File name: | Xentry Advanced KeyGen.rar |
Full analysis: | https://app.any.run/tasks/25f1928f-241f-4ace-9a4e-0212206ccacf |
Verdict: | Malicious activity |
Analysis date: | May 20, 2022, 19:37:32 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | C61D566A4CBACBBE6BAF10E9B1EA5D53 |
SHA1: | C98235A0951D99A6F96D690F483CFDE3BED1CD53 |
SHA256: | 8EAAD27BA2859686ACB7D686A6C9DC8DC8ED9438D21ABB14DAF40C302F9AC408 |
SSDEEP: | 98304:+a4avra/Hso7or1dMg8MOeriSGGh6UYD7gR2CLvsVQF1eNo3:+aBCslrwgPOtGlYvgLwVAEU |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2972 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Xentry Advanced KeyGen.rar" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | ||||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 Modules
| |||||||||||||||
3624 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\system32\SearchProtocolHost.exe | — | SearchIndexer.exe | |||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211) Modules
| |||||||||||||||
2528 | "C:\Users\admin\Desktop\Xentry Advanced KeyGen\Xentry Advanced KeyGen.exe" | C:\Users\admin\Desktop\Xentry Advanced KeyGen\Xentry Advanced KeyGen.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Integrity Level: MEDIUM Exit code: 0 Version: 1.00 Modules
| |||||||||||||||
3996 | "c:\users\admin\desktop\xentry advanced keygen\xentry advanced keygen.exe " | c:\users\admin\desktop\xentry advanced keygen\xentry advanced keygen.exe | Xentry Advanced KeyGen.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Description: Exit code: 39981941 Version: 1.0.0.1 Modules
| |||||||||||||||
2832 | C:\Users\admin\AppData\Local\icsys.icn.exe | C:\Users\admin\AppData\Local\icsys.icn.exe | — | Xentry Advanced KeyGen.exe | |||||||||||
User: admin Company: Microsoft Integrity Level: MEDIUM Exit code: 0 Version: 1.00 Modules
| |||||||||||||||
1584 | "C:\Users\admin\Desktop\Xentry Advanced KeyGen\Xentry Advanced KeyGen.exe" | C:\Users\admin\Desktop\Xentry Advanced KeyGen\Xentry Advanced KeyGen.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Integrity Level: MEDIUM Exit code: 0 Version: 1.00 Modules
| |||||||||||||||
2148 | "c:\users\admin\desktop\xentry advanced keygen\xentry advanced keygen.exe " | c:\users\admin\desktop\xentry advanced keygen\xentry advanced keygen.exe | Xentry Advanced KeyGen.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Description: Exit code: 42926773 Version: 1.0.0.1 Modules
| |||||||||||||||
3208 | C:\Users\admin\AppData\Local\icsys.icn.exe | C:\Users\admin\AppData\Local\icsys.icn.exe | — | Xentry Advanced KeyGen.exe | |||||||||||
User: admin Company: Microsoft Integrity Level: MEDIUM Exit code: 0 Version: 1.00 Modules
| |||||||||||||||
2876 | "C:\Users\admin\Desktop\Xentry Advanced KeyGen\Xentry Advanced KeyGen.exe" | C:\Users\admin\Desktop\Xentry Advanced KeyGen\Xentry Advanced KeyGen.exe | Explorer.EXE | ||||||||||||
User: admin Company: Microsoft Integrity Level: MEDIUM Exit code: 0 Version: 1.00 Modules
| |||||||||||||||
2996 | "c:\users\admin\desktop\xentry advanced keygen\xentry advanced keygen.exe " | c:\users\admin\desktop\xentry advanced keygen\xentry advanced keygen.exe | Xentry Advanced KeyGen.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Description: Exit code: 42992306 Version: 1.0.0.1 Modules
|
(PID) Process: | (2972) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (2972) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (2972) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (2972) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
(PID) Process: | (2972) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
(PID) Process: | (2972) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\Xentry Advanced KeyGen.rar | |||
(PID) Process: | (2972) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (2972) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (2972) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (2972) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2876 | Xentry Advanced KeyGen.exe | C:\Users\admin\AppData\Local\icsys.icn.exe | executable | |
MD5:074F8C9F446D90F8248287117B17C66E | SHA256:36701EBEE504A3C49A6878FE144BA05CC9996C9AD44DC2160170F68EE8953BA5 | |||
2528 | Xentry Advanced KeyGen.exe | C:\Users\admin\AppData\Local\icsys.icn.exe | executable | |
MD5:074F8C9F446D90F8248287117B17C66E | SHA256:36701EBEE504A3C49A6878FE144BA05CC9996C9AD44DC2160170F68EE8953BA5 | |||
3208 | icsys.icn.exe | C:\Users\admin\AppData\Local\Temp\~DF6783D57E3A79215A.TMP | binary | |
MD5:BDBEF14423BD589FD278B522421A8026 | SHA256:0B43CF58FDAE60D557D40F6F78AE875F46AFA0A3D5786EA1E4B674D2DD825C27 | |||
2972 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2972.11875\Xentry Advanced KeyGen\Xentry Advanced KeyGen.exe | executable | |
MD5:24B9C89F57090500A36A0199EC12815B | SHA256:5D3770FC7E168F7FD4B158B29E606DA166EBF9C9AC1133BB820CBF89BFC729D7 | |||
2528 | Xentry Advanced KeyGen.exe | C:\Users\admin\AppData\Local\Temp\~DFCB39B2728482FB32.TMP | binary | |
MD5:FAE5BBD0A9219AF94A9DD49762C36D8D | SHA256:099608A2BE329C900CE031D89730BCDF26F21FE24A1BB6ECEA82BCE259DC2AF0 | |||
2876 | Xentry Advanced KeyGen.exe | C:\Users\admin\AppData\Local\Temp\~DFB84948F8F6E9BB1B.TMP | binary | |
MD5:D5CD5B6F6B33B5BD40B010BB7625656A | SHA256:0CE4103C5DAEEA2B6C66F8AEFF7979205AA10337D978834B48AACE8113A874EC | |||
1376 | Xentry Advanced KeyGen.exe | C:\Users\admin\AppData\Local\icsys.icn.exe | executable | |
MD5:074F8C9F446D90F8248287117B17C66E | SHA256:36701EBEE504A3C49A6878FE144BA05CC9996C9AD44DC2160170F68EE8953BA5 | |||
2888 | icsys.icn.exe | C:\Users\admin\AppData\Local\Temp\~DFEBE9FC70502EC1E7.TMP | binary | |
MD5:87D79E332C3A12F8C6F32B14B9C31D09 | SHA256:1C2EC5016EB0608DE847EA2FD5A98FE6A7AA68CB537677773BD8B0E971AC9E98 | |||
2972 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2972.11875\Xentry Advanced KeyGen\PYG.dll | executable | |
MD5:1366BCCABED2306F4069A2AB2F1FA06A | SHA256:995A0D6D905E0E8F22622E2521FA330E1F87196013FCFF97468AE9EB66049663 | |||
2528 | Xentry Advanced KeyGen.exe | C:\users\admin\desktop\xentry advanced keygen\xentry advanced keygen.exe | executable | |
MD5:67A9A7A52A1AA91056F1C70837A91691 | SHA256:11156ADEFC4D9962BBA447BD4DABE76EBB6747F4174D6A4872822F4A95B0BA6D |
Process | Message |
---|---|
xentry advanced keygen.exe | [NSDLL]version.dll Has Auto Inject ... |
xentry advanced keygen.exe | [NSDLL]version.dll Has Auto Inject ... |
xentry advanced keygen.exe | [NSDLL]version.dll Has Auto Inject ... |
xentry advanced keygen.exe | [NSDLL]version.dll Has Auto Inject ... |