File name: | 6550370657959936.zip |
Full analysis: | https://app.any.run/tasks/97fae122-b03f-4ecf-ad10-fc1fbbf3a57f |
Verdict: | Malicious activity |
Analysis date: | August 13, 2019, 14:27:26 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | A3A14F4C4D97A85C7CB15FFCD9E35C35 |
SHA1: | C910CB15EDF1471064A4089267049E203E278A73 |
SHA256: | 9A6F8129C5029DE78F2917152B8C155C568EF71CE5E03EAE2EB2AF59DB0E1273 |
SSDEEP: | 24576:U0VngeyvrmVEql8q8pNhSz9uW1rHYIGWJp6bTADkCJSJjLhVFXi1/L/3NAHdnkB:UmgrvrH48p0D4GiXOSJjPFydL/NAHaB |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | 85c46d18fac662a90aad43d30d7b0dc6d4cad43e876a74e23c757be9dc0698d6 |
---|---|
ZipUncompressedSize: | 1401927 |
ZipCompressedSize: | 1363903 |
ZipCRC: | 0x00000000 |
ZipModifyDate: | 1980:00:00 00:00:00 |
ZipCompression: | Unknown (99) |
ZipBitFlag: | 0x0009 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2628 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\6550370657959936.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
872 | "C:\Users\admin\Desktop\test.exe" | C:\Users\admin\Desktop\test.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
3064 | explorer C:\Users\admin\Desktop\test | C:\Windows\explorer.exe | — | test.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2780 | C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding | C:\Windows\explorer.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3404 | "C:\Users\admin\Desktop\test.exe" | C:\Users\admin\Desktop\test.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
1916 | explorer C:\Users\admin\Desktop\test | C:\Windows\explorer.exe | — | test.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3160 | C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding | C:\Windows\explorer.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2628 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb2628.47204\85c46d18fac662a90aad43d30d7b0dc6d4cad43e876a74e23c757be9dc0698d6 | — | |
MD5:— | SHA256:— | |||
872 | test.exe | C:\Users\admin\AppData\Local\Temp\E_N4\dp1.fne | executable | |
MD5:7325D516148DE3F7A381392DED18679B | SHA256:5DE3D9F1CED99A35B290455DDC5888DCF593E2343EA88957B472D97B89605761 | |||
872 | test.exe | C:\Users\admin\AppData\Local\VirtualStore\Windows\System32\41D8CD\8CD98F00.TXT | binary | |
MD5:7F53732C46DC20BC9D97971C23CCF39D | SHA256:F927C9FECA93409CFA7AABB065DAC35211681ACD1327ABA4C10AEF4CFB12E734 | |||
872 | test.exe | C:\Users\admin\AppData\Local\Temp\E_N4\cnvpe.fne | executable | |
MD5:ADC8CB445A6CCA5A26D75A0883FF8F05 | SHA256:113D815268040B9D32E0E6A758C6EF3C7FFEF322F3735BB3DB758F49879F682E | |||
872 | test.exe | C:\Users\admin\AppData\Local\VirtualStore\Windows\System32\204E98\dp1.fne | executable | |
MD5:7325D516148DE3F7A381392DED18679B | SHA256:5DE3D9F1CED99A35B290455DDC5888DCF593E2343EA88957B472D97B89605761 | |||
872 | test.exe | C:\Users\admin\AppData\Local\Temp\E_N4\shell.fne | executable | |
MD5:312F8D195E13FCCC3123638640E51977 | SHA256:83E968F63EC0206969ECFD74CB099E6106657FE58FDA763AEBC688CE137D8FAD | |||
3404 | test.exe | C:\Users\admin\AppData\Local\Temp\E_N4\shell.fne | executable | |
MD5:312F8D195E13FCCC3123638640E51977 | SHA256:83E968F63EC0206969ECFD74CB099E6106657FE58FDA763AEBC688CE137D8FAD | |||
872 | test.exe | C:\Users\admin\AppData\Local\VirtualStore\Windows\System32\204E98\internet.fne | executable | |
MD5:299C26FB72A3D286CC24C4A9A9A4A693 | SHA256:2BE723179932D65ABCA06C85F74717A034308EC9ED413E63F86CD82D4415AD7E | |||
872 | test.exe | C:\Users\admin\AppData\Local\VirtualStore\Windows\System32\204E98\eAPI.fne | executable | |
MD5:30E195E7CBB4F7092CE413F375363750 | SHA256:FAD1F80F39C63D1983F195B3C231E965B71AE5FDBB0EAC39FC061323916E1139 | |||
872 | test.exe | C:\Users\admin\AppData\Local\Temp\E_N4\eAPI.fne | executable | |
MD5:30E195E7CBB4F7092CE413F375363750 | SHA256:FAD1F80F39C63D1983F195B3C231E965B71AE5FDBB0EAC39FC061323916E1139 |