File name: | netcrypt.zip |
Full analysis: | https://app.any.run/tasks/27f492e1-3772-4dc5-bbd5-e26fc96e090e |
Verdict: | Malicious activity |
Analysis date: | August 12, 2022, 19:11:39 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 7AF58423CC466C0D43C597769A783864 |
SHA1: | 0267B735E7859AD70708A815B75A21062967311C |
SHA256: | B39CEE398C414014C806D73F27882BF179038B8EDD21863DE08EC83A8288D63F |
SSDEEP: | 3072:doCIpozTGAFnv8mavFQmnuPD/KxfhB+laYDzdI1Zru/L2J3R:doC0Dma+7KdLSSKL8h |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | Deflated |
ZipModifyDate: | 2013:11:05 10:58:18 |
ZipCRC: | 0xf4d2b21b |
ZipCompressedSize: | 4340 |
ZipUncompressedSize: | 10240 |
ZipFileName: | netcrypt.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2520 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\netcrypt.zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.91.0 | ||||
2888 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\system32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211) | ||||
1436 | "C:\Users\admin\Desktop\SimplePacker.exe" | C:\Users\admin\Desktop\SimplePacker.exe | — | Explorer.EXE |
User: admin Company: @friedkiwi Integrity Level: MEDIUM Description: SimplePacker Version: 1.1.0.0 | ||||
3068 | "C:\Users\admin\Desktop\sample_output\input.exe" | C:\Users\admin\Desktop\sample_output\input.exe | — | Explorer.EXE |
User: admin Company: Microsoft Integrity Level: MEDIUM Description: HelloWorld Exit code: 0 Version: 1.0.0.0 | ||||
352 | "C:\Users\admin\Desktop\sample_output\output.exe" | C:\Users\admin\Desktop\sample_output\output.exe | — | Explorer.EXE |
User: admin Integrity Level: MEDIUM Description: Exit code: 0 Version: 0.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2520 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2520.16309\netcrypt.dll | executable | |
MD5:61CF4C53C8FFC85B72BF7C1AC59B4708 | SHA256:426E2DFB4BD502D8400E54B1C0879096F28CE6AD25196535F90B9719598FF2E9 | |||
2520 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2520.16309\sample_output\input.exe | executable | |
MD5:C7676E43AC86F02F5500C64FCC4479AC | SHA256:FA5329CFDE04A626F33C78B63CDBB46D4D46604C9E7A16F529DCF31D81571CDB | |||
2520 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2520.16309\SimplePacker.exe | executable | |
MD5:388C6C08F78A89BBE224228757A7BFA8 | SHA256:4A91548C6C3B584B30A4CA51E6C46982EF1A41220C588F57BB59AADDCBD3911C | |||
2520 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2520.16309\sample_output\output.exe | executable | |
MD5:B8606EB6403B50C8266A758D9885A0A7 | SHA256:C51F94FEAF051EC9913E4B4EE912FB773DCBDCF0B81042C43FE17442C3A0519A |