File name: | CVE-2020-0796-POC.zip |
Full analysis: | https://app.any.run/tasks/3da77243-6eb1-4814-b686-fe3a7bef07c0 |
Verdict: | Malicious activity |
Analysis date: | March 31, 2020, 08:46:43 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | B919BC31E56F584E11BC6620C912B0BD |
SHA1: | 503F87E3BD9B0F875182CEFD7AAA40910F81443F |
SHA256: | 95FD7245B23299876812A9C0EDC495BB77289A5455500250DA8C62D186D7925D |
SSDEEP: | 12288:IYUCdfXnDnI8abM9k72pb0Aa6YUPHEChk+glkGF1:IY7975uM9kJAaOkcqdP |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | CVE-2020-0796-POC.exe |
---|---|
ZipUncompressedSize: | 185344 |
ZipCompressedSize: | 72474 |
ZipCRC: | 0x1b38dfb7 |
ZipModifyDate: | 2020:03:16 01:05:14 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3328 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\CVE-2020-0796-POC.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3548 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
3180 | "C:\Users\admin\Desktop\CVE-2020-0796-POC.exe" | C:\Users\admin\Desktop\CVE-2020-0796-POC.exe | explorer.exe | |
User: admin Company: Microsoft Integrity Level: MEDIUM Description: Exit code: 3762504530 Version: 3.20.1.0 | ||||
2488 | "C:\Users\admin\Desktop\CVE-2020-0796-POC.exe" | C:\Users\admin\Desktop\CVE-2020-0796-POC.exe | explorer.exe | |
User: admin Company: Microsoft Integrity Level: MEDIUM Description: Exit code: 3762504530 Version: 3.20.1.0 |
(PID) Process: | (3328) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (3328) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (3328) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (3328) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\CVE-2020-0796-POC.zip | |||
(PID) Process: | (3328) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (3328) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (3328) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (3328) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3328 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3328.26062\CVE-2020-0796-POC.exe | — | |
MD5:— | SHA256:— | |||
3328 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3328.26062\Microsoft.Protocols.TestTools.StackSdk.Asn1Base.dll | — | |
MD5:— | SHA256:— | |||
3328 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3328.26062\Microsoft.Protocols.TestTools.StackSdk.Compression.Xpress.dll | — | |
MD5:— | SHA256:— | |||
3328 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3328.26062\Microsoft.Protocols.TestTools.StackSdk.dll | — | |
MD5:— | SHA256:— | |||
3328 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3328.26062\Microsoft.Protocols.TestTools.StackSdk.FileAccessService.dll | — | |
MD5:— | SHA256:— | |||
3328 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3328.26062\Microsoft.Protocols.TestTools.StackSdk.Messages.dll | — | |
MD5:— | SHA256:— | |||
3328 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3328.26062\Microsoft.Protocols.TestTools.StackSdk.Security.CryptoLib.dll | — | |
MD5:— | SHA256:— | |||
3328 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3328.26062\Microsoft.Protocols.TestTools.StackSdk.Security.Nlmp.dll | — | |
MD5:— | SHA256:— | |||
3328 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3328.26062\Microsoft.Protocols.TestTools.StackSdk.Security.Sspi.dll | — | |
MD5:— | SHA256:— | |||
3328 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3328.26062\Microsoft.Protocols.TestTools.StackSdk.Transport.dll | — | |
MD5:— | SHA256:— |