File name: | 22.rar |
Full analysis: | https://app.any.run/tasks/5bef95c1-98fc-4519-829b-e9f8328ed8a3 |
Verdict: | Malicious activity |
Analysis date: | April 15, 2019, 08:47:55 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | C0C5C92E1C0D63A8ABF542C19E7C37AA |
SHA1: | 1BB1FAEEB2B644B29A6006050DE8DE1DA55F64C4 |
SHA256: | A87E0BA5E57B4E27066163BA71A2721827ED696C9BD1222BE31E9985A62517CC |
SSDEEP: | 98304:toXC0mmdnuO+GA5AFUvKAhxK+kL9fmAWzOYaS1N:OXCu9ieUfVkL9fmA7YJH |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3284 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\22.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3892 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
3204 | "C:\Users\admin\Desktop\PasswordsPro.v.3.1.0.0\PasswordsPro.exe" | C:\Users\admin\Desktop\PasswordsPro.v.3.1.0.0\PasswordsPro.exe | explorer.exe | |
User: admin Company: InsidePro Software Integrity Level: HIGH Description: PasswordsPro Version: 3.1.0.0 |
(PID) Process: | (3284) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (3284) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (3284) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (3284) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\22.rar | |||
(PID) Process: | (3284) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (3284) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (3284) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (3284) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (3892) SearchProtocolHost.exe | Key: | HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (3892) SearchProtocolHost.exe | Key: | HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\62\52C64B7E |
Operation: | write | Name: | @C:\Windows\system32\notepad.exe,-469 |
Value: Text Document |
PID | Process | Filename | Type | |
---|---|---|---|---|
3284 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3284.10795\PasswordsPro.v.3.1.0.0\Descript.ion | text | |
MD5:E523C623E9ABAAF6589612C8DD2F4DF5 | SHA256:BD52EB40638A955C16FA3EA885DD7A1D230BF920F7C1E69E247953F6D6325D71 | |||
3284 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3284.10795\PasswordsPro.v.3.1.0.0\Modules\API\ReadMe.chm | chi | |
MD5:407314B124789A33F94B64320F12B011 | SHA256:EE5B6619F37EEE0415D0E42053010A40685FEFBA473DDAB154B938BA4A666F81 | |||
3284 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3284.10795\PasswordsPro.v.3.1.0.0\Modules\CRC-32.dll | executable | |
MD5:6E78D89B4BDE0F3A58A16A9E172F8728 | SHA256:5E3647C60C8F3F6500459180625834F21EEFF0A74AFABE4B65B9DFE19B36B268 | |||
3284 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3284.10795\PasswordsPro.v.3.1.0.0\Modules\Blowfish(Eggdrop).dll | executable | |
MD5:D1C3F0C0302F9436B57A2A98350F6894 | SHA256:A8F54639D1B53193D4F4A8D757A79E0E3C47F1A44E532745E0F02FCCA22A584E | |||
3284 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3284.10795\PasswordsPro.v.3.1.0.0\Modules\CRC-16.dll | executable | |
MD5:F0695117BF582F50CD22FFCB426BC707 | SHA256:76F35E796775428AF2DD47FA5E6C628FCA30F8DF30B46A88910F4B8919366120 | |||
3284 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3284.10795\PasswordsPro.v.3.1.0.0\mfc71.dll | executable | |
MD5:659F1EF3AB991F099ABC6A6EB8E9F891 | SHA256:98BE54795AB0BCEF0D7C1D199CEB1A397F357CB742C1059CDB22C64896F271ED | |||
3284 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3284.10795\PasswordsPro.v.3.1.0.0\Modules\Blowfish(OpenBSD).dll | executable | |
MD5:C2816F228355345B705F76772BB7E76B | SHA256:9616636D486EAB665FDE6A8AF3E0D5EF98B226082914A2B819531D4A71FBCD9C | |||
3284 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3284.10795\PasswordsPro.v.3.1.0.0\InterfaceHistory.txt | text | |
MD5:5A510B8EB3944DC1CBFDA53FD52BC36A | SHA256:EE56AA9BD1E6C2DDB43D0973A2CF2A28925DDFD235800C06C181984E9A2C64F2 | |||
3284 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3284.10795\PasswordsPro.v.3.1.0.0\Modules\CRC-16-CCITT.dll | executable | |
MD5:24766D1092A14674DA9B4DBBCF26F918 | SHA256:BB9EBDB25D69C3E9AD127450089510E74C80D5F659D41DA196A921321F3F8A9F | |||
3284 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3284.10795\PasswordsPro.v.3.1.0.0\Modules\Adler-32.dll | executable | |
MD5:D4572FD4A4992D27E88D0B882990A15D | SHA256:265EF9D9DD17B7C45A65C50A61C3BEB951E7A04FBB8A9174F6A8707D46C14B85 |