File name: | 5791987283197952.zip |
Full analysis: | https://app.any.run/tasks/5459cbe5-2934-4051-8dee-0885f372792d |
Verdict: | Malicious activity |
Analysis date: | September 10, 2019, 22:58:04 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 92841522C70624EB2E409629216DA9DF |
SHA1: | FF5584187CF1D6C22877129B20070E3273521FF9 |
SHA256: | 9C38A1A0D529AE7DD8C01C7D3AAFF9C97D9D205853A7F931B6FE9D10DC8E2BAF |
SSDEEP: | 384:eSEOYkllzu+t5SKG9TJADPv5xDkXFH+Np4ynea16ArPmYknuhd:eSEpCzuiY9xXFHqp4E16IMuH |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | ebe26ff9f3bbb24a98a0fb70eea4b6b18e5ab8f4081fa7887f72b493b573beea |
---|---|
ZipUncompressedSize: | 32768 |
ZipCompressedSize: | 17312 |
ZipCRC: | 0x00000000 |
ZipModifyDate: | 1980:00:00 00:00:00 |
ZipCompression: | Unknown (99) |
ZipBitFlag: | 0x0009 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2880 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\5791987283197952.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3364 | "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\Desktop\5791987283197952\ebe26ff9f3bbb24a98a0fb70eea4b6b18e5ab8f4081fa7887f72b493b573beea | C:\Windows\system32\rundll32.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3380 | "C:\Users\admin\Desktop\5791987283197952\ebe26ff9f3bbb24a98a0fb70eea4b6b18e5ab8f4081fa7887f72b493b573beea.exe" | C:\Users\admin\Desktop\5791987283197952\ebe26ff9f3bbb24a98a0fb70eea4b6b18e5ab8f4081fa7887f72b493b573beea.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Exit code: 8851 | ||||
2644 | "C:\Users\admin\AppData\Local\Temp\2F.tmp\b2e.exe" C:\Users\admin\AppData\Local\Temp\2F.tmp\b2e.exe C:\Users\admin\Desktop\5791987283197952 "C:\Users\admin\Desktop\5791987283197952\ebe26ff9f3bbb24a98a0fb70eea4b6b18e5ab8f4081fa7887f72b493b573beea.exe" | C:\Users\admin\AppData\Local\Temp\2F.tmp\b2e.exe | — | ebe26ff9f3bbb24a98a0fb70eea4b6b18e5ab8f4081fa7887f72b493b573beea.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
3836 | cmd /c ""C:\Users\admin\AppData\Local\Temp\EA.tmp\batfile.bat" " | C:\Windows\system32\cmd.exe | — | b2e.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2492 | cmd /c ""C:\Users\admin\AppData\Local\Temp\selfdel0.bat" " | C:\Windows\system32\cmd.exe | — | b2e.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3820 | "C:\Users\admin\Desktop\5791987283197952\ebe26ff9f3bbb24a98a0fb70eea4b6b18e5ab8f4081fa7887f72b493b573beea.exe" | C:\Users\admin\Desktop\5791987283197952\ebe26ff9f3bbb24a98a0fb70eea4b6b18e5ab8f4081fa7887f72b493b573beea.exe | explorer.exe | |
User: admin Integrity Level: HIGH Exit code: 8851 | ||||
2532 | "C:\Users\admin\AppData\Local\Temp\5B7E.tmp\b2e.exe" C:\Users\admin\AppData\Local\Temp\5B7E.tmp\b2e.exe C:\Users\admin\Desktop\5791987283197952 "C:\Users\admin\Desktop\5791987283197952\ebe26ff9f3bbb24a98a0fb70eea4b6b18e5ab8f4081fa7887f72b493b573beea.exe" | C:\Users\admin\AppData\Local\Temp\5B7E.tmp\b2e.exe | — | ebe26ff9f3bbb24a98a0fb70eea4b6b18e5ab8f4081fa7887f72b493b573beea.exe |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
1456 | cmd /c ""C:\Users\admin\AppData\Local\Temp\5C1A.tmp\batfile.bat" " | C:\Windows\system32\cmd.exe | — | b2e.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
356 | cmd /c ""C:\Users\admin\AppData\Local\Temp\selfdel0.bat" " | C:\Windows\system32\cmd.exe | — | b2e.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
(PID) Process: | (2880) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (2880) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (2880) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (2880) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop\5791987283197952.zip | |||
(PID) Process: | (2880) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (2880) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (2880) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (2880) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (2880) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop\5791987283197952 | |||
(PID) Process: | (2880) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface |
Operation: | write | Name: | ShowPassword |
Value: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2644 | b2e.exe | C:\Users\admin\AppData\Local\Temp\selfdel0.bat | — | |
MD5:— | SHA256:— | |||
2644 | b2e.exe | C:\Users\admin\AppData\Local\Temp\EA.tmp\batfile.bat | text | |
MD5:752C4F4852843AA528E5576D9A3A7449 | SHA256:6F84BFBFA5CB42CC1333D13414493C303F1E816ADC9888E553B46CD0EED9895D | |||
2532 | b2e.exe | C:\Users\admin\AppData\Local\Temp\5C1A.tmp\batfile.bat | text | |
MD5:752C4F4852843AA528E5576D9A3A7449 | SHA256:6F84BFBFA5CB42CC1333D13414493C303F1E816ADC9888E553B46CD0EED9895D | |||
3380 | ebe26ff9f3bbb24a98a0fb70eea4b6b18e5ab8f4081fa7887f72b493b573beea.exe | C:\Users\admin\AppData\Local\Temp\2F.tmp\b2e.exe | executable | |
MD5:9E695749B855B6161976D8076399B309 | SHA256:31E2A8F9155FC9A6BDB3EB31632D54601C6F3F41FC158418458F486CBDD9AB9E | |||
2532 | b2e.exe | C:\Users\admin\AppData\Local\Temp\selfdel0.bat | text | |
MD5:E92F809CEC9A4B2B9BBC35A763E61673 | SHA256:3AE6EABE0AA6732F93AD23886B5BA33300BE4F8C50355B56EB166EB65E5C57A3 | |||
3820 | ebe26ff9f3bbb24a98a0fb70eea4b6b18e5ab8f4081fa7887f72b493b573beea.exe | C:\Users\admin\AppData\Local\Temp\5B7E.tmp\b2e.exe | executable | |
MD5:9E695749B855B6161976D8076399B309 | SHA256:31E2A8F9155FC9A6BDB3EB31632D54601C6F3F41FC158418458F486CBDD9AB9E | |||
2880 | WinRAR.exe | C:\Users\admin\Desktop\5791987283197952\ebe26ff9f3bbb24a98a0fb70eea4b6b18e5ab8f4081fa7887f72b493b573beea | executable | |
MD5:0431CCD4B676E65133279ED5DC951601 | SHA256:EBE26FF9F3BBB24A98A0FB70EEA4B6B18E5AB8F4081FA7887F72B493B573BEEA |