File name: | LOIC-1.0.8-binary.zip |
Full analysis: | https://app.any.run/tasks/8324a472-fc6d-48a7-83f9-fed28fbbb1df |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 21:05:54 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | C615DA1584CF050CF81A08D40309D735 |
SHA1: | FF00F68B03F7BBC785284ABD95A54D5B98F7DB9B |
SHA256: | B6D6E0D1DCE867836A684A0AF278E46ED4A50BE49A784AB7BFCB3ED59841C9D0 |
SSDEEP: | 3072:n1sQ9BKWms487f1j/XjSGrJmjJ7cAs1QRls:nuQ9Tmd41jfD0lgXQRG |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | Deflated |
ZipModifyDate: | 2014:12:12 21:09:00 |
ZipCRC: | 0x3aef8268 |
ZipCompressedSize: | 103047 |
ZipUncompressedSize: | 136192 |
ZipFileName: | LOIC.exe |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
2984 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\LOIC-1.0.8-binary.zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | ||||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 Modules
| |||||||||||||||
4064 | "C:\Users\admin\Desktop\LOIC.exe" | C:\Users\admin\Desktop\LOIC.exe | Explorer.EXE | ||||||||||||
User: admin Integrity Level: MEDIUM Description: Low Orbit Ion Cannon Version: 1.0.8.0 Modules
|
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\LOIC-1.0.8-binary.zip | |||
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
4064 | LOIC.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_0E3E47DCB79A5C90729CD0F4FD50E1CF | der | |
MD5:A046980829EA2D1D76263E972EBA0BD5 | SHA256:F7B5584CF8C5BEBF833E9C002E0F7AB06272B3652D75EE88AADF320CECE7669A | |||
4064 | LOIC.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04 | binary | |
MD5:49246AAFADB8BD2030BAC9668A15FC0F | SHA256:2A4CC46040049DE8959C58B6EFB90A019C5029B594327F8CF75D909FD2FF1EE5 | |||
4064 | LOIC.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:BA82804ED61F77B3C9D306838674B0FD | SHA256:51A619D1F52C1F3182F1B93810FA938296034BECA0F9D1931E21BB0029A8D1E6 | |||
4064 | LOIC.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E573CDF4C6D731D56A665145182FD759_6B24471AF7D42D8A96573B48B6B5FC54 | binary | |
MD5:20503E05A10E285CE656E8533AA46220 | SHA256:B4B9741C17BE82BCB298263A6C37827DDDDA867863D985FBA09B2BFD575855C1 | |||
4064 | LOIC.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6 | binary | |
MD5:CFA1F5B345CB066C02C07DF1B9866BDA | SHA256:5D948714951B55987A9ABEAD72902387E242986E8B394404170BDA6415F25532 | |||
4064 | LOIC.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA | der | |
MD5:64E9B8BB98E2303717538CE259BEC57D | SHA256:76BD459EC8E467EFC3E3FB94CB21B9C77A2AA73C9D4C0F3FAF823677BE756331 | |||
4064 | LOIC.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442 | der | |
MD5:A5076A60FF4D331B4609DE91B658E675 | SHA256:B1F5B421AD5B4A133ED6F8BDCA9767B9D7A11FC97EED75C9945AF28F5DE030BA | |||
4064 | LOIC.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_0E3E47DCB79A5C90729CD0F4FD50E1CF | binary | |
MD5:C0E83D4AC39CDA9806C9BD7990E45463 | SHA256:66F7CF6A86F1465A61D030099FEBF0070AD2457C95FD788D542DF9230B2FC6DF | |||
4064 | LOIC.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA | der | |
MD5:0213524244EAF6A7E638BB1910432065 | SHA256:2CCB09AE116851A6DFF4849062A18092D522A05897CECB74DFCA383AA2DEA296 | |||
4064 | LOIC.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_D975BBA8033175C8D112023D8A7A8AD6 | der | |
MD5:D94C08EB9C2992C5D8CFE12C5E185A6B | SHA256:56B861E5117B8E08800AFD24DB0133D298E11E478ADB1D17DFE7654DBA08D5A5 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
4064 | LOIC.exe | GET | 200 | 142.250.186.67:80 | http://ocsp.pki.goog/gsr1/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCEHe9DWzbNvka6iEPxPBY0w0%3D | US | der | 1.41 Kb | whitelisted |
4064 | LOIC.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEAJzDa4XzkALssaw0g2b64k%3D | US | der | 471 b | whitelisted |
4064 | LOIC.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA%2BnRyLFPYjID1ie%2Bx%2BdSjo%3D | US | der | 1.47 Kb | whitelisted |
4064 | LOIC.exe | GET | 200 | 142.250.186.67:80 | http://ocsp.pki.goog/gtsr1/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBQwkcLWD4LqGJ7bE7B1XZsEbmfwUAQU5K8rJnEaK0gnhS9SZizv8IkTcT4CDQIDvFNZazTHGPUBUGY%3D | US | der | 724 b | whitelisted |
4064 | LOIC.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAbY2QTVWENG9oovp1QifsQ%3D | US | der | 471 b | whitelisted |
4064 | LOIC.exe | GET | — | 104.143.9.210:80 | http://104.143.9.210:80/ | US | — | — | malicious |
4064 | LOIC.exe | GET | — | 104.143.9.210:80 | http://104.143.9.210:80/ | US | — | — | malicious |
4064 | LOIC.exe | GET | — | 104.143.9.210:80 | http://104.143.9.210:80/ | US | — | — | malicious |
4064 | LOIC.exe | GET | — | 104.143.9.210:80 | http://104.143.9.210:80/ | US | — | — | malicious |
4064 | LOIC.exe | GET | — | 104.143.9.210:80 | http://104.143.9.210:80/ | US | — | — | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4064 | LOIC.exe | 142.250.186.67:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
4064 | LOIC.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
4064 | LOIC.exe | 67.199.248.16:443 | j.mp | Bitly Inc | US | shared |
4064 | LOIC.exe | 216.58.212.174:443 | www.google-analytics.com | Google Inc. | US | whitelisted |
4064 | LOIC.exe | 104.143.9.210:80 | noctu.com | VegasNAP, LLC | US | malicious |
4064 | LOIC.exe | 152.199.21.175:443 | az416426.vo.msecnd.net | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
4064 | LOIC.exe | 52.179.188.206:443 | loicweb.azurewebsites.net | Microsoft Corporation | US | unknown |
4064 | LOIC.exe | 93.184.221.240:80 | ctldl.windowsupdate.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
— | — | 104.143.9.210:80 | noctu.com | VegasNAP, LLC | US | malicious |
Domain | IP | Reputation |
---|---|---|
j.mp |
| shared |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
loicweb.azurewebsites.net |
| whitelisted |
az416426.vo.msecnd.net |
| whitelisted |
www.google-analytics.com |
| whitelisted |
ocsp.pki.goog |
| whitelisted |
noctu.com |
| unknown |