File name: | 25301PMISTR.z |
Full analysis: | https://app.any.run/tasks/07e10951-c3ed-4161-9768-707aa1200b56 |
Verdict: | Malicious activity |
Analysis date: | March 14, 2019, 13:19:16 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-iso9660-image |
File info: | ISO 9660 CD-ROM filesystem data '25301PMISTR' |
MD5: | 1AE9308F9AA6E3E374BD7FDD37A2B320 |
SHA1: | 7E01B4A8D673D6E372B0525DD735F28D51DB0027 |
SHA256: | 8E25FC4C9D8F3FAD6B793E728CB1D96542B42D04F0BDBBAE6AB4E43D2611B428 |
SSDEEP: | 24576:v3EYw7Ql9J6b5LFR3yZP68x+qlyukc8cM2GUmH4hs8Fm1Kh9:c8c8xdXGsFCM9 |
.iso | | | ISO 9660 CD image (27.6) |
---|---|---|
.atn | | | Photoshop Action (27.1) |
.gmc | | | Game Music Creator Music (6.1) |
VolumeSize: | 920 kB |
---|
VolumeModifyDate: | 2019:03:12 02:01:55.00+03:00 |
---|---|
VolumeCreateDate: | 2019:03:12 02:01:55.00+03:00 |
Software: | PowerISO |
RootDirectoryCreateDate: | 2019:03:12 02:01:55+03:00 |
VolumeBlockSize: | 2048 |
VolumeBlockCount: | 460 |
VolumeName: | 25301PMISTR |
System: | Win32 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3064 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\25301PMISTR.z" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2592 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\Desktop\25301PMISTR.jse" | C:\Windows\System32\WScript.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
3608 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\Desktop\25301PMISTR.jse" | C:\Windows\System32\WScript.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
3384 | "C:\Users\admin\AppData\Local\Temp\rewjavaef.exe" | C:\Users\admin\AppData\Local\Temp\rewjavaef.exe | WScript.exe | |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
3932 | "C:\Windows\explorer.exe" | C:\Windows\explorer.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2284 | "C:\Users\admin\AppData\Roaming\svchost.exe\TASK.exe" | C:\Users\admin\AppData\Roaming\svchost.exe\TASK.exe | rewjavaef.exe | |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
792 | "C:\Users\admin\AppData\Roaming\svchost.exe\TASK.exe" | C:\Users\admin\AppData\Roaming\svchost.exe\TASK.exe | — | TASK.exe |
User: admin Integrity Level: MEDIUM | ||||
2460 | "C:\Users\admin\AppData\Roaming\svchost.exe\TASK.exe" 2 792 2265125 | C:\Users\admin\AppData\Roaming\svchost.exe\TASK.exe | — | TASK.exe |
User: admin Integrity Level: MEDIUM | ||||
3460 | "C:\Windows\system32\cmd.exe" | C:\Windows\system32\cmd.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1104 | C:\Users\admin\AppData\Roaming\svchost.exe\TASK.exe | C:\Users\admin\AppData\Roaming\svchost.exe\TASK.exe | — | cmd.exe |
User: admin Integrity Level: MEDIUM |
PID | Process | Filename | Type | |
---|---|---|---|---|
3064 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3064.12795\25301PMISTR.jse | — | |
MD5:— | SHA256:— | |||
3384 | rewjavaef.exe | C:\Users\admin\AppData\Roaming\svchost.exe\TASK.exe:ZoneIdentifier | — | |
MD5:— | SHA256:— | |||
2284 | TASK.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\svchost.exe.vbs | text | |
MD5:44E984D9B3FD569C48AB70332DC7CCA6 | SHA256:14A3545870537948435A6A065597E2DDED2B8D41AF35BE176A52A3EA52792B4C | |||
2592 | WScript.exe | C:\Users\admin\AppData\Local\Temp\rewjavaef.exe | executable | |
MD5:79F73819F3DA9968918B5FA257A40744 | SHA256:966BF2F4E72E7DD86E3951D8E78ED3950B83F0A5053E8A2E62016512042C9F35 | |||
3384 | rewjavaef.exe | C:\Users\admin\AppData\Roaming\svchost.exe\TASK.exe | executable | |
MD5:79F73819F3DA9968918B5FA257A40744 | SHA256:966BF2F4E72E7DD86E3951D8E78ED3950B83F0A5053E8A2E62016512042C9F35 |