| File name: | Windows7Windows10.exe.7z |
| Full analysis: | https://app.any.run/tasks/50d119ca-fe72-49b2-ba24-894bb4cd30c9 |
| Verdict: | Malicious activity |
| Analysis date: | July 27, 2020, 18:37:21 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | application/x-7z-compressed |
| File info: | 7-zip archive data, version 0.3 |
| MD5: | F9D55D9E544E3E53163009A33D3CF667 |
| SHA1: | 7BCD733E5F9B431528A6C2329AB74F8D210CBBBE |
| SHA256: | 9690CF5DF0669EBF143FEE9C07B9480AE431C207C63668D710B5B0EA2898E3C9 |
| SSDEEP: | 49152:Om4M5vfdKQLMZcwnkq4ROrOl6mqKI+U/akeuoA/AdVAU3p7tlHFKy:Om4MyvZVnGOrosak3D/AdVAY7tllKy |
| .7z | | | 7-Zip compressed archive (gen) (100) |
|---|
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 128 | "C:\Program Files\HYC USB Display\WinUsbDisplay.exe" | C:\Program Files\HYC USB Display\WinUsbDisplay.exe | — | explorer.exe | |||||||||||
User: admin Company: MS Integrity Level: MEDIUM Description: Windows USB Display Exit code: 4294967295 Version: 1.0.0.0 Modules
| |||||||||||||||
| 684 | DrvInst.exe "4" "0" "C:\Users\admin\AppData\Local\Temp\{3c89bd73-e6ca-43fe-7303-3e4390637e7b}\MSUSBDisplay.inf" "0" "6bdd6f09b" "00000064" "WinSta0\Default" "00000304" "208" "C:\Program Files\HYC USB Display\lib_usb" | C:\Windows\system32\DrvInst.exe | svchost.exe | ||||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Driver Installation Module Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 1004 | "C:\Windows\explorer.exe" | C:\Windows\explorer.exe | — | explorer.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 1860 | "C:\Program Files\HYC USB Display\tool\x86\devcon.exe" dp_add "C:\Program Files\HYC USB Display\lib_usb\MSUSBDisplay.inf" USB\VID_534D&PID_6021&MI_03 | C:\Program Files\HYC USB Display\tool\x86\devcon.exe | Windows7Windows10.tmp | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Setup API Exit code: 0 Version: 10.0.10586.0 (th2_release.151029-1700) Modules
| |||||||||||||||
| 2128 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Windows7Windows10.exe.7z" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | ||||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 Modules
| |||||||||||||||
| 2296 | "C:\Users\admin\AppData\Local\Temp\_iu14D2N.tmp" /SECONDPHASE="C:\Program Files\HYC USB Display\unins000.exe" /FIRSTPHASEWND=$8015A | C:\Users\admin\AppData\Local\Temp\_iu14D2N.tmp | — | unins000.exe | |||||||||||
User: admin Integrity Level: HIGH Description: Setup Exit code: 1 Version: 1.0.0.0 Modules
| |||||||||||||||
| 2420 | "C:\Program Files\HYC USB Display\WinUsbDisplay.exe" | C:\Program Files\HYC USB Display\WinUsbDisplay.exe | — | explorer.exe | |||||||||||
User: admin Company: MS Integrity Level: MEDIUM Description: Windows USB Display Exit code: 0 Version: 1.0.0.0 Modules
| |||||||||||||||
| 2624 | "C:\Users\admin\AppData\Local\Temp\is-9MG7S.tmp\Windows7Windows10.tmp" /SL5="$5012C,2285776,806912,C:\Users\admin\Desktop\Windows7Windows10.exe" | C:\Users\admin\AppData\Local\Temp\is-9MG7S.tmp\Windows7Windows10.tmp | Windows7Windows10.exe | ||||||||||||
User: admin Integrity Level: HIGH Description: Setup Exit code: 0 Version: 1.0.0.0 Modules
| |||||||||||||||
| 2964 | rundll32.exe C:\Windows\system32\pnpui.dll,InstallSecurityPromptRunDllW 20 Global\{08345d9f-b757-7f3e-b515-f67d3e6f6c51} Global\{63521487-b9f8-7e6a-f5c5-d00f034a4938} C:\Windows\System32\DriverStore\Temp\{1164e075-d992-100c-e92b-6733cba0377f}\MSUSBDisplay.inf C:\Windows\System32\DriverStore\Temp\{1164e075-d992-100c-e92b-6733cba0377f}\MSUSBDisplay.cat | C:\Windows\system32\rundll32.exe | — | DrvInst.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 3180 | C:\Windows\system32\vssvc.exe | C:\Windows\system32\vssvc.exe | — | services.exe | |||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft® Volume Shadow Copy Service Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| (PID) Process: | (2128) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
| Operation: | write | Name: | ShellExtBMP |
Value: | |||
| (PID) Process: | (2128) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
| Operation: | write | Name: | ShellExtIcon |
Value: | |||
| (PID) Process: | (2128) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\132\52C64B7E |
| Operation: | write | Name: | LanguageList |
Value: en-US | |||
| (PID) Process: | (2128) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\Windows7Windows10.exe.7z | |||
| (PID) Process: | (2128) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | name |
Value: 120 | |||
| (PID) Process: | (2128) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | size |
Value: 80 | |||
| (PID) Process: | (2128) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | type |
Value: 120 | |||
| (PID) Process: | (2128) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | mtime |
Value: 100 | |||
| (PID) Process: | (2128) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath |
| Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop | |||
| (PID) Process: | (2128) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface |
| Operation: | write | Name: | ShowPassword |
Value: 0 | |||
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2624 | Windows7Windows10.tmp | C:\Program Files\HYC USB Display\is-63B6I.tmp | — | |
MD5:— | SHA256:— | |||
| 2624 | Windows7Windows10.tmp | C:\Program Files\HYC USB Display\is-I43V1.tmp | — | |
MD5:— | SHA256:— | |||
| 2624 | Windows7Windows10.tmp | C:\Program Files\HYC USB Display\is-BRRQJ.tmp | — | |
MD5:— | SHA256:— | |||
| 2624 | Windows7Windows10.tmp | C:\Program Files\HYC USB Display\is-HV7AL.tmp | — | |
MD5:— | SHA256:— | |||
| 2624 | Windows7Windows10.tmp | C:\Program Files\HYC USB Display\is-9TDQ5.tmp | — | |
MD5:— | SHA256:— | |||
| 2624 | Windows7Windows10.tmp | C:\Program Files\HYC USB Display\is-0UN40.tmp | — | |
MD5:— | SHA256:— | |||
| 2624 | Windows7Windows10.tmp | C:\Program Files\HYC USB Display\is-PSQ2G.tmp | — | |
MD5:— | SHA256:— | |||
| 2624 | Windows7Windows10.tmp | C:\Program Files\HYC USB Display\tool\arm64\is-8UMT7.tmp | — | |
MD5:— | SHA256:— | |||
| 2624 | Windows7Windows10.tmp | C:\Program Files\HYC USB Display\tool\x64\is-4BLE3.tmp | — | |
MD5:— | SHA256:— | |||
| 2624 | Windows7Windows10.tmp | C:\Program Files\HYC USB Display\tool\x64\is-BGTQK.tmp | — | |
MD5:— | SHA256:— | |||