File name: | TelnetONU1.2.5b.zip |
Full analysis: | https://app.any.run/tasks/5ba5d1d6-5925-4d22-a69b-cb3d9d872da5 |
Verdict: | Malicious activity |
Analysis date: | May 04, 2021, 10:41:02 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | D0ED974448F23325CB531251F320BDFF |
SHA1: | 3B8AA5A279877F5135310D379685358CBBDDBD72 |
SHA256: | AFFBBE6AA6445BBF95E5D501A533A9BEDD3C231F879AF590D9FB6C8FB8A06EDD |
SSDEEP: | 12288:LuiVFrDQgl/6N6ydTGLVHuW9tlYyM8RrLMuUintRooKX6usf:LXv/ypUOW9smRrIlWhBJ |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | None |
ZipModifyDate: | 2021:04:28 10:34:14 |
ZipCRC: | 0x00000000 |
ZipCompressedSize: | - |
ZipUncompressedSize: | - |
ZipFileName: | TelnetONU1.2.5b/ |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
4088 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\TelnetONU1.2.5b.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
1596 | "C:\Users\admin\Desktop\TelnetONU1.2.5b\TelnetONU.exe" | C:\Users\admin\Desktop\TelnetONU1.2.5b\TelnetONU.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Description: TelnetONU Exit code: 3221226540 Version: 1,2,5 | ||||
2760 | "C:\Users\admin\Desktop\TelnetONU1.2.5b\TelnetONU.exe" | C:\Users\admin\Desktop\TelnetONU1.2.5b\TelnetONU.exe | explorer.exe | |
User: admin Integrity Level: HIGH Description: TelnetONU Exit code: 0 Version: 1,2,5 | ||||
1724 | cmd /c mkdir log | C:\Windows\system32\cmd.exe | — | TelnetONU.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2268 | cmd /c ping 192.168.1.1 -n 1 -l 128 | C:\Windows\system32\cmd.exe | — | TelnetONU.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3580 | ping 192.168.1.1 -n 1 -l 128 | C:\Windows\system32\PING.EXE | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: TCP/IP Ping Command Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2468 | cmd /c del userpass.txt | C:\Windows\system32\cmd.exe | — | TelnetONU.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3408 | "C:\Users\admin\Desktop\TelnetONU1.2.5b\getinfo.exe" | C:\Users\admin\Desktop\TelnetONU1.2.5b\getinfo.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Description: getinfo Microsoft 基础类应用程序 Exit code: 0 Version: 1, 0, 0, 1 | ||||
3164 | "C:\Users\admin\Desktop\TelnetONU1.2.5b\factorymode.exe" | C:\Users\admin\Desktop\TelnetONU1.2.5b\factorymode.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
1972 | "C:\Users\admin\Desktop\TelnetONU1.2.5b\decrypt.exe" | C:\Users\admin\Desktop\TelnetONU1.2.5b\decrypt.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Exit code: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2760 | TelnetONU.exe | C:\Users\admin\Desktop\TelnetONU1.2.5b\log\CmdLog-20210504114209.txt | text | |
MD5:7D8D0716F3C7C9726025BF6AD0D016FE | SHA256:4461681FD76BDD44C5C196495FA092CF6C0E62D36DD6CDB004BC6C3AF29EF5F9 | |||
3408 | getinfo.exe | C:\Users\admin\Desktop\TelnetONU1.2.5b\USER-PC.icr | binary | |
MD5:EED59AF6936C1CABF067BE2FEFFDF83E | SHA256:7DFCA7C33757BBAF7ECCBCAAB3FB4DBBBBA2ADEABBD45A82D9FEBF4728781597 | |||
4088 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\TelnetONU1.2.5b\TelnetONU1.2.5b\TelnetONU1.2.5b\date.dll | text | |
MD5:CE930843B8DB4E0E69C1952A9919D945 | SHA256:45CD2816B7F9CCEE5F9E4CD237ACE4912B476227876105D24FA91DD4FBD29C41 | |||
4088 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa4088.22739\TelnetONU1.2.5b\TelnetONU1.2.5b\TelnetONU--Usage Description of the ONU One-key Information Collection Tool R1.4.docx | compressed | |
MD5:2D75636822466BB21F8278ADD2838698 | SHA256:AE637C8F8A1DB743D4C1688606A328F22EBBF77ED51E7417BB3B4372F50BB528 | |||
4088 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa4088.22739\TelnetONU1.2.5b\TelnetONU1.2.5b\factorymode.exe | executable | |
MD5:D6544A7CD742A7BB37A7222E83FD9306 | SHA256:6D75E5AA07A666E88DD45BEF12CED490AC89CF07FC3D7E03DECA3118E685788C | |||
4088 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\TelnetONU1.2.5b\TelnetONU1.2.5b\TelnetONU1.2.5b\decrypt.exe | executable | |
MD5:252D0EEF5A1E7CEF6E789C488D1913E8 | SHA256:D9E46A77A566B511FB154327637DA91546086E34E02BA41C82B1F86C6746BEB6 | |||
4088 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\TelnetONU1.2.5b\TelnetONU1.2.5b\TelnetONU1.2.5b\TelnetONU.exe | executable | |
MD5:B3B5281E07028FE5C4B25DF40D21B098 | SHA256:C4C10F96465F1EAE85FF1F76AB76EAAAFB3B9C72E1839404DBEDF8605E303B75 | |||
4088 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\TelnetONU1.2.5b\TelnetONU1.2.5b\TelnetONU1.2.5b\Cmd_Onu.txt | text | |
MD5:1ADF01A5989482B9B4C7B5B1FAB42EFE | SHA256:9F16C34715995F2E89A79A5DC80450C7349A1543580EE2BC8B8715BA4353C87C | |||
2760 | TelnetONU.exe | C:\Users\admin\Desktop\TelnetONU1.2.5b\Cmd_Onu.txt | text | |
MD5:1ADF01A5989482B9B4C7B5B1FAB42EFE | SHA256:9F16C34715995F2E89A79A5DC80450C7349A1543580EE2BC8B8715BA4353C87C | |||
4088 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\TelnetONU1.2.5b\TelnetONU1.2.5b\TelnetONU1.2.5b\factorymode.exe | executable | |
MD5:D6544A7CD742A7BB37A7222E83FD9306 | SHA256:6D75E5AA07A666E88DD45BEF12CED490AC89CF07FC3D7E03DECA3118E685788C |