File name: | raid_tool - alphascript.zip |
Full analysis: | https://app.any.run/tasks/1a817280-298e-438a-b9e3-22507075d7a2 |
Verdict: | Malicious activity |
Analysis date: | October 19, 2020, 23:44:38 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 3E061CDB0DEA5EE253DBBDBAB76F4423 |
SHA1: | 3871E331356B869F1F1ADD16F02B977EA97D9CB1 |
SHA256: | BA4563BF28A50601E88C1F412D359B94F407E8A49E23CEB651D81445E9C56320 |
SSDEEP: | 196608:egzE5VUziCh92ESzIYsbO1m8v26jrkNDRHcthJZ409aXKNdSF88C0YwAfcjrZIVS:dz/0nzIfi1m8u6QHcthbtE2V0Y9kxjGY |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | raid_tool.exe |
---|---|
ZipUncompressedSize: | 12028416 |
ZipCompressedSize: | 11572330 |
ZipCRC: | 0x3365e02f |
ZipModifyDate: | 2020:07:22 17:41:08 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2656 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\raid_tool - alphascript.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3728 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\ok.txt | C:\Windows\system32\NOTEPAD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3656 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\tokens.txt | C:\Windows\system32\NOTEPAD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3052 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\tokens.txt | C:\Windows\system32\NOTEPAD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3592 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\ok.txt | C:\Windows\system32\NOTEPAD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1880 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\ok.txt | C:\Windows\system32\NOTEPAD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3808 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\ok.txt | C:\Windows\system32\NOTEPAD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2092 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\ok.txt | C:\Windows\system32\NOTEPAD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3744 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\tokens.txt | C:\Windows\system32\NOTEPAD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3360 | "C:\Users\admin\Desktop\raid_tool.exe" | C:\Users\admin\Desktop\raid_tool.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM |
PID | Process | Filename | Type | |
---|---|---|---|---|
2656 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2656.44676\raid_tool.exe | — | |
MD5:— | SHA256:— | |||
2656 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2656.44676\README.txt | — | |
MD5:— | SHA256:— | |||
2656 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2656.44676\tokens.txt | — | |
MD5:— | SHA256:— | |||
2656 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2656.44676\ok.txt | — | |
MD5:— | SHA256:— | |||
3744 | NOTEPAD.EXE | C:\Users\admin\Desktop\tokens.txt | text | |
MD5:770672EE46BD0459097F43A36085B1CB | SHA256:DAF4A07360A51955AEE214F253B7845E57266C389F5E312B5B7A4C3C47B50334 | |||
3360 | raid_tool.exe | C:\Users\admin\AppData\Local\Temp\_MEI33602\_ssl.pyd | executable | |
MD5:B9ECF769FC63A542A113CA1552DC7A7B | SHA256:E0BDB16CFFC7B5A19C5AF22D8A33D3C999D55A3117F2DA07ED3171CA9487927E | |||
3360 | raid_tool.exe | C:\Users\admin\AppData\Local\Temp\_MEI33602\_elementtree.pyd | executable | |
MD5:29928F61AAC2E9989BB097620B52A289 | SHA256:EB8DE455AE9EF9B5223DA2EAA2A74121EB2FE5371CB07E803E8E6E5C3CB5FB44 | |||
3360 | raid_tool.exe | C:\Users\admin\AppData\Local\Temp\_MEI33602\VCRUNTIME140.dll | executable | |
MD5:4C360F78DE1F5BAAA5F110E65FAC94B4 | SHA256:AD1B0992B890BFE88EF52D0A830873ACC0AECC9BD6E4FC22397DBCCF4D2B4E37 | |||
3360 | raid_tool.exe | C:\Users\admin\AppData\Local\Temp\_MEI33602\_lzma.pyd | executable | |
MD5:54F12E2385A77D825AE4D41A4AC515FE | SHA256:08DE18FBA635822F3BB89C9429F175E3680B7261546430BA9E2ED09BB31F5218 | |||
3360 | raid_tool.exe | C:\Users\admin\AppData\Local\Temp\_MEI33602\cryptography\hazmat\bindings\_openssl.cp38-win32.pyd | executable | |
MD5:93261A7BE7A2C2571C5857F5C56F7A92 | SHA256:798CB051834CC8B41163F8D076A2F8EDD69930A6E77481B9CAA0B90A231B1808 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3196 | raid_tool.exe | 162.159.134.233:443 | discordapp.com | Cloudflare Inc | — | shared |
3196 | raid_tool.exe | 162.159.135.234:443 | gateway.discord.gg | Cloudflare Inc | — | shared |
Domain | IP | Reputation |
---|---|---|
discordapp.com |
| whitelisted |
gateway.discord.gg |
| whitelisted |