File name: | Reziztz.rar |
Full analysis: | https://app.any.run/tasks/42f5846b-bb13-42ec-a768-c307f14f2fb9 |
Verdict: | Malicious activity |
Analysis date: | August 08, 2020, 15:05:45 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 2637DEEF589971B4612EC3C51DEE60C4 |
SHA1: | 760A4B7B169376A7430AC4E5931D193C52285DC2 |
SHA256: | ACC5C4FB8952C367C6E04435818E09E563943CE1A9EB4CA57609B14ED100210E |
SSDEEP: | 6144:mMBLRv0bk2Y0CsHtvgiiIryt2/8NkAoX/JtKZ:bLRvILYfs2H7N1s/Jc |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1700 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Reziztz.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2480 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa1700.1446\Reziztz\Reziztz\Reziztz.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa1700.1446\Reziztz\Reziztz\Reziztz.exe | — | WinRAR.exe |
User: admin Integrity Level: MEDIUM Description: Reziztz Exit code: 3221226540 Version: 1.0.0.0 | ||||
3952 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa1700.1446\Reziztz\Reziztz\Reziztz.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa1700.1446\Reziztz\Reziztz\Reziztz.exe | WinRAR.exe | |
User: admin Integrity Level: HIGH Description: Reziztz Exit code: 0 Version: 1.0.0.0 | ||||
3088 | "C:\Program Files\Internet Explorer\iexplore.exe" https://discord.gg/mebV4ew | C:\Program Files\Internet Explorer\iexplore.exe | Reziztz.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3352 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3088 CREDAT:275457 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3352 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Cab823.tmp | — | |
MD5:— | SHA256:— | |||
3352 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Tar824.tmp | — | |
MD5:— | SHA256:— | |||
1700 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa1700.1446\Reziztz\READ ME!.bat | text | |
MD5:274497767D5B83BC1C49F6ACFDAF26E8 | SHA256:FEA5CC7198D5C490D2575A546A4E4E055D2CCF58AF64E1D5BEE5D1C257D91FCF | |||
1700 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa1700.1446\Reziztz\Invis_name.txt | text | |
MD5:0A1D9B6847AF0F2370B5F9F7040FA265 | SHA256:C2895770D49BCB0AC1A9CE6EAABA2BE9E1BA3D7207E916880163485C682A7037 | |||
3352 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_979AB563CEB98F2581C14ED89B8957D4 | der | |
MD5:689A3D86D85BFC8D6E624EDD115374A2 | SHA256:23350DA55EF98583F37C260EB221681AE372D23AE7FB01201DD4163BDE514BFF | |||
1700 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa1700.1446\Reziztz\invis_text.txt | text | |
MD5:F53E90D4FD13F2515CFFEE3AB9A59C1C | SHA256:04AE61A41969C3E9297FE177DC2021E20F05E25E21657944FAB13E0A4AE1CB8B | |||
3352 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6AF4EE75E3A4ABA658C0087EB9A0BB5B_A71343B9E0448D72FD8C4A424ADA33C2 | binary | |
MD5:A2170520F62E139596952E1BD3D2BCD1 | SHA256:2490FC179504865502A8BEB14DFCEE328A03EC0778B5EE45907CB284DE39EA7E | |||
1700 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa1700.1446\Reziztz\Reziztz\Reziztz.pdb | pdb | |
MD5:80477606678D1201306670A7BD23E1D0 | SHA256:D2C00C801F1D9C6DC50377DA0924D91F37909DD234ABBAF57915E66B0D40577F | |||
3352 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_979AB563CEB98F2581C14ED89B8957D4 | binary | |
MD5:1E01458AE163922469FB75CF59CA129D | SHA256:F32B922092DBA3DB8260E794CD04A0C963CDCF24DBEBFF78145A18207E6F9A45 | |||
3352 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\MADQWLO1.txt | text | |
MD5:A7FD3F61E588C58AC3901AEDE4EDDAF6 | SHA256:37F8E0F391B60E98DC48E2A4ED385C1617BEC72D674F5F285B482AD0A8D2142A |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3352 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEBblhnjgcJQ5S9%2FbTvymO98%3D | US | der | 471 b | whitelisted |
3352 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrJdiQ%2Ficg9B19asFe73bPYs%2BreAQUdXGnGUgZvJ2d6kFH35TESHeZ03kCEFslzmkHxCZVZtM5DJmpVK0%3D | US | der | 314 b | whitelisted |
3352 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTOpjOEf6LG1z52jqAxwDlTxoaOCgQUQAlhZ%2FC8g3FP3hIILG%2FU1Ct2PZYCEDsJGKKiFxWJllawuNqPxXw%3D | US | der | 279 b | whitelisted |
3352 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrJdiQ%2Ficg9B19asFe73bPYs%2BreAQUdXGnGUgZvJ2d6kFH35TESHeZ03kCEFslzmkHxCZVZtM5DJmpVK0%3D | US | der | 314 b | whitelisted |
3352 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEBblhnjgcJQ5S9%2FbTvymO98%3D | US | der | 471 b | whitelisted |
3352 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca4.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTOpjOEf6LG1z52jqAxwDlTxoaOCgQUQAlhZ%2FC8g3FP3hIILG%2FU1Ct2PZYCEDsJGKKiFxWJllawuNqPxXw%3D | US | der | 279 b | whitelisted |
3352 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca4.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTOpjOEf6LG1z52jqAxwDlTxoaOCgQUQAlhZ%2FC8g3FP3hIILG%2FU1Ct2PZYCEQCML6NXQdejdBJDG5j4aa9U | US | der | 279 b | whitelisted |
3352 | iexplore.exe | GET | 200 | 151.139.128.14:80 | http://ocsp.comodoca4.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBTOpjOEf6LG1z52jqAxwDlTxoaOCgQUQAlhZ%2FC8g3FP3hIILG%2FU1Ct2PZYCEQCML6NXQdejdBJDG5j4aa9U | US | der | 279 b | whitelisted |
3088 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3352 | iexplore.exe | 151.139.128.14:80 | ocsp.comodoca.com | Highwinds Network Group, Inc. | US | suspicious |
3352 | iexplore.exe | 162.159.135.232:443 | discord.com | Cloudflare Inc | — | malicious |
3352 | iexplore.exe | 162.159.133.234:443 | discord.gg | Cloudflare Inc | — | shared |
Domain | IP | Reputation |
---|---|---|
discord.gg |
| whitelisted |
ocsp.comodoca.com |
| whitelisted |
ocsp.comodoca4.com |
| whitelisted |
discord.com |
| whitelisted |
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |