File name: | c0804ba6eae469c2753e0ef23bb0d0ba953702be8426aa209eac5d6b89d7f886.rar.zip |
Full analysis: | https://app.any.run/tasks/f7faea34-ca20-436b-b39a-35aac3d31cbf |
Verdict: | Malicious activity |
Analysis date: | August 17, 2019, 15:01:06 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 026D47DDFD8C4063AA2DDA3BB74B25E8 |
SHA1: | 2AF5205B97F49FC13B5C9A1BB7564A4CEEC8E6DD |
SHA256: | 8A3DFC6FEBA742530864931A6C52246E36C731382CFE49EFB4A30D31D79AE70A |
SSDEEP: | 3072:shrXVtJ6fsbQ8LmuVmJT7SH9cjv+0C7752d1F+u1f/2/281b/XHLzL7B/DwlVHka:QzJ6ffHS97+1F+C2j7d/SjQr3s |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | c0804ba6eae469c2753e0ef23bb0d0ba953702be8426aa209eac5d6b89d7f886.rar |
---|---|
ZipUncompressedSize: | 214975 |
ZipCompressedSize: | 214694 |
ZipCRC: | 0xe5230856 |
ZipModifyDate: | 2019:08:16 17:05:25 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0001 |
ZipRequiredVersion: | 788 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3416 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\c0804ba6eae469c2753e0ef23bb0d0ba953702be8426aa209eac5d6b89d7f886.rar.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3148 | "C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Desktop\c0804ba6eae469c2753e0ef23bb0d0ba953702be8426aa209eac5d6b89d7f886.rar" C:\Users\admin\Desktop\c0804ba6eae469c2753e0ef23bb0d0ba953702be8426aa209eac5d6b89d7f886\ | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
1000 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
276 | C:\Windows\Explorer.EXE | C:\Windows\explorer.exe | — | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3544 | "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\Desktop\c0804ba6eae469c2753e0ef23bb0d0ba953702be8426aa209eac5d6b89d7f886\Thông tin chủ đề cần trao đổi xin kính gửi đến Tiến sĩ\wwlib.dll | C:\Windows\system32\rundll32.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3316 | "C:\Windows\system32\cmd.exe" | C:\Windows\system32\cmd.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3148 | WinRAR.exe | C:\Users\admin\Desktop\c0804ba6eae469c2753e0ef23bb0d0ba953702be8426aa209eac5d6b89d7f886\Thông tin chủ đề cần trao đổi xin kính gửi đến Tiến sĩ\Thong tin chu de can trao doi phien dich voi Tien si Tran Dieu Chan_Mong nhan duoc phan hoi som de nhat de hoan thien.exe | — | |
MD5:— | SHA256:— | |||
3148 | WinRAR.exe | C:\Users\admin\Desktop\c0804ba6eae469c2753e0ef23bb0d0ba953702be8426aa209eac5d6b89d7f886\Thông tin chủ đề cần trao đổi xin kính gửi đến Tiến sĩ\Thong tin chu de can trao doi phien dich voi Tien si Tran Dieu Chan_Mong nhan duoc phan hoi som de nhat de hoan thien.exe:Zone.Identifier | — | |
MD5:— | SHA256:— | |||
276 | explorer.exe | C:\Users\admin\Desktop\Thong tin chu de can trao doi phien dich voi Tien si Tran Dieu Chan_Mong nhan duoc phan hoi som de nhat de hoan thien.exe\:Zone.Identifier:$DATA | — | |
MD5:— | SHA256:— | |||
3416 | WinRAR.exe | C:\Users\admin\Desktop\c0804ba6eae469c2753e0ef23bb0d0ba953702be8426aa209eac5d6b89d7f886.rar | compressed | |
MD5:3061F320D47A6C985BD219F5AC14FF8A | SHA256:C0804BA6EAE469C2753E0EF23BB0D0BA953702BE8426AA209EAC5D6B89D7F886 | |||
3148 | WinRAR.exe | C:\Users\admin\Desktop\c0804ba6eae469c2753e0ef23bb0d0ba953702be8426aa209eac5d6b89d7f886\Thông tin chủ đề cần trao đổi xin kính gửi đến Tiến sĩ\Hình 1.jpg | image | |
MD5:A734A3B083C87AE3D461843A33D89520 | SHA256:24C14E6C5DBD8A559A73951401B315051E41A8F87AD973A161770FF051378B0C | |||
3148 | WinRAR.exe | C:\Users\admin\Desktop\c0804ba6eae469c2753e0ef23bb0d0ba953702be8426aa209eac5d6b89d7f886\Thông tin chủ đề cần trao đổi xin kính gửi đến Tiến sĩ\Hình 2.jpg | image | |
MD5:C8D0D549277C4077990B9BFAD08DC455 | SHA256:A6BF47FE3ECAA2EFDF053AFEC2E42AF86E6DED9777D18F7F9DBA83B2106783E1 | |||
3148 | WinRAR.exe | C:\Users\admin\Desktop\c0804ba6eae469c2753e0ef23bb0d0ba953702be8426aa209eac5d6b89d7f886\Thông tin chủ đề cần trao đổi xin kính gửi đến Tiến sĩ\wwlib.dll | executable | |
MD5:6875F307D95790CA25C1DA542EA736A8 | SHA256:6AE3C4ABC548ABB8EBA0C64D23700F73EF5867F2F0FE7D111B75A00606D7F755 | |||
276 | explorer.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1b4dd67f29cb1962.automaticDestinations-ms | automaticdestinations-ms | |
MD5:92EF85A16596B18A94CC34F5340B27B5 | SHA256:5993B6994C339534645BC05DAFD5F1412C813480469B4BAEF496C50793B30AC7 | |||
3148 | WinRAR.exe | C:\Users\admin\Desktop\c0804ba6eae469c2753e0ef23bb0d0ba953702be8426aa209eac5d6b89d7f886\Thông tin chủ đề cần trao đổi xin kính gửi đến Tiến sĩ\Hình 2.jpg:Zone.Identifier | text | |
MD5:CB9DB8B13F2E7D1AE122B5B6C2381B25 | SHA256:1409CC4125F7E08D09A731DA789DC35C09AFA8E716C00AD22D9F3F1B17A2CB33 | |||
3148 | WinRAR.exe | C:\Users\admin\Desktop\c0804ba6eae469c2753e0ef23bb0d0ba953702be8426aa209eac5d6b89d7f886\Thông tin chủ đề cần trao đổi xin kính gửi đến Tiến sĩ\Hình 1.jpg:Zone.Identifier | text | |
MD5:CB9DB8B13F2E7D1AE122B5B6C2381B25 | SHA256:1409CC4125F7E08D09A731DA789DC35C09AFA8E716C00AD22D9F3F1B17A2CB33 |