File name: | E3978DC6335A4DB076E973FF2DEE7A0FDA1B6803FC61842CCDEED90362200F09.zip |
Full analysis: | https://app.any.run/tasks/eac763db-b51e-4d17-a592-204f12c00a84 |
Verdict: | Malicious activity |
Analysis date: | August 17, 2019, 19:13:41 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | AFAD4C5C84EDB23BE762CB8C28365865 |
SHA1: | 3512CB391F6F65A672692ED4B10E166BFA11A447 |
SHA256: | 8DB420BEE885855F19816161E0CA9FF55F9D05AFB70EB43B757336D081B8A1E3 |
SSDEEP: | 6144:CfufPqy4FTd9PHCiznTGgFj18XOnzaC/cN3sSxaBF2PH2E5on52VmIt6yjnS6:SuKXh96yTGc18+nzA8SxLH1DVmmrS6 |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | E3978DC6335A4DB076E973FF2DEE7A0FDA1B6803FC61842CCDEED90362200F09 |
---|---|
ZipUncompressedSize: | 790528 |
ZipCompressedSize: | 380464 |
ZipCRC: | 0xae3cf67c |
ZipModifyDate: | 2019:08:17 18:54:22 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0009 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3400 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\E3978DC6335A4DB076E973FF2DEE7A0FDA1B6803FC61842CCDEED90362200F09.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
4048 | "C:\Users\admin\Desktop\E3978DC6335A4DB076E973FF2DEE7A0FDA1B6803FC61842CCDEED90362200F09.exe" | C:\Users\admin\Desktop\E3978DC6335A4DB076E973FF2DEE7A0FDA1B6803FC61842CCDEED90362200F09.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Description: hexedit_demo MFC Application Version: 1, 0, 0, 1 | ||||
2748 | "C:\Users\admin\Desktop\E3978DC6335A4DB076E973FF2DEE7A0FDA1B6803FC61842CCDEED90362200F09.exe" | C:\Users\admin\Desktop\E3978DC6335A4DB076E973FF2DEE7A0FDA1B6803FC61842CCDEED90362200F09.exe | explorer.exe | |
User: admin Integrity Level: HIGH Description: hexedit_demo MFC Application Version: 1, 0, 0, 1 | ||||
2484 | "C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y | C:\Windows\System32\net.exe | — | E3978DC6335A4DB076E973FF2DEE7A0FDA1B6803FC61842CCDEED90362200F09.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Net Command Exit code: 2 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3228 | "C:\Windows\System32\net.exe" stop "samss" /y | C:\Windows\System32\net.exe | — | E3978DC6335A4DB076E973FF2DEE7A0FDA1B6803FC61842CCDEED90362200F09.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Net Command Exit code: 2 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3276 | C:\Windows\system32\net1 stop "audioendpointbuilder" /y | C:\Windows\system32\net1.exe | — | net.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Net Command Exit code: 2 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2744 | C:\Windows\system32\net1 stop "samss" /y | C:\Windows\system32\net1.exe | — | net.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Net Command Exit code: 2 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3880 | "C:\Windows\System32\net.exe" stop "audioendpointbuilder" /y | C:\Windows\System32\net.exe | — | E3978DC6335A4DB076E973FF2DEE7A0FDA1B6803FC61842CCDEED90362200F09.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Net Command Exit code: 2 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3576 | C:\Windows\system32\net1 stop "audioendpointbuilder" /y | C:\Windows\system32\net1.exe | — | net.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Net Command Exit code: 2 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2508 | "C:\Windows\System32\net.exe" stop "samss" /y | C:\Windows\System32\net.exe | — | E3978DC6335A4DB076E973FF2DEE7A0FDA1B6803FC61842CCDEED90362200F09.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Net Command Exit code: 2 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3400 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3400.24376\E3978DC6335A4DB076E973FF2DEE7A0FDA1B6803FC61842CCDEED90362200F09 | — | |
MD5:— | SHA256:— | |||
4048 | E3978DC6335A4DB076E973FF2DEE7A0FDA1B6803FC61842CCDEED90362200F09.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Liesmich.htm | — | |
MD5:— | SHA256:— | |||
4048 | E3978DC6335A4DB076E973FF2DEE7A0FDA1B6803FC61842CCDEED90362200F09.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\AcroApp\CAT\Combine_R_RHP.aapp | — | |
MD5:— | SHA256:— | |||
4048 | E3978DC6335A4DB076E973FF2DEE7A0FDA1B6803FC61842CCDEED90362200F09.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Llegiu-me.htm | — | |
MD5:— | SHA256:— | |||
4048 | E3978DC6335A4DB076E973FF2DEE7A0FDA1B6803FC61842CCDEED90362200F09.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\AcroApp\CAT\Edit_R_RHP.aapp | — | |
MD5:— | SHA256:— | |||
4048 | E3978DC6335A4DB076E973FF2DEE7A0FDA1B6803FC61842CCDEED90362200F09.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\AcroApp\CAT\MoreTools.aapp | — | |
MD5:— | SHA256:— | |||
4048 | E3978DC6335A4DB076E973FF2DEE7A0FDA1B6803FC61842CCDEED90362200F09.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\AcroApp\CAT\Home.aapp | — | |
MD5:— | SHA256:— | |||
4048 | E3978DC6335A4DB076E973FF2DEE7A0FDA1B6803FC61842CCDEED90362200F09.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\AcroApp\CAT\Viewer.aapp | — | |
MD5:— | SHA256:— | |||
4048 | E3978DC6335A4DB076E973FF2DEE7A0FDA1B6803FC61842CCDEED90362200F09.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\AcroApp\CAT\Certificates_R.aapp | — | |
MD5:— | SHA256:— | |||
4048 | E3978DC6335A4DB076E973FF2DEE7A0FDA1B6803FC61842CCDEED90362200F09.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\AcroApp\CHS\Home.aapp | — | |
MD5:— | SHA256:— |