File name: | 31aee6c1c0d6c249ea2a0a603af877abcd11f41338b2a50b1c80c42eef1faad1.zip |
Full analysis: | https://app.any.run/tasks/33c9b20f-22e7-484d-a4ef-12f719f5e4c5 |
Verdict: | Malicious activity |
Analysis date: | April 15, 2019, 14:23:48 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 5824D9BCA207846326BAA081A8B11330 |
SHA1: | AC68CDFC9AFBF7AF815170DFA0A4812D89B65B9A |
SHA256: | 9A9A0D9E06C410FBB11982DAAF1B51295E93C879EDEB35058FFF3B485F363C5C |
SSDEEP: | 24:ATLvQCXFe/ff1OJEzU3+Mu+blC21LrnXDhmJ8U7pQJPrmdQBTVLuOwwmuQTZhlt:ALvQ7/UJ8U3yH2hYJxOPadMTZpUZzt |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | 31aee6c1c0d6c249ea2a0a603af877abcd11f41338b2a50b1c80c42eef1faad1.bin |
---|---|
ZipUncompressedSize: | 3584 |
ZipCompressedSize: | 1206 |
ZipCRC: | 0x0e81caa9 |
ZipModifyDate: | 2019:04:15 14:23:11 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0001 |
ZipRequiredVersion: | 788 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2432 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\31aee6c1c0d6c249ea2a0a603af877abcd11f41338b2a50b1c80c42eef1faad1.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3216 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2044 | C:\Windows\Explorer.EXE | C:\Windows\explorer.exe | — | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
848 | C:\Windows\system32\svchost.exe -k netsvcs | C:\Windows\System32\svchost.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Host Process for Windows Services Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3564 | consent.exe 848 624 01C51B18 | C:\Windows\system32\consent.exe | — | svchost.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Consent UI for administrative applications Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1448 | "C:\Windows\system32\cmd.exe" | C:\Windows\system32\cmd.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 3221225786 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1040 | "C:\Windows\System32\cmd.exe" | C:\Windows\System32\cmd.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2148 | rundll32.exe 31aee6c1c0d6c249ea2a0a603af877abcd11f41338b2a50b1c80c42eef1faad1.exe | C:\Windows\system32\rundll32.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2432 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb2432.26211\31aee6c1c0d6c249ea2a0a603af877abcd11f41338b2a50b1c80c42eef1faad1.bin | — | |
MD5:— | SHA256:— | |||
848 | svchost.exe | C:\Windows\SoftwareDistribution\DataStore\DataStore.edb | — | |
MD5:— | SHA256:— | |||
848 | svchost.exe | C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb | — | |
MD5:— | SHA256:— | |||
2044 | explorer.exe | C:\Users\admin\Desktop\31aee6c1c0d6c249ea2a0a603af877abcd11f41338b2a50b1c80c42eef1faad1.bin | executable | |
MD5:C52464E9DF8B3D08FC612A0F11FE53B2 | SHA256:31AEE6C1C0D6C249EA2A0A603AF877ABCD11F41338B2A50B1C80C42EEF1FAAD1 | |||
848 | svchost.exe | C:\Windows\appcompat\programs\RecentFileCache.bcf | txt | |
MD5:27BFFD90E081DEE316ABE45AFDD62629 | SHA256:AD9A31DB4A3C7D160B4770098DC531F65AC55B101BD5C987FC132A09BCE51C7F | |||
848 | svchost.exe | C:\Windows\SoftwareDistribution\DataStore\Logs\edb.chk | binary | |
MD5:D99510032CD9A6BED2309046F3665BF1 | SHA256:6A5336350C134297B53F83354E79C59E48153A8DE92029692A95DB40C4C22504 | |||
2044 | explorer.exe | C:\Users\admin\Desktop\31aee6c1c0d6c249ea2a0a603af877abcd11f41338b2a50b1c80c42eef1faad1.exe | executable | |
MD5:C52464E9DF8B3D08FC612A0F11FE53B2 | SHA256:31AEE6C1C0D6C249EA2A0A603AF877ABCD11F41338B2A50B1C80C42EEF1FAAD1 | |||
848 | svchost.exe | C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log | binary | |
MD5:B2697F6D394F95DE3DAF30B13DDF7F50 | SHA256:7FCEA90D9A5D413BE4FB3474B67D2A0DA40A8C6E785A6A4EDC96EE3A48E98BFF |