download: | Fortnite_Checker.zip |
Full analysis: | https://app.any.run/tasks/ca443ec2-d569-4bfe-8e29-09e1d057ef1e |
Verdict: | Malicious activity |
Analysis date: | August 13, 2019, 23:30:13 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v1.0 to extract |
MD5: | C652596102C559FBF82AE80300BCA92C |
SHA1: | 32CD9F2DEBF6C939B73A76C4957DCD714DC10B69 |
SHA256: | 8911756307C903F12774A4D2B70C1A8BD2549985BDDF8981516366BC14CE0FC3 |
SSDEEP: | 49152:SBx9ngCf3K4JlW/2cnjtbmzC58t0asyBttVhXcQavb8wLh:Sx9nDfK4COcnjU258QyBtFcFvbjN |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 10 |
---|---|
ZipBitFlag: | - |
ZipCompression: | None |
ZipModifyDate: | 2019:05:16 13:49:09 |
ZipCRC: | 0x00000000 |
ZipCompressedSize: | - |
ZipUncompressedSize: | - |
ZipFileName: | Fortnite_Checker/ |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3268 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Fortnite_Checker.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3164 | "C:\Users\admin\Desktop\Fortnite_Checker\Fortnite_Checker.exe" | C:\Users\admin\Desktop\Fortnite_Checker\Fortnite_Checker.exe | — | explorer.exe |
User: admin Company: Coilz Integrity Level: MEDIUM Description: SoundCloud Api Library Exit code: 0 Version: 1.1.0.0 | ||||
252 | "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | Fortnite_Checker.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Visual Basic Command Line Compiler Version: 8.0.50727.5420 | ||||
128 | C:\Windows\Explorer.EXE | C:\Windows\explorer.exe | — | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2572 | "C:\Windows\System32\wuapp.exe" -c "C:\ProgramData\LUGATnburW\cfg" | C:\Windows\System32\wuapp.exe | vbc.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Update Application Launcher Version: 7.5.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2840 | cmd.exe /C WScript "C:\ProgramData\LUGATnburW\r.vbs" | C:\Windows\system32\cmd.exe | — | vbc.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2540 | WScript "C:\ProgramData\LUGATnburW\r.vbs" | C:\Windows\system32\wscript.exe | cmd.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3268 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3268.8255\Fortnite_Checker\Fortnite_Checker.exe | — | |
MD5:— | SHA256:— | |||
3268 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3268.8255\Fortnite_Checker\MetroFramework.Design.dll | — | |
MD5:— | SHA256:— | |||
3268 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3268.8255\Fortnite_Checker\MetroFramework.dll | — | |
MD5:— | SHA256:— | |||
3268 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3268.8255\Fortnite_Checker\MetroFramework.Fonts.dll | — | |
MD5:— | SHA256:— | |||
128 | explorer.exe | C:\Users\admin\Desktop\Fortnite_Checker | — | |
MD5:— | SHA256:— | |||
252 | vbc.exe | C:\ProgramData\LUGATnburW\SXMR.exe | — | |
MD5:— | SHA256:— | |||
252 | vbc.exe | C:\ProgramData\LUGATnburW\cfgi | text | |
MD5:EAC53AA1B7F41DC6F0B3238528920CC7 | SHA256:766E5580A7F2589F3777EB2809AB60244BD621DA2C32CD4BE8B549D783056C52 | |||
2540 | wscript.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cIQcavYWZA.url | text | |
MD5:97BC7959C4A1CB4A1CE9F3345BA96812 | SHA256:D8A299B6C908E5D9B3970D014C28FF5256420794A21DB70E540F6DE19E98C0F2 | |||
252 | vbc.exe | C:\ProgramData\LUGATnburW\r.vbs | binary | |
MD5:46B50AA2F8B5388CBBD1F3CF00D6DF2E | SHA256:DD6B49F7B6B7A69E3200827E22167842E619F2158645C648564475DA21CA8036 | |||
252 | vbc.exe | C:\ProgramData\LUGATnburW\SXMR | executable | |
MD5:34AA912DEFA18C2C129F1E09D75C1D7E | SHA256:6DF94B7FA33F1B87142ADC39B3DB0613FC520D9E7A5FD6A5301DD7F51F8D0386 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 136.243.102.167:45700 | xmr.pool.minergate.com | Hetzner Online GmbH | DE | malicious |
Domain | IP | Reputation |
---|---|---|
xmr.pool.minergate.com |
| suspicious |
PID | Process | Class | Message |
---|---|---|---|
— | — | A Network Trojan was detected | ET POLICY Monero Mining Pool DNS Lookup |
2572 | wuapp.exe | Potential Corporate Privacy Violation | ET POLICY Cryptocurrency Miner Checkin |
2572 | wuapp.exe | Misc activity | MINER [PTsecurity] CoinMiner CryptoNight XMRig JSON_RPC Client Login |
2572 | wuapp.exe | Misc activity | MINER [PTsecurity] Riskware/CoinMiner JSON_RPC Response |
2572 | wuapp.exe | Misc activity | MINER [PTsecurity] Risktool.W32.coinminer!c |
2572 | wuapp.exe | Misc activity | MINER [PTsecurity] CoinMiner CryptoNight algo JSON_RPC server Response |
2572 | wuapp.exe | Misc activity | MINER [PTsecurity] Riskware/CoinMiner JSON_RPC Response |
2572 | wuapp.exe | Misc activity | MINER [PTsecurity] Risktool.W32.coinminer!c |
2572 | wuapp.exe | Misc activity | MINER [PTsecurity] CoinMiner CryptoNight algo JSON_RPC server Response |