File name: | 1.rar |
Full analysis: | https://app.any.run/tasks/df22e793-9888-4f94-a67c-71aaeb807306 |
Verdict: | Malicious activity |
Analysis date: | July 11, 2019, 20:34:29 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | A1DC147712F228848BF6AECD3FEFA12A |
SHA1: | 7D76F4DFE3DFA4E6B71BE3105260B32F0E504740 |
SHA256: | ABB10A861AB09D6AF6E65833FFF839BFD9840917BA247BB819075BCBBBA3FE36 |
SSDEEP: | 12288:jAPP7Ac8cy04l0UJfRycpKHwFx9u5MPF1gEpUqLVgp3hNHXwfic0AW5M9P6hMzHW:G8xc4Vo0xQm91gEpUYG3KxMK6hIGO2 |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3692 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\1.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2452 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe8_ Global\UsGthrCtrlFltPipeMssGthrPipe8 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
3152 | "C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Desktop\Spotify\Checker Spotify.exe" "C:\Users\admin\Desktop\Spotify\Checker Spotify\" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
1468 | "C:\Users\admin\Desktop\Spotify\Checker Spotify\dllhost.exe" | C:\Users\admin\Desktop\Spotify\Checker Spotify\dllhost.exe | — | explorer.exe |
User: admin Company: NVIDIA_Services Integrity Level: MEDIUM Description: NVIDIA_Services Exit code: 0 Version: 91.325.103.414 | ||||
3728 | "C:\Windows\System32\eventvwr.exe" | C:\Windows\System32\eventvwr.exe | — | dllhost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Event Viewer Snapin Launcher Exit code: 3221226540 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1136 | "C:\Windows\System32\eventvwr.exe" | C:\Windows\System32\eventvwr.exe | dllhost.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Event Viewer Snapin Launcher Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3248 | "C:\Users\admin\Desktop\Spotify\Checker Spotify\dllhost.exe" | C:\Users\admin\Desktop\Spotify\Checker Spotify\dllhost.exe | eventvwr.exe | |
User: admin Company: NVIDIA_Services Integrity Level: HIGH Description: NVIDIA_Services Version: 91.325.103.414 | ||||
3060 | "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe | dllhost.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft .NET Assembly Registration Utility Version: 4.7.3062.0 built by: NET472REL1 | ||||
2320 | "C:\Windows\System32\cmd.exe" | C:\Windows\System32\cmd.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3064 | netstat -nb | C:\Windows\system32\NETSTAT.EXE | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: TCP/IP Netstat Command Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3152 | WinRAR.exe | C:\Users\admin\Desktop\Spotify\Checker Spotify\Spotify.exe | executable | |
MD5:7ED186D960FC7C79E8B0D62B792075EF | SHA256:7AD78C09342BDE3ABB189A631B30620E9069C84CCF5E6E4E3AF1800E0DA28EB1 | |||
3248 | dllhost.exe | C:\Users\Public\Ouofodgrxb.vbs | text | |
MD5:6E8C71A1052615D5F5BD27542B9E537D | SHA256:65BECFF332D0D74FFDF628FC273C0258C0A59C6EFE1BA7F2E930F20B4BF7279F | |||
3248 | dllhost.exe | C:\Users\admin\AppData\Roaming\NVIDIA_Services\NVIDIA_Services.bat | executable | |
MD5:27302338E90C8320C86CBED71647D090 | SHA256:7533E9B64187512FC84A97C8CB05B5F127DDB322AAE483687077CE7022E0CDAC | |||
3692 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3692.29512\Spotify\Checker Spotify.exe | executable | |
MD5:E55FCF3024E84EC4B29AFB96E24D517B | SHA256:0BC685E269DDDEE0B1B89697D37048998CD9091A56AC4EBE9B38E290AD5224C8 | |||
3152 | WinRAR.exe | C:\Users\admin\Desktop\Spotify\Checker Spotify\dllhost.exe | executable | |
MD5:060B75CDD8231DF97F599CD79F4D332F | SHA256:0ECA28D1C7FFC7EDED9D09999B6BA937285164EA015B93AA9D7BA01A5F08B6DA | |||
3692 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3692.29512\Spotify\Colorful.Console.dll | executable | |
MD5:5F3D2CFBC21591B8FEEF1EFA3E59A4D0 | SHA256:F31D4FD7E729FC6CF4ECAB972B6B1EE897918A325B1CA572030966F831E768FB | |||
3692 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3692.29512\Spotify\Leaf.xNet.dll | executable | |
MD5:B5CB88DE9FE40B6645496F9543CE8E26 | SHA256:A91293829D0A4A0F2F34787FC1BA13B9D3AA4F640D0FCA652B24A88F464BC343 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3060 | RegAsm.exe | 193.161.193.99:31995 | tkmremi-31995.portmap.io | OOO Bitree Networks | RU | malicious |
3060 | RegAsm.exe | 104.20.208.21:443 | pastebin.com | Cloudflare Inc | US | shared |
— | — | 193.161.193.99:31995 | tkmremi-31995.portmap.io | OOO Bitree Networks | RU | malicious |
Domain | IP | Reputation |
---|---|---|
pastebin.com |
| shared |
tkmremi-31995.portmap.io |
| malicious |