download: | convert_lite.cab |
Full analysis: | https://app.any.run/tasks/53c86dbf-f9d8-4492-bd02-63140a1253e8 |
Verdict: | Malicious activity |
Analysis date: | May 24, 2019, 08:38:56 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/vnd.ms-cab-compressed |
File info: | Microsoft Cabinet archive data, 4746424 bytes, 41 files |
MD5: | 6665F15BF8841CAFFE4CF1C8349AE4FA |
SHA1: | E7C4FEB463148AAE7F8D0CF5582B99C08A9E5030 |
SHA256: | B52F48FFF0AE1B41BA2B2C5AC7E0C6851830B983AD48E1A9A0E296B6853869F1 |
SSDEEP: | 98304:wJuzOnftmiaF/CoyTj/0lR4+HNV4zFYxDJyE1rPcnwa5s6wN3gNDFo:wZftm3m/0jfTnDJyEFcl5nwgXo |
.cab | | | Microsoft Cabinet Archive (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3600 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\convert_lite.cab" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3556 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.16970\bin\7z.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.16970\bin\7z.exe | — | WinRAR.exe |
User: admin Company: Igor Pavlov Integrity Level: MEDIUM Description: 7-Zip Console Exit code: 0 Version: 18.05 | ||||
3016 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.17314\bin\aria2c.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.17314\bin\aria2c.exe | — | WinRAR.exe |
User: admin Integrity Level: MEDIUM Exit code: 1 | ||||
2236 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.17509\bin\dism.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.17509\bin\dism.exe | — | WinRAR.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Dism Image Servicing Utility Exit code: 740 Version: 10.0.17763.1 (WinBuild.160101.0800) | ||||
2292 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.18734\bin\imagex.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.18734\bin\imagex.exe | — | WinRAR.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Imaging Utility Exit code: 1 Version: 10.0.17763.1 (WinBuild.160101.0800) | ||||
3400 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.19219\bin\offlinereg.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.19219\bin\offlinereg.exe | — | WinRAR.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
300 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.19463\bin\oscdimg.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.19463\bin\oscdimg.exe | — | WinRAR.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft CD/DVD Premastering Utility Exit code: 1 Version: 2.56 | ||||
2168 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.19603\bin\pkgmgr.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.19603\bin\pkgmgr.exe | — | WinRAR.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Package Manager Exit code: 3221226540 Version: 10.0.17763.1 (WinBuild.160101.0800) | ||||
2680 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.19603\bin\pkgmgr.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.19603\bin\pkgmgr.exe | WinRAR.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Package Manager Exit code: 3221225781 Version: 10.0.17763.1 (WinBuild.160101.0800) | ||||
1260 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.20238\bin\wimlib-imagex.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.20238\bin\wimlib-imagex.exe | — | WinRAR.exe |
User: admin Integrity Level: MEDIUM Exit code: 2 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3600 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.16970\bin\bootwim.txt | text | |
MD5:55780EED8B17096C76A2E5C352E451EA | SHA256:39BE7DAC4984C8741237A3D217DF3C4073E7EEC626CFA60CFBBF922C9726E9B1 | |||
3600 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.16970\bin\convert-UUP.cmd | text | |
MD5:0F3A05A0825D9AC05B35CDAC36BE795B | SHA256:20C243B275FA1ABEC32594EC574A5487639C34E8E8682A583781C79C11467BDD | |||
3600 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.16970\bin\ffuprovider.dll | executable | |
MD5:8F364C9B3BB548EE7E438D58A132ACEC | SHA256:94D40AB41BABACA3B65CD9E4B2655E75340E389B728EF78DB4AD2F4532C48BAB | |||
3600 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.16970\bin\dismcoreps.dll | executable | |
MD5:8BDA6E3379AB78A80B78C89E47113A48 | SHA256:FF71A1E0C8553ED8D28F7B2FD25BF1035892737878D7C6928D39469238FF25C4 | |||
3600 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.16970\bin\imagex.exe | executable | |
MD5:183092F9DC251A1CE5C4ADF082AA1ACA | SHA256:59C105765B76E32DF7A6A32ED1FB31C404D2796E8C08AF8D845996767148D83A | |||
3600 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.16970\bin\dism.exe | executable | |
MD5:9178DE39027C783AA131CE0BE2267696 | SHA256:1191C2EDAF336ECB417D3E82C2EB54914E6CDE176F29F0CD5368231423B710A2 | |||
3600 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.16970\bin\imagingprovider.dll | executable | |
MD5:5546436817AFF09757FCAC7646682531 | SHA256:6E6DAEAF0DB5A41D0D3D6A9C6D7EDE669741D067FF35B0159C5F0B779B57DD4F | |||
3600 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.16970\bin\dism.Format.ps1xml | text | |
MD5:22E53D0E44212AFFE536AD0C658953CC | SHA256:0476E8C703EC695CC4CDBA62D795A546DB567ADA3C916AEFB7473937D1E6C256 | |||
3600 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.16970\bin\dism.psd1 | text | |
MD5:02EABFA2001FAC51C13285EC0C3899FB | SHA256:F90B6A9A5727E25D1C7D4DFBFF04E2EF420A8696EEA3CBDF85A29C6212C8FD54 | |||
3600 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3600.16970\bin\aria2c.exe | executable | |
MD5:3885ADC6619A8257C8B42DFA7349CE11 | SHA256:3EB8712B0DB6BA466F8AFE1BF606983FE8341C941BDFCADC07068288C7CA5A9C |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1004 | chrome.exe | GET | 302 | 216.58.207.46:80 | http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjJlQUFXRC12Ny1ldUFnMXF3SDlXZDlFZw/7319.128.0.1_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx | US | html | 506 b | whitelisted |
1004 | chrome.exe | GET | 200 | 209.85.226.6:80 | http://r1---sn-5hnekn76.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvMjJlQUFXRC12Ny1ldUFnMXF3SDlXZDlFZw/7319.128.0.1_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mip=185.104.185.243&mm=28&mn=sn-5hnekn76&ms=nvh&mt=1558687188&mv=m&pl=24&shardbypass=yes | US | crx | 842 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1004 | chrome.exe | 172.217.16.206:443 | clients1.google.com | Google Inc. | US | whitelisted |
1004 | chrome.exe | 216.58.208.35:443 | ssl.gstatic.com | Google Inc. | US | whitelisted |
1004 | chrome.exe | 172.217.23.132:443 | www.google.com | Google Inc. | US | whitelisted |
1004 | chrome.exe | 216.58.210.3:443 | www.gstatic.com | Google Inc. | US | whitelisted |
1004 | chrome.exe | 172.217.22.35:443 | www.google.fr | Google Inc. | US | whitelisted |
1004 | chrome.exe | 172.217.16.142:443 | apis.google.com | Google Inc. | US | whitelisted |
1004 | chrome.exe | 172.217.21.238:443 | ogs.google.com | Google Inc. | US | whitelisted |
1004 | chrome.exe | 216.58.207.74:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
1004 | chrome.exe | 216.58.207.67:443 | clientservices.googleapis.com | Google Inc. | US | whitelisted |
1004 | chrome.exe | 216.58.207.35:443 | www.google.com.ua | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
clientservices.googleapis.com |
| whitelisted |
www.google.com.ua |
| whitelisted |
accounts.google.com |
| shared |
clients1.google.com |
| whitelisted |
ssl.gstatic.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
apis.google.com |
| whitelisted |
www.google.com |
| whitelisted |
www.google.fr |
| whitelisted |
fonts.googleapis.com |
| whitelisted |