File name: | B7EB8D1DB2B60E53F5F11F28B2763A4C029C9A1C597FCFB3E0CA6C2AD1259FE6.zip |
Full analysis: | https://app.any.run/tasks/1b87fb51-9577-4c10-81bc-c5bd60f9b5ed |
Verdict: | Malicious activity |
Analysis date: | December 02, 2019, 18:12:37 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | D5E5D2FC07843EB1CA60D24033C38B4E |
SHA1: | 8EEDCBD11AF48EAF8B7309FE6B9C10938B92FC2B |
SHA256: | 96CF81B7AA8ABCCD401CD4BE399DDDEC661664A06EBA9C605E0B1C85989A8FEB |
SSDEEP: | 1536:3os42MMzthLOHBh3x678x5ygKSHXTkL44KePZp2Y1a:J42MMfO3xfxQxt84KS3A |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | B7EB8D1DB2B60E53F5F11F28B2763A4C029C9A1C597FCFB3E0CA6C2AD1259FE6 |
---|---|
ZipUncompressedSize: | 135168 |
ZipCompressedSize: | 68082 |
ZipCRC: | 0x14ab3f60 |
ZipModifyDate: | 2019:12:02 18:09:04 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0009 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
4060 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\B7EB8D1DB2B60E53F5F11F28B2763A4C029C9A1C597FCFB3E0CA6C2AD1259FE6.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3124 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
352 | C:\Windows\Explorer.EXE | C:\Windows\explorer.exe | — | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
864 | C:\Windows\system32\svchost.exe -k netsvcs | C:\Windows\System32\svchost.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Host Process for Windows Services Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
4060 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb4060.41147\B7EB8D1DB2B60E53F5F11F28B2763A4C029C9A1C597FCFB3E0CA6C2AD1259FE6 | — | |
MD5:— | SHA256:— | |||
4060 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb4060.44000\B7EB8D1DB2B60E53F5F11F28B2763A4C029C9A1C597FCFB3E0CA6C2AD1259FE6 | — | |
MD5:— | SHA256:— | |||
864 | svchost.exe | C:\Windows\appcompat\programs\RecentFileCache.bcf | txt | |
MD5:74DC25C12CA59FB0F9AF8FC1CA3A1318 | SHA256:3FCC863F670408EA1D3D7A80421994FF39F92FBC25FF1586523ECB2B4DE05206 | |||
352 | explorer.exe | C:\Users\admin\Desktop\a (2).exe | executable | |
MD5:8736CB63AF9B99340643C57DEC52394E | SHA256:B7EB8D1DB2B60E53F5F11F28B2763A4C029C9A1C597FCFB3E0CA6C2AD1259FE6 | |||
352 | explorer.exe | C:\Users\admin\Desktop\B7EB8D1DB2B60E53F5F11F28B2763A4C029C9A1C597FCFB3E0CA6C2AD1259FE6 | executable | |
MD5:8736CB63AF9B99340643C57DEC52394E | SHA256:B7EB8D1DB2B60E53F5F11F28B2763A4C029C9A1C597FCFB3E0CA6C2AD1259FE6 | |||
352 | explorer.exe | C:\Users\admin\Desktop\a.exe | executable | |
MD5:8736CB63AF9B99340643C57DEC52394E | SHA256:B7EB8D1DB2B60E53F5F11F28B2763A4C029C9A1C597FCFB3E0CA6C2AD1259FE6 |