File name: | b51a1_Scan2457632.gz |
Full analysis: | https://app.any.run/tasks/fdbcff53-65cd-48de-96ac-410850cd67e2 |
Verdict: | Malicious activity |
Analysis date: | March 31, 2020, 10:43:13 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | B51A1E837A6F06E886D1B2CDC1502E59 |
SHA1: | C6BDEF77BA40CD87ACCBBD053DDF50224C7150B2 |
SHA256: | B38099EF28D9C052813FBC403340FB1428D90428BDE89403CE41E0153A497AA7 |
SSDEEP: | 6144:JGisGxO0138MUjqTlAmiIO3z8qJuQC3U6/l7muQgyVdUmI01vOYcXy:fs0hGMUAi98qEQs9mxg8Z2YH |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3512 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\b51a1_Scan2457632.gz.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
1348 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3512.24401\Scan2457632.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3512.24401\Scan2457632.exe | — | WinRAR.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
3776 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3512.24401\Scan2457632.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3512.24401\Scan2457632.exe | Scan2457632.exe | |
User: admin Integrity Level: MEDIUM | ||||
956 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3512.24401\Scan2457632.exe" 2 3776 10914343 | C:\Users\admin\AppData\Local\Temp\Rar$EXa3512.24401\Scan2457632.exe | — | Scan2457632.exe |
User: admin Integrity Level: MEDIUM Exit code: 4294967295 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3512 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3512.24401\Scan2457632.exe | executable | |
MD5:37AFF34561D3663C04E104C4BA116BA7 | SHA256:98489349A1120F5719CA1EC3D9E10C4F35EDFC75944D15F050017C8C3FE2520E |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3776 | Scan2457632.exe | 77.88.21.158:587 | smtp.yandex.com | YANDEX LLC | RU | whitelisted |
Domain | IP | Reputation |
---|---|---|
smtp.yandex.com |
| shared |
PID | Process | Class | Message |
---|---|---|---|
3776 | Scan2457632.exe | Generic Protocol Command Decode | SURICATA Applayer Detect protocol only one direction |