File name: | stas_min.zip |
Full analysis: | https://app.any.run/tasks/3a44d9b3-e613-4741-801b-2ab8935d8854 |
Verdict: | Malicious activity |
Analysis date: | December 18, 2018, 07:35:56 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 573E3A714B9B777FD199035EF5A74A5B |
SHA1: | 136039B94B170446BF8C18F179D42AD65845925D |
SHA256: | 91EFB740412679033186A27DB5C15500A2D3AC1B762D67EF2674929FF0C68B6A |
SSDEEP: | 98304:/e5zlnNRIn7LLhvmzN4zEEs+coUZQu/1iAq:25pA7X5mdhnIAq |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | auth_basic.txt |
---|---|
ZipUncompressedSize: | 2857 |
ZipCompressedSize: | 1123 |
ZipCRC: | 0x247d0c65 |
ZipModifyDate: | 2016:06:07 09:27:12 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0008 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3044 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\stas_min.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
416 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2224 | "C:\Users\admin\Desktop\RouterScan.exe" | C:\Users\admin\Desktop\RouterScan.exe | explorer.exe | |
User: admin Company: Stas'M Corp. Integrity Level: MEDIUM Description: Router Scan by Stas'M Version: 2.5.7.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3044 | WinRAR.exe | C:\Users\admin\Desktop\auth_form.txt | text | |
MD5:33CE23EC32E3662A629228BBC3534890 | SHA256:04308384FA8DDA1A7E7DA295EABCC5D0F369F328BD2C12593E83EF8D0687BD0A | |||
3044 | WinRAR.exe | C:\Users\admin\Desktop\RouterScan.exe | executable | |
MD5:6DA764CEDBF85AC2FE1F3F691247DEE7 | SHA256:8986C40F051B11E314E8793204586941970ECFA03D862BF270FB8B43DDB784CF | |||
3044 | WinRAR.exe | C:\Users\admin\Desktop\librouter.dll | executable | |
MD5:165AA2EB3A47B47806595666B12E9BAD | SHA256:4A12369AC91649223B88959B1C2AA055AA3C3C8E88E04E7D5A8B6C1BD4F8B392 | |||
3044 | WinRAR.exe | C:\Users\admin\Desktop\config.ini | text | |
MD5:DEA9EF9425E6865A807B3B985D54DF7D | SHA256:BFCA8ACD34D4F4BB249292BD67AA0DB6A29385C0590C76CBF76616DBE88E5FAC | |||
3044 | WinRAR.exe | C:\Users\admin\Desktop\ports2.txt | text | |
MD5:268D4ECA166E6961F396505451443765 | SHA256:B8A87F6ABBC7A9C7B1082260366E16788A46B179C44F854184BCEA4D7B881F0D | |||
3044 | WinRAR.exe | C:\Users\admin\Desktop\auth_digest.txt | text | |
MD5:256571782FF748ECFEAD5827F2515E06 | SHA256:82AF1B39910CEBD3D500D9B764896F2D52F0CDBE4C36271EBEA300BDDB5C3D91 | |||
3044 | WinRAR.exe | C:\Users\admin\Desktop\ports.txt | text | |
MD5:8B20DBBA7561D24E3FB4E6C5BE21CD0B | SHA256:B6CDF57C266B19075470620F3FC336D2929C6B4DDA077487462B0DDD7CAC9F60 | |||
3044 | WinRAR.exe | C:\Users\admin\Desktop\auth_basic.txt | text | |
MD5:702AAC24D326BD8B5E1A6D1F53674023 | SHA256:0D90916E1077C1ACB8ED54B08EF813B8EAB2011A826E90EC7FA938D0A5CACA90 | |||
3044 | WinRAR.exe | C:\Users\admin\Desktop\ssleay32.dll | executable | |
MD5:C3692FC84603DB4331F508E157646318 | SHA256:D48936E817D62076D37A843A3B820E1BCCBEFF7E3D8FDED1FCD0508A9924029A | |||
3044 | WinRAR.exe | C:\Users\admin\Desktop\libeay32.dll | executable | |
MD5:A02D84E9339FE963F8409183093A2089 | SHA256:5648E3F5B667F301C9B040F9472D7CD04EF94AED94F3F6B4AFB218EAF6563EB0 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2224 | RouterScan.exe | POST | 200 | 134.0.119.34:80 | http://3wifi.stascorp.com/3wifi.php?a=apikeys | RU | text | 214 b | suspicious |
2224 | RouterScan.exe | GET | 200 | 134.0.119.34:80 | http://3wifi.stascorp.com/3wifi.php?a=hash&check=8uYuB7bHJED1hUbyAhQwhhMQuRuqI9RN | RU | text | 111 b | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2224 | RouterScan.exe | 134.0.119.34:80 | 3wifi.stascorp.com | Domain names registrar REG.RU, Ltd | RU | suspicious |
Domain | IP | Reputation |
---|---|---|
3wifi.stascorp.com |
| suspicious |