File name: | Coco_Z.rar |
Full analysis: | https://app.any.run/tasks/aa425cb7-5076-457a-a034-b096868bfcd3 |
Verdict: | Malicious activity |
Analysis date: | July 13, 2020, 06:02:40 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32 |
MD5: | 75BAD7CFAD8351A50814F85EE1FF5C89 |
SHA1: | 19B078F0B92C03D23C7A333C4864E096D5726F18 |
SHA256: | 907AA542FB87581AD730E74AA75FD4605E4B425A2A9186C12E2C1A2225C90AB2 |
SSDEEP: | 196608:pRYJ3aiHJsjXXhVN9IaKPpF6yr7SIZB2IFBYs8hrvDN:pRYJ3ai2jBVT1SF5XSIn2I7ah9 |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
CompressedSize: | 93017 |
---|---|
UncompressedSize: | 330752 |
OperatingSystem: | Win32 |
ModifyDate: | 2020:06:28 10:37:22 |
PackingMethod: | Normal |
ArchivedFileName: | Bunifu_UI_v1.5.3.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2436 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Coco_Z.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3464 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2668 | "C:\Users\admin\Desktop\Coco Z\Coco Z.exe" | C:\Users\admin\Desktop\Coco Z\Coco Z.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Description: Coco Z (1st Generation) Exit code: 3221226540 Version: 1.0.0.0 | ||||
3264 | "C:\Users\admin\Desktop\Coco Z\Coco Z.exe" | C:\Users\admin\Desktop\Coco Z\Coco Z.exe | explorer.exe | |
User: admin Integrity Level: HIGH Description: Coco Z (1st Generation) Version: 1.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2436 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2436.3147\ace\ext-emmet.js | text | |
MD5:3C62005FAC68141FC279C1527F826015 | SHA256:A4EAFFA35FF2EC7157885FD555A08A187F777A185E42A4697E79DD610184AAF9 | |||
2436 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2436.3147\VisualStudioTabControl.dll | executable | |
MD5:77D273BDA0F14E2B20B5FDF4DA74D720 | SHA256:A3BFE807AFB619B886D8F10C43A96CA5AF2A36C0AA54BC46E77DE4EEDE27DC1A | |||
2436 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2436.3147\Coco Z.exe | executable | |
MD5:2C801A799F6928EDBF51DA43A524755B | SHA256:1C13DBD4B4F7BB9124B228AAAC528DB25C703FD90C04C0EF8B3B4BD9F453F7E5 | |||
2436 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2436.3147\ace\ext-prompt.js | text | |
MD5:CECC01470B7976001DA09DB61071140E | SHA256:C431C6977DB4DB4DC38164B58A757B91E6E19D16950F7DB6E20A1E1096E50F2F | |||
2436 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2436.3147\Coco.dll | executable | |
MD5:34B04AC8C9AE825BAA4B36FE9E2193D2 | SHA256:C5C180727F2FDB31E8E75519227E0C0FA2F3787E01F3B1CF6A65A9188F6C0A02 | |||
2436 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2436.3147\ace\ext-keybinding_menu.js | text | |
MD5:B7117D7002875D2596342661685667B8 | SHA256:547014D5037FF3697F716F8D4F977A3FA029C47D7B5E596D9232E85F77600862 | |||
2436 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2436.3147\ace\editor.html | html | |
MD5:859244809FD63439BE261A727E61A792 | SHA256:089E15ED2663A5A0E237EAEFAA5B7FBA9C204CC84DAE7A9F1EA869A229D06B17 | |||
2436 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2436.3147\ace\ext-options.js | text | |
MD5:8BE2ACB1704B3E42E9398C51F34C9C7E | SHA256:8DD0707FAD16212B98BEB02D960105C457B31255EF7BF09395ADA87FB9FEC51C | |||
2436 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2436.3147\ace\ace.js | text | |
MD5:A17EA4028CCE563F3972D6CE555FDCE6 | SHA256:0E82BF4C24525CF4AED5A3A7885B198FAAFF5908CE279E6EC1704C443B4BD1E1 | |||
2436 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2436.3147\ace\ext-modelist.js | text | |
MD5:6FD20E95846DEADE86D1162F678CBA98 | SHA256:81A9284AEA414802C190F2B50943992DAF149068C4C28BC8DD0519954712CC42 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3264 | Coco Z.exe | GET | 200 | 172.217.22.3:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
3264 | Coco Z.exe | GET | 200 | 172.217.22.3:80 | http://ocsp.pki.goog/gts1o1core/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDRWV%2BNyD7WkwIAAAAAbwew | US | der | 472 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3264 | Coco Z.exe | 172.217.22.3:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
3264 | Coco Z.exe | 162.159.129.233:443 | cdn.discordapp.com | Cloudflare Inc | — | shared |
3264 | Coco Z.exe | 104.28.13.51:443 | pastebinp.com | Cloudflare Inc | US | unknown |
3264 | Coco Z.exe | 216.58.206.10:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
pastebinp.com |
| unknown |
cdn.discordapp.com |
| shared |
fonts.googleapis.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |