File name: | Server attack.zip |
Full analysis: | https://app.any.run/tasks/30f07579-e888-4f63-85b6-f0c66a9f487e |
Verdict: | Malicious activity |
Analysis date: | July 11, 2019, 19:55:20 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 8E411DC4F7224DC875380575F57218B6 |
SHA1: | 39BDAF11DE0AF051A9F9ADEAAD804AA8F079836C |
SHA256: | A0C65DBD27B4478D806299F10014DCA8B457A8793BBBA2FE1E71CCFF1E50E325 |
SSDEEP: | 6144:e7IknjbYqRsdw8R/i+EbsI8HgNWRNGq+FdgJU3/j6pKrc8w:yINqRMw8U+EGgNWRN2Fdp6Ircf |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | None |
ZipModifyDate: | 2019:07:11 21:54:24 |
ZipCRC: | 0x00000000 |
ZipCompressedSize: | - |
ZipUncompressedSize: | - |
ZipFileName: | Server attack/ |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2904 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Server attack.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2856 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2904.45262\Server attack\Server Attack By- C-4.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2904.45262\Server attack\Server Attack By- C-4.exe | — | WinRAR.exe |
User: admin Company: Explicit - Freaks Integrity Level: MEDIUM Exit code: 0 Version: 1.00 | ||||
316 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2648 | "C:\Users\admin\Desktop\Server Attack By- C-4.exe" | C:\Users\admin\Desktop\Server Attack By- C-4.exe | — | explorer.exe |
User: admin Company: Explicit - Freaks Integrity Level: MEDIUM Exit code: 0 Version: 1.00 | ||||
3872 | "C:\Users\admin\Desktop\Server Attack By- C-4.exe" | C:\Users\admin\Desktop\Server Attack By- C-4.exe | — | explorer.exe |
User: admin Company: Explicit - Freaks Integrity Level: MEDIUM Exit code: 0 Version: 1.00 | ||||
2680 | "C:\Users\admin\Desktop\Server Attack By- C-4.exe" | C:\Users\admin\Desktop\Server Attack By- C-4.exe | — | explorer.exe |
User: admin Company: Explicit - Freaks Integrity Level: MEDIUM Exit code: 0 Version: 1.00 | ||||
1788 | "C:\Windows\explorer.exe" | C:\Windows\explorer.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3688 | "C:\Windows\System32\cmd.exe" | C:\Windows\System32\cmd.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3812 | regsvr32 mswinsck.ocx | C:\Windows\system32\regsvr32.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft(C) Register Server Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
(PID) Process: | (2904) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (2904) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (2904) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (2904) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\Server attack.zip | |||
(PID) Process: | (2904) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (2904) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (2904) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (2904) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (2904) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 | |||
(PID) Process: | (2904) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | AutoDetect |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2856 | Server Attack By- C-4.exe | C:\Users\admin\AppData\Local\Temp\~DF08BFCFADB37CD5C4.TMP | — | |
MD5:— | SHA256:— | |||
2904 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2904.45635\Server attack\mswinsck.ocx | — | |
MD5:— | SHA256:— | |||
2904 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2904.45635\Server attack\richtx32.ocx | — | |
MD5:— | SHA256:— | |||
2904 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2904.45635\Server attack\Server Attack By- C-4.exe | — | |
MD5:— | SHA256:— | |||
2648 | Server Attack By- C-4.exe | C:\Users\admin\AppData\Local\Temp\~DF3337FE3652914114.TMP | — | |
MD5:— | SHA256:— | |||
2680 | Server Attack By- C-4.exe | C:\Users\admin\AppData\Local\Temp\~DF90008144527932D2.TMP | — | |
MD5:— | SHA256:— | |||
3872 | Server Attack By- C-4.exe | C:\Users\admin\AppData\Local\Temp\~DF0F77C636831906D8.TMP | — | |
MD5:— | SHA256:— | |||
2904 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2904.45262\Server attack\Server Attack By- C-4.exe | executable | |
MD5:86F9033E934D795E3AFC8C4EA3CC1BEB | SHA256:59731B0FD7A5981DFA5241BAFEB7EC2B20581EE5E8D3A6A02E6BAFAD6C77C63F | |||
2904 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2904.45262\Server attack\mswinsck.ocx | executable | |
MD5:3B425DC5C3FC4DFEF9497AB3F26544D1 | SHA256:CAB5F72FB38C14E709BDAB58C4F3A1DB9569ECBE76F92A560F00E7A4A0ED1F72 | |||
2904 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2904.45262\Server attack\richtx32.ocx | executable | |
MD5:722435BA4D18F1704B43E823A12E489A | SHA256:7D59A8CC7A5C16B3B0E0E67C65CF98C45158909F95CA3A5C96B946FDEE42C095 |