File name: | MW.zip |
Full analysis: | https://app.any.run/tasks/dbe2bae7-b026-414f-bc15-39e8d69cdeff |
Verdict: | Malicious activity |
Analysis date: | March 14, 2019, 20:57:44 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | B62D33BE0CEB7E65267333941A19710F |
SHA1: | 292CC051FE0205CD00738E4D4EAA06AD4B33E89C |
SHA256: | B160A40F9B2EE0D821D1F3423EAE452A096EBE6D755CDBDB6E388CE323DAFB72 |
SSDEEP: | 12288:7yQo3SB2r/hlonASybLEsus8G+KetJlhiFD1cG:lkSYrWKIs8TuD17 |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | Deflated |
ZipModifyDate: | 2015:03:05 18:05:28 |
ZipCRC: | 0x998989ad |
ZipCompressedSize: | 55483 |
ZipUncompressedSize: | 55463 |
ZipFileName: | GoogleChrome.a3x |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2984 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\MW.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3092 | "C:\Users\admin\Desktop\GoogleChrome.exe" | C:\Users\admin\Desktop\GoogleChrome.exe | explorer.exe | |
User: admin Company: AutoIt Team Integrity Level: MEDIUM Description: AutoIt v3 Script Exit code: 0 Version: 3, 3, 8, 1 | ||||
2348 | "C:\GoogleChrome\GoogleChrome.exe" /AutoIt3ExecuteScript C:\GoogleChrome\GoogleChrome.a3x | C:\GoogleChrome\GoogleChrome.exe | GoogleChrome.exe | |
User: admin Company: AutoIt Team Integrity Level: MEDIUM Description: AutoIt v3 Script Version: 3, 3, 8, 1 | ||||
2688 | "C:\Windows\System32\cmd.exe" /c start C:\GoogleChrome/GoogleChrome.exe C:\GoogleChrome/GoogleChrome.a3x | C:\Windows\System32\cmd.exe | — | GoogleChrome.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2120 | C:\GoogleChrome/GoogleChrome.exe C:\GoogleChrome/GoogleChrome.a3x | C:\GoogleChrome\GoogleChrome.exe | cmd.exe | |
User: admin Company: AutoIt Team Integrity Level: MEDIUM Description: AutoIt v3 Script Exit code: 0 Version: 3, 3, 8, 1 | ||||
3180 | "C:\Windows\System32\netsh.exe" firewall add allowedprogram "C:\GoogleChrome\GoogleChrome.exe" "GoogleChrome.exe" ENABLE | C:\Windows\System32\netsh.exe | — | GoogleChrome.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Network Command Shell Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2332 | "C:\Windows\System32\netsh.exe" firewall add allowedprogram "C:\GoogleChrome\GoogleChrome.exe" "GoogleChrome.exe" ENABLE | C:\Windows\System32\netsh.exe | — | GoogleChrome.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Network Command Shell Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2984 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2984.9163\GoogleChrome.a3x | — | |
MD5:— | SHA256:— | |||
2984 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2984.9163\GoogleChrome.exe | — | |
MD5:— | SHA256:— | |||
3092 | GoogleChrome.exe | C:\GoogleChrome\iibelieve.rtf | text | |
MD5:BE02A4D6C89F3D068E9F9027F1653E09 | SHA256:30301C7F9BFCBF28071E3D40F2DA5EF1D7E80D65594ADF78C69A4D2B0FC33DC0 | |||
3092 | GoogleChrome.exe | C:\GoogleChrome\GoogleChrome.a3x | a3x | |
MD5:6B2D901299179D2B5DF81CB8C4EE35C9 | SHA256:9B42C396A67B56AABCA4CE9D9CD9839CF290C72F90E4B577E4318786221D0757 | |||
3092 | GoogleChrome.exe | C:\GoogleChrome\menbuilt.rtf | text | |
MD5:E30E9F2EFC771EEBAE5DC5AAC0CF2BCB | SHA256:44424CE8836384531EF827DC17FC0B6307271E3ECD6F48CE67F795B05D709A84 | |||
3092 | GoogleChrome.exe | C:\GoogleChrome\printercarolina.jpg | image | |
MD5:98199076C723975EFF1B337DE979FF97 | SHA256:95033BA877E83210F117F150BD278B4DD53C4FFD7FB2249D8B9FB71EDCF40ACF | |||
2348 | GoogleChrome.exe | C:\MozillaFirefox\GoogleChrome.a3x | a3x | |
MD5:6B2D901299179D2B5DF81CB8C4EE35C9 | SHA256:9B42C396A67B56AABCA4CE9D9CD9839CF290C72F90E4B577E4318786221D0757 | |||
2348 | GoogleChrome.exe | C:\GoogleChrome\GoogleUpdate.lnk | lnk | |
MD5:A07BCE00C3A4F3A825D7E3CDEFAB8FC6 | SHA256:448505D75118679BD24018BAEBF8CA1604F25BA0166152F2E406E9DD3603F99A | |||
3092 | GoogleChrome.exe | C:\GoogleChrome\commonterm.rtf | text | |
MD5:17E0BC60921A1F413D4681EC8FAB104A | SHA256:12AC05694F9B300B0BF9846206BD71CCB92491B8BCC3E0E4B5BEE1ECFEC11D83 | |||
2348 | GoogleChrome.exe | C:\MozillaFirefox\clearasia.png | image | |
MD5:3A116016CEDEA238837BAA9AB60DEACF | SHA256:D3748F60B140B9A7A6228E19C378530B880111163A6575EDDE4B4CEACD99D041 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2348 | GoogleChrome.exe | 195.22.4.21:1212 | dmad.info | Claranet Ltd | PT | suspicious |
Domain | IP | Reputation |
---|---|---|
dmad.info |
| malicious |