File name: | KRNLWRD.rar |
Full analysis: | https://app.any.run/tasks/8b19ca68-4fad-446b-993c-7570e2369c58 |
Verdict: | Malicious activity |
Analysis date: | November 29, 2020, 20:58:13 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 49115182E3BF2F393B8A4701E0F8B282 |
SHA1: | 80497BF9CF7BDEF09BB37254D3F66B656A217EBB |
SHA256: | 911B0A7A9DC23DD67069EB5AD1931967B3C676A5DFD60ED2B241A73759CFFB5D |
SSDEEP: | 196608:OYrQxWjTK092F9okBeR5e4xPkHRowREe3HJX0AX32wRi4/U7G0Wjvp9jVkVsbv6x:OYrQxWju0YjokBea4xPcR1T3GymiiU0Z |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2804 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\KRNLWRD.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3668 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2804.36038\KRNLWRD\krnl.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2804.36038\KRNLWRD\krnl.exe | — | WinRAR.exe |
User: admin Integrity Level: MEDIUM Description: krnlss Exit code: 3221226540 Version: 1.0.0.0 | ||||
656 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2804.36038\KRNLWRD\krnl.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2804.36038\KRNLWRD\krnl.exe | WinRAR.exe | |
User: admin Integrity Level: HIGH Description: krnlss Exit code: 1 Version: 1.0.0.0 | ||||
2476 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2804.38668\KRNLWRD\krnl.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2804.38668\KRNLWRD\krnl.exe | — | WinRAR.exe |
User: admin Integrity Level: MEDIUM Description: krnlss Exit code: 3221226540 Version: 1.0.0.0 | ||||
2800 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2804.38668\KRNLWRD\krnl.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2804.38668\KRNLWRD\krnl.exe | WinRAR.exe | |
User: admin Integrity Level: HIGH Description: krnlss Exit code: 1 Version: 1.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2804 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2804.36038\KRNLWRD\Indicium-Supra.dll | executable | |
MD5:A2B0D88EB999664799E5263C055B90DA | SHA256:CB9F94AC4F4E2BB1576B7178FDD68035067F5836996CB2ADEF2CAB4E7F192CBC | |||
2804 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2804.38668\KRNLWRD\Indicium-Supra.dll | executable | |
MD5:A2B0D88EB999664799E5263C055B90DA | SHA256:CB9F94AC4F4E2BB1576B7178FDD68035067F5836996CB2ADEF2CAB4E7F192CBC | |||
2804 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2804.36038\KRNLWRD\krnl.dll | executable | |
MD5:B00B14D56A6CAF1304136C72F2867B9F | SHA256:5B4DAAC49CFC5380882979DFD985137E1D8C7146B9D6FC3B34C8057FE4C394A6 | |||
2804 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2804.36038\KRNLWRD\Bunifu_UI_v1.5.3.dll | executable | |
MD5:2ECB51AB00C5F340380ECF849291DBCF | SHA256:F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF | |||
2804 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2804.36038\KRNLWRD\krnl.exe | executable | |
MD5:6B227D7255696FA1873148316D5D58F9 | SHA256:FEB7669B2D21C3158805A30BAD366334F9599DE86FC63B502EE8A4294260C9CA | |||
2804 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2804.38668\KRNLWRD\krnl.exe | executable | |
MD5:6B227D7255696FA1873148316D5D58F9 | SHA256:FEB7669B2D21C3158805A30BAD366334F9599DE86FC63B502EE8A4294260C9CA | |||
2804 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2804.38668\KRNLWRD\krnl.dll | executable | |
MD5:B00B14D56A6CAF1304136C72F2867B9F | SHA256:5B4DAAC49CFC5380882979DFD985137E1D8C7146B9D6FC3B34C8057FE4C394A6 | |||
2804 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2804.38668\KRNLWRD\Bunifu_UI_v1.5.3.dll | executable | |
MD5:2ECB51AB00C5F340380ECF849291DBCF | SHA256:F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF | |||
2804 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2804.36038\KRNLWRD\ScintillaNET.dll | executable | |
MD5:9166536C31F4E725E6BEFE85E2889A4B | SHA256:AD0CC5A4D4A6AAE06EE360339C851892B74B8A275CE89C1B48185672179F3163 | |||
2804 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2804.38668\KRNLWRD\ScintillaNET.dll | executable | |
MD5:9166536C31F4E725E6BEFE85E2889A4B | SHA256:AD0CC5A4D4A6AAE06EE360339C851892B74B8A275CE89C1B48185672179F3163 |