:EA1304F8D276D6E0775611C6FA8E0DEC1E320F4D13F94C1AB8F03F22328774FB | |||
2232 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2232.15807\CdiResource\dialog\flot\jquery.min.js | text | |
MD5:A9331828C517AC5D97F93B3CFDBCC9BC | SHA256:D548530775A6286F49BA66E0715876B4EC5985966B0291C21568FECFC4178E8D | |||
2232 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2232.15807\CdiResource\AlertMail4.exe | executable | |
MD5:7E919B00AEE429607FF663A6511F179F | SHA256:CFB06B92A0483AAD4D653DB58121417B776D41C80DB5CAB1B4465C172F4168A9 | |||
2232 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2232.15807\CdiResource\dialog\image\GraphAllOn.png | image | |
MD5:AD5566B216D5BA4997966A9964D1C64B | SHA256:2730DE1C517663AA87403ABEAF6FE562BC5EABD15FA0C0D898C1AFE37276C935 | |||
2232 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2232.15807\CdiResource\dialog\flot\jquery.flot.min.js | text | |
MD5:F1843ACDB53F2C88903F89E4E175CD32 | SHA256:8A0F1DD79995A9308CFFDCAE12445D9F727D66A450EF5158280E0724DE55C32F | |||
2232 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2232.15807\CdiResource\dialog\flot\excanvas.min.js | text | |
MD5:08182065D2093C978A9BFA16B0829173 | SHA256:5F94B032A110504B7B261EAF71392FA3E8D82CDC6455C0CBA5C9F03CD34ED122 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2972 | iexplore.exe | GET | 301 | 151.101.0.64:80 | http://www.piriform.com/ccleaner/update?a=0&v=5.35.6210&l=1033&o=6.1W3&t=4&au=1 | US | — | — | whitelisted |
592 | CCleaner.exe | GET | 301 | 151.101.0.64:80 | http://www.piriform.com/auto?a=0&p=cc&v=5.35.6210&l=1033&lk=&mk=IJR6-W5SV-5KYR-QBZD-6BY4-RN5Z-WAV9-RVK2-VJCA&o=6.1W3&au=1&mx=97B7721C4994E2556FF6A439510F665DB45337A341A47E15F4997584423BF714&gu=00000000-0000-4000-8000-d6f7f2be5127 | US | — | — | whitelisted |
2972 | iexplore.exe | GET | 200 | 13.107.4.50:80 | http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab | US | compressed | 56.1 Kb | whitelisted |
3676 | firefox.exe | GET | 200 | 95.100.39.8:80 | http://detectportal.firefox.com/success.txt | DE | text | 8 b | whitelisted |
3676 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
3676 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
3676 | firefox.exe | GET | 302 | 18.208.31.59:80 | http://download.mozilla.org/?product=firefox-66.0.5-complete&os=win&lang=en-US | US | html | 129 b | whitelisted |
3676 | firefox.exe | POST | 200 | 172.217.16.131:80 | http://ocsp.pki.goog/GTSGIAG3 | US | der | 471 b | whitelisted |
3676 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
3676 | firefox.exe | POST | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/ | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2972 | iexplore.exe | 216.58.207.68:443 | www.google.com | Google Inc. | US | whitelisted |
592 | CCleaner.exe | 151.101.0.64:80 | www.piriform.com | Fastly | US | whitelisted |
2972 | iexplore.exe | 172.217.22.67:443 | fonts.gstatic.com | Google Inc. | US | whitelisted |
592 | CCleaner.exe | 151.101.2.202:443 | www.ccleaner.com | Fastly | US | suspicious |
— | — | 151.101.0.64:443 | www.piriform.com | Fastly | US | whitelisted |
3204 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
592 | CCleaner.exe | 151.101.0.64:443 | www.piriform.com | Fastly | US | whitelisted |
2972 | iexplore.exe | 151.101.2.202:443 | www.ccleaner.com | Fastly | US | suspicious |
2972 | iexplore.exe | 172.217.18.170:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
2972 | iexplore.exe | 2.21.36.164:443 | s7.addthis.com | GTT Communications Inc. | FR | suspicious |
Domain | IP | Reputation |
---|---|---|
www.piriform.com |
| whitelisted |
www.ccleaner.com |
| whitelisted |
www.bing.com |
| whitelisted |
www.google.com |
| whitelisted |
s7.addthis.com |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
www.googletagmanager.com |
| whitelisted |
dev.visualwebsiteoptimizer.com |
| whitelisted |
s1.pir.fm |
| suspicious |