File name: | 6a9c46d96f001a1a3cc47d166d6c0aabc26a5cf25610cef51d2b834526c6b596.bin.gz |
Full analysis: | https://app.any.run/tasks/47f0a85d-5374-490e-847a-1240ad545d10 |
Verdict: | Malicious activity |
Analysis date: | July 17, 2019, 10:57:53 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/gzip |
File info: | gzip compressed data, max compression, from Unix |
MD5: | 8F1F60117C1B3A97E19A3F70DB29A629 |
SHA1: | 1B45E32EB175AA11A2561257BD0E07818AF16D4E |
SHA256: | BB3DEB0D3EAF85B929305CA3847898AAECB6B42A50A80EFB132C2CC47B2CFD24 |
SSDEEP: | 384:+o6LLiW35mKK9/9pHBy821uPzlpNpVoEa5xjn3ECUn0umB:+rLxpmrpHByb1CPA5xTNVl |
.z/gz/gzip | | | GZipped data (100) |
---|
Compression: | Deflated |
---|---|
Flags: | (none) |
ModifyDate: | 0000:00:00 00:00:00 |
ExtraFlags: | Maximum Compression |
OperatingSystem: | Unix |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2956 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\6a9c46d96f001a1a3cc47d166d6c0aabc26a5cf25610cef51d2b834526c6b596.bin.gz.z" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2924 | "C:\Users\admin\Desktop\6a9c46d96f001a1a3cc47d166d6c0aabc26a5cf25610cef51d2b834526c6b596.bin.scr" /S | C:\Users\admin\Desktop\6a9c46d96f001a1a3cc47d166d6c0aabc26a5cf25610cef51d2b834526c6b596.bin.scr | explorer.exe | |
User: admin Integrity Level: MEDIUM |
(PID) Process: | (2956) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (2956) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (2956) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (2956) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop\6a9c46d96f001a1a3cc47d166d6c0aabc26a5cf25610cef51d2b834526c6b596.bin.gz.z | |||
(PID) Process: | (2956) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (2956) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (2956) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (2956) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (2924) 6a9c46d96f001a1a3cc47d166d6c0aabc26a5cf25610cef51d2b834526c6b596.bin.scr | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run |
Operation: | write | Name: | Traybar |
Value: C:\Users\admin\AppData\Local\Temp\lsass.exe | |||
(PID) Process: | (2924) 6a9c46d96f001a1a3cc47d166d6c0aabc26a5cf25610cef51d2b834526c6b596.bin.scr | Key: | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\RASAPI32 |
Operation: | write | Name: | EnableFileTracing |
Value: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2956 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2956.11771\6a9c46d96f001a1a3cc47d166d6c0aabc26a5cf25610cef51d2b834526c6b596.bin.gz | — | |
MD5:— | SHA256:— | |||
2924 | 6a9c46d96f001a1a3cc47d166d6c0aabc26a5cf25610cef51d2b834526c6b596.bin.scr | C:\Users\admin\AppData\Local\Temp\tmp43A2.tmp | — | |
MD5:— | SHA256:— | |||
2924 | 6a9c46d96f001a1a3cc47d166d6c0aabc26a5cf25610cef51d2b834526c6b596.bin.scr | C:\Users\admin\AppData\Local\Temp\tmp43A3.tmp | — | |
MD5:— | SHA256:— | |||
2924 | 6a9c46d96f001a1a3cc47d166d6c0aabc26a5cf25610cef51d2b834526c6b596.bin.scr | C:\Users\admin\AppData\Local\Temp\tmp446F.tmp | — | |
MD5:— | SHA256:— | |||
2924 | 6a9c46d96f001a1a3cc47d166d6c0aabc26a5cf25610cef51d2b834526c6b596.bin.scr | C:\Users\admin\AppData\Local\Temp\tmp4470.tmp | — | |
MD5:— | SHA256:— | |||
2924 | 6a9c46d96f001a1a3cc47d166d6c0aabc26a5cf25610cef51d2b834526c6b596.bin.scr | C:\Users\admin\AppData\Local\Temp\tmp6FB7.tmp | — | |
MD5:— | SHA256:— | |||
2924 | 6a9c46d96f001a1a3cc47d166d6c0aabc26a5cf25610cef51d2b834526c6b596.bin.scr | C:\Users\admin\AppData\Local\Temp\tmp7361.tmp | — | |
MD5:— | SHA256:— | |||
2924 | 6a9c46d96f001a1a3cc47d166d6c0aabc26a5cf25610cef51d2b834526c6b596.bin.scr | C:\Users\admin\AppData\Local\Temp\tmp7362.tmp | — | |
MD5:— | SHA256:— | |||
2924 | 6a9c46d96f001a1a3cc47d166d6c0aabc26a5cf25610cef51d2b834526c6b596.bin.scr | C:\Users\admin\AppData\Local\Temp\tmp7392.tmp | — | |
MD5:— | SHA256:— | |||
2924 | 6a9c46d96f001a1a3cc47d166d6c0aabc26a5cf25610cef51d2b834526c6b596.bin.scr | C:\Users\admin\AppData\Local\Temp\tmp73A3.tmp | — | |
MD5:— | SHA256:— |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2924 | 6a9c46d96f001a1a3cc47d166d6c0aabc26a5cf25610cef51d2b834526c6b596.bin.scr | 64.90.25.125:1042 | — | Windstream Communications Inc | US | unknown |
2924 | 6a9c46d96f001a1a3cc47d166d6c0aabc26a5cf25610cef51d2b834526c6b596.bin.scr | 69.110.35.104:1042 | — | AT&T Services, Inc. | US | unknown |
2924 | 6a9c46d96f001a1a3cc47d166d6c0aabc26a5cf25610cef51d2b834526c6b596.bin.scr | 216.97.88.9:25 | unicode.org | CoreSpace, Inc. | US | unknown |
2924 | 6a9c46d96f001a1a3cc47d166d6c0aabc26a5cf25610cef51d2b834526c6b596.bin.scr | 129.81.213.115:1042 | — | Tulane University | US | unknown |
2924 | 6a9c46d96f001a1a3cc47d166d6c0aabc26a5cf25610cef51d2b834526c6b596.bin.scr | 15.244.203.96:1042 | — | Hewlett-Packard Company | US | unknown |
2924 | 6a9c46d96f001a1a3cc47d166d6c0aabc26a5cf25610cef51d2b834526c6b596.bin.scr | 17.151.62.66:25 | nwk-aaemail-lapp01.apple.com | Apple Inc. | US | unknown |
2924 | 6a9c46d96f001a1a3cc47d166d6c0aabc26a5cf25610cef51d2b834526c6b596.bin.scr | 10.96.17.52:1042 | — | — | — | unknown |
2924 | 6a9c46d96f001a1a3cc47d166d6c0aabc26a5cf25610cef51d2b834526c6b596.bin.scr | 172.16.2.218:1042 | — | — | — | unknown |
2924 | 6a9c46d96f001a1a3cc47d166d6c0aabc26a5cf25610cef51d2b834526c6b596.bin.scr | 207.244.88.150:25 | mx1-lw-us.apache.org | Leaseweb USA, Inc. | US | unknown |
2924 | 6a9c46d96f001a1a3cc47d166d6c0aabc26a5cf25610cef51d2b834526c6b596.bin.scr | 98.137.159.24:25 | mta7.am0.yahoodns.net | Yahoo | US | unknown |
Domain | IP | Reputation |
---|---|---|
dns.msftncsi.com |
| shared |
apple.com |
| whitelisted |
nwk-aaemail-lapp01.apple.com |
| whitelisted |
unicode.org |
| whitelisted |
yahoo.com |
| whitelisted |
mta7.am0.yahoodns.net |
| whitelisted |
openoffice.org |
| whitelisted |
mx1-lw-eu.apache.org |
| whitelisted |
mx1-lw-us.apache.org |
| whitelisted |
onlineconnections.com.au |
| unknown |