File name: | Disney+ Checker.rar |
Full analysis: | https://app.any.run/tasks/3f6478fa-39e1-4e7d-9c12-f23b4fa7bf5c |
Verdict: | Malicious activity |
Analysis date: | October 04, 2022, 21:00:58 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 8EFD1FD6A9B033B4E2A3644AD37A05FA |
SHA1: | 5E6102591CE62AC661EDBE83B4CB040717C7958B |
SHA256: | B2E872A0A96F500DB4F51DA9034C6ED8260A31490036EB5A8726DE9CCC599537 |
SSDEEP: | 12288:ZfNGkIodGwOle5QF+QAqs1jbn4M3BLO155irZnDfI/UhWtueXSl9ubtzh8Rno:fGnognlQQFFPs1j7fxLOb5uhWt7zhf |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1284 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Disney+ Checker.rar" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.91.0 | ||||
1024 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\system32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211) | ||||
2324 | "C:\Users\admin\Desktop\Disney+ Checker.exe" | C:\Users\admin\Desktop\Disney+ Checker.exe | — | Explorer.EXE |
User: admin Integrity Level: MEDIUM Description: Checker Template Version: 1.0.0.0 |
(PID) Process: | (1284) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (1284) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (1284) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (1284) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
(PID) Process: | (1284) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
(PID) Process: | (1284) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\Disney+ Checker.rar | |||
(PID) Process: | (1284) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (1284) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (1284) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (1284) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1284 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1284.42790\Disney+ Checker.exe | executable | |
MD5:A932AF08E53D32D2E8D9BDB06F9BC008 | SHA256:81C207BD9AC49769CD620E704ECE0F1F42BE691E0C6C2C5BF931ED08B395C872 | |||
1284 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1284.42790\System.Threading.Tasks.Extensions.dll | executable | |
MD5:E1E9D7D46E5CD9525C5927DC98D9ECC7 | SHA256:4F81FFD0DC7204DB75AFC35EA4291769B07C440592F28894260EEA76626A23C6 | |||
1284 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1284.42790\Newtonsoft.Json.dll | executable | |
MD5:081D9558BBB7ADCE142DA153B2D5577A | SHA256:B624949DF8B0E3A6153FDFB730A7C6F4990B6592EE0D922E1788433D276610F3 | |||
1284 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1284.42790\Leaf.xNet.dll | executable | |
MD5:EA87F37E78FB9AF4BF805F6E958F68F4 | SHA256:DE9AEA105F31F3541CBC5C460B0160D0689A2872D80748CA1456E6E223F0A4AA | |||
1284 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1284.42790\System.Linq.Async.dll | executable | |
MD5:242679CD4B3E50804BA3F1B86067347F | SHA256:C4DEFB87BBFC27DAE51C09A89E461D56DD62588923E6F9A1FC6572CD2891E2B6 | |||
1284 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1284.42790\System.Runtime.CompilerServices.Unsafe.dll | executable | |
MD5:DA04A75DDC22118ED24E0B53E474805A | SHA256:66409F670315AFE8610F17A4D3A1EE52D72B6A46C544CEC97544E8385F90AD74 | |||
1284 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1284.42790\System.ValueTuple.dll | executable | |
MD5:23EE4302E85013A1EB4324C414D561D5 | SHA256:E905D102585B22C6DF04F219AF5CBDBFA7BC165979E9788B62DF6DCC165E10F4 | |||
1284 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1284.42790\Colorful.Console.dll | executable | |
MD5:9F6CE7FF934FB2E786CED3516705EFAD | SHA256:59A3696950AC3525E31CDD26727DABD9FECD2E1BDC1C47C370D4B04420592436 | |||
1284 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1284.42790\Microsoft.Bcl.AsyncInterfaces.dll | executable | |
MD5:3DB37C6837C8044CF56D062E9EA28639 | SHA256:931163E57A151CE3252C726BB5FEBFD741999EED4D041381F14667212BEB8116 |