File name: | new_cheat_aw.zip |
Full analysis: | https://app.any.run/tasks/23dea735-92f0-4d0c-b380-36582d93f05f |
Verdict: | Malicious activity |
Analysis date: | August 08, 2020, 10:56:23 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | CAF6E99409AC49EE7F08136921AF20D7 |
SHA1: | EA3E83FF3D5DC9D952051656EAB41A96B9B2B7E5 |
SHA256: | 89D06EFFB3EA2AF6141A35FBE6EF995D919CD32B70EC93662F7FE6AA000ABB55 |
SSDEEP: | 3072:MYDyqsNxCH7amfzVU4Ou5iKPdiBD3OHDhdpjR+Z8mCjE3Yh0CZtS5gpkRjDGiTo:MYGqs075r0xJ3iP3+ZNhtGS5gOdGgo |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | Deflated |
ZipModifyDate: | 2018:09:13 14:13:23 |
ZipCRC: | 0xa2553ee2 |
ZipCompressedSize: | 172354 |
ZipUncompressedSize: | 453376 |
ZipFileName: | new_cheat_aw.exe |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2252 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\new_cheat_aw.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
876 | C:\Windows\system32\svchost.exe -k netsvcs | C:\Windows\System32\svchost.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Host Process for Windows Services Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1704 | C:\Windows\Explorer.EXE | C:\Windows\explorer.exe | — | — |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3700 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
3724 | C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503} | C:\Windows\system32\DllHost.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: COM Surrogate Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2252 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2252.3184\new_cheat_aw.exe | — | |
MD5:— | SHA256:— | |||
1704 | explorer.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1b4dd67f29cb1962.automaticDestinations-ms | automaticdestinations-ms | |
MD5:1929F633FC251A1A47089C1A6172ACA6 | SHA256:7E8B3D1AC80A3B7ED8AD91061DCF870DD238FF5897D5FF115CEB3E38C7F6085E | |||
1704 | explorer.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\drspain.jpg (2).lnk | lnk | |
MD5:162A958BC4500836BD53655B19BB15E8 | SHA256:F4455C1C4631387D164426B1AABD6691232FBD19D91FBECAEED741373562FC9C | |||
1704 | explorer.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\minactivities.jpg.lnk | lnk | |
MD5:580356E6C4D2BB8E11EF9E4C288FE0B0 | SHA256:8E67382047166D480C8CF9AD4C111BA0CF6BD081BF9A23C73FC7D7B614B4B5AD | |||
876 | svchost.exe | C:\Windows\appcompat\programs\RecentFileCache.bcf | txt | |
MD5:80E2D81AB1E2627402AE0E47844D88E3 | SHA256:12991737C711E790770A5EEA7F2CA8B71F8DDB4461524C01377EF253BD93EFCC | |||
1704 | explorer.exe | C:\Users\admin\Desktop\new_cheat_aw.exe | executable | |
MD5:B26592DC7C58887DA7D00360AEF67380 | SHA256:3426F85C98FC4AE183418E9EA4ACE10FF570C1E60FABB89C4925763C162D230E |