File name: | SRV-FILES_2022-06-27_13_35_33.zip |
Full analysis: | https://app.any.run/tasks/3c45b462-43ba-4c2f-871a-e4c306c0c014 |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 11:38:05 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v4.5 to extract |
MD5: | FA2EFE89A690F0C315F719B115CBBFF1 |
SHA1: | 48BE61D3E92B0972E06C1DB9BCE02EDADC9973AE |
SHA256: | 8BFEA6D0159065ED6072A8BF9269FC472E201199A4677F4605EB3C953B415EDA |
SSDEEP: | 24576:gwACERRZe+mB5tnbFBmUEcVb1RCdmIQZVrMAcOE8nJsm4B4FP:gwAUpRFnVb1R4mIQZVIR8nJsUR |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | 0x0801 |
ZipCompression: | Deflated |
ZipModifyDate: | 1980:00:00 00:00:00 |
ZipCRC: | 0x40b879e4 |
ZipCompressedSize: | 1166142 |
ZipUncompressedSize: | 1724416 |
ZipFileName: | Device/HarddiskVolume3/Commun/Ressources Humaines/Intra/DADS/dads 2008/DADSU-CTL-V08R08/DADSU-CTL-V08R08.exe |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2460 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\SRV-FILES_2022-06-27_13_35_33.zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
3868 | "C:\Users\admin\Desktop\Device\HarddiskVolume3\Commun\Ressources Humaines\Intra\DADS\dads 2008\DADSU-CTL-V08R08\DADSU-CTL-V08R08.exe" | C:\Users\admin\Desktop\Device\HarddiskVolume3\Commun\Ressources Humaines\Intra\DADS\dads 2008\DADSU-CTL-V08R08\DADSU-CTL-V08R08.exe | — | Explorer.EXE |
User: admin Integrity Level: MEDIUM Description: CTL_FORME_DADSU_V08R08 Exit code: 3221225781 Version: 2.2.1 |
(PID) Process: | (2460) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (2460) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (2460) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (2460) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
(PID) Process: | (2460) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
(PID) Process: | (2460) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\SRV-FILES_2022-06-27_13_35_33.zip | |||
(PID) Process: | (2460) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (2460) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (2460) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (2460) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2460 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb2460.5667\Device\HarddiskVolume3\Commun\Ressources Humaines\Intra\DADS\dads 2008\DADSU-CTL-V08R08\DADSU-CTL-V08R08.exe | executable | |
MD5:B4F4DCAF83888D39DB12AF0510EDD03A | SHA256:E4A646B04208C8B91D940332AA3D0961AE555BDB70725A0302774EFA48FE0B8A |