File name: | 2C17286A718EB4CE665F0DF4A4FF89E33F1DD226C82909CAF18DC725D75DE4CD.zip |
Full analysis: | https://app.any.run/tasks/73bc2491-4980-4164-88ab-f99c8a49d0b6 |
Verdict: | Malicious activity |
Analysis date: | December 06, 2019, 18:01:36 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | EE7FB9E1ED23D48452212AAECDE60B1A |
SHA1: | A04C5256F20FD7EDAE1F96513AD8F29A3469D35A |
SHA256: | 8924EBA4A59C5A3A590AE3F5C5B6F43BE5CCF35B10985EFC58767305C3060FC5 |
SSDEEP: | 12288:8E/59fZqYtH6GciFno9iZFw5dsLw1urDMDqsY9BvkInOH+G:8E//RqmH6mcgFodsLwU1FOeG |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | 2C17286A718EB4CE665F0DF4A4FF89E33F1DD226C82909CAF18DC725D75DE4CD |
---|---|
ZipUncompressedSize: | 784384 |
ZipCompressedSize: | 745013 |
ZipCRC: | 0xbbd9b263 |
ZipModifyDate: | 2019:12:05 16:06:26 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0009 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
436 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\2C17286A718EB4CE665F0DF4A4FF89E33F1DD226C82909CAF18DC725D75DE4CD.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2484 | "C:\Users\admin\Desktop\a.exe" | C:\Users\admin\Desktop\a.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: MPS Reporting Tool for Setup and Performance Support Exit code: 3221226540 Version: 5.2.2004.1 | ||||
3328 | "C:\Users\admin\Desktop\a.exe" | C:\Users\admin\Desktop\a.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: MPS Reporting Tool for Setup and Performance Support Exit code: 0 Version: 5.2.2004.1 | ||||
2752 | cmd /c C:\Users\admin\AppData\Local\Temp\IXP000.TMP\MPSRPT.CMD | C:\Windows\system32\cmd.exe | a.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 255 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
4052 | C:\Windows\system32\cmd.exe /c time /t | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2912 | C:\Windows\system32\cmd.exe /c date /t | C:\Windows\system32\cmd.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1252 | C:\Windows\MPSReports\Setup\Bin\GETVER.EXE | C:\Windows\MPSReports\Setup\Bin\GetVer.exe | — | cmd.exe |
User: admin Integrity Level: HIGH Exit code: 61 | ||||
3372 | C:\Windows\MPSReports\Setup\Bin\GETVER.EXE | C:\Windows\MPSReports\Setup\Bin\GetVer.exe | — | cmd.exe |
User: admin Integrity Level: HIGH Exit code: 61 |
PID | Process | Filename | Type | |
---|---|---|---|---|
436 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb436.32231\2C17286A718EB4CE665F0DF4A4FF89E33F1DD226C82909CAF18DC725D75DE4CD | — | |
MD5:— | SHA256:— | |||
3328 | a.exe | C:\Users\admin\AppData\Local\Temp\IXP000.TMP\diskmap.exe | executable | |
MD5:30A60EEF6571271C5A17540056612B98 | SHA256:902FDC84518135B613428B7DDA7B71E333973CDB6CEC19C344E585CA1A0C4900 | |||
3328 | a.exe | C:\Users\admin\AppData\Local\Temp\IXP000.TMP\Finish.cmd | text | |
MD5:E00D8B6B4FE1D99B3889247EA223654E | SHA256:86ABA7A34287E4FB21E788C230FDF181B5471786A534B92CE889B0F222157F88 | |||
3328 | a.exe | C:\Users\admin\AppData\Local\Temp\IXP000.TMP\EULA.TXT | text | |
MD5:D16BB91F671264BB90213EBFA7089D40 | SHA256:B2D7C146627837B8A3CE28F613F627DF1E3CCB96C2F37D26979BC60EE36C2EA4 | |||
3328 | a.exe | C:\Users\admin\AppData\Local\Temp\IXP000.TMP\DumpEVT.exe | executable | |
MD5:50DE93016C93129D98E2FE4C9DA20018 | SHA256:84CF888C8101F891C41DF936DADCEF559EC566DB305160C1B71F887954B70669 | |||
3328 | a.exe | C:\Users\admin\AppData\Local\Temp\IXP000.TMP\DUMPEL.EXE | executable | |
MD5:C7EB15A205C80BF45347C76B75D1ECE8 | SHA256:6EE872BC3FBEF9F59E74D5E050BC06DE3463DEB57B862946DB464FC34097D4EC | |||
3328 | a.exe | C:\Users\admin\AppData\Local\Temp\IXP000.TMP\XP.cmd | text | |
MD5:9DA93CFC4C39972EC0A3F1C05D55AA01 | SHA256:BB27F687B0D469DE5FE0A6F0E6F141A8788357EA555468285C447888F8ED7268 | |||
3328 | a.exe | C:\Users\admin\AppData\Local\Temp\IXP000.TMP\dmdiagnet.exe | executable | |
MD5:53A036D010A1EB63B229617AF943D659 | SHA256:9EA2099682D5818E9EF3369ACBCA93C7C7F071A94D6D27EEC18D41B7C0CE2F39 | |||
3328 | a.exe | C:\Users\admin\AppData\Local\Temp\IXP000.TMP\dmdiag.exe | executable | |
MD5:2F742F5B5F937003D6B8B3591FAE1BCB | SHA256:214B108EFF0AB41211550B17678F0AE55B1A49D9A5A957A72B008C2D94851761 | |||
3328 | a.exe | C:\Users\admin\AppData\Local\Temp\IXP000.TMP\CheckSym.exe | executable | |
MD5:AC9962CB23CA370B8C7183890FA50B46 | SHA256:3E5E35F3CDEAF9E993479C3611DC8622291D72FEBA66C3161A1C871B40E3FFCF |