File name: | 4.zip |
Full analysis: | https://app.any.run/tasks/4961a045-784b-45bc-9aa0-1a56910b9069 |
Verdict: | Malicious activity |
Analysis date: | May 06, 2019, 06:31:25 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v1.0 to extract |
MD5: | 1F53FB6BCB7D0BF7DAD1015E94BB7B87 |
SHA1: | 396C7EFEFAE47594625D93019EBCB77DB34633FC |
SHA256: | BBA1A83AB7F2221FD58543D1D66AB90CEA11E878C6404CC752AA667228663AE7 |
SSDEEP: | 49152:aegpr3fOsFY0/FdswvsYk+Gcwu/KKXwZ5q+aa5QOOX1gTagMo8awhzpNOCrMJv+G:afr3fOsFX/FdscbMNKXwTq+rOWPopN1Q |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 10 |
---|---|
ZipBitFlag: | - |
ZipCompression: | None |
ZipModifyDate: | 2019:05:05 07:12:22 |
ZipCRC: | 0x00000000 |
ZipCompressedSize: | - |
ZipUncompressedSize: | - |
ZipFileName: | Combos.txt |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
4004 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\4.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3216 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2224 | "C:\Users\admin\Desktop\COSY V1 - Spotify Checker.exe" | C:\Users\admin\Desktop\COSY V1 - Spotify Checker.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
3984 | "C:\Users\admin\Desktop\COSY V1 - Spotify Checker.exe" | C:\Users\admin\Desktop\COSY V1 - Spotify Checker.exe | COSY V1 - Spotify Checker.exe | |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
756 | C:\Windows\system32\cmd.exe /c file_exe.exe | C:\Windows\system32\cmd.exe | — | COSY V1 - Spotify Checker.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1704 | file_exe.exe | C:\Users\admin\Desktop\file_exe.exe | cmd.exe | |
User: admin Integrity Level: MEDIUM Description: Exit code: 0 Version: 0.0.0.0 | ||||
1836 | "C:\Users\admin\AppData\Local\Temp\love.exe" | C:\Users\admin\AppData\Local\Temp\love.exe | file_exe.exe | |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
2180 | "C:\Users\admin\AppData\Local\Temp\COSY V1 - Spotify Checker.exe" | C:\Users\admin\AppData\Local\Temp\COSY V1 - Spotify Checker.exe | file_exe.exe | |
User: admin Integrity Level: MEDIUM Description: Spotify Checker Version: 1.0.0.0 | ||||
2688 | "C:\Windows\system32\mmc.exe" "C:\Windows\system32\taskschd.msc" /s | C:\Windows\system32\mmc.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Management Console Exit code: 3221226540 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1856 | "C:\Windows\system32\mmc.exe" "C:\Windows\system32\taskschd.msc" /s | C:\Windows\system32\mmc.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft Management Console Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2224 | COSY V1 - Spotify Checker.exe | C:\Users\admin\AppData\Local\Temp\_MEI22242\bz2.pyd | executable | |
MD5:EC741FFBCAF76B6045A73B49FC1A50BD | SHA256:C4778BF950CCAE643E6D9B42F5E2624CB2141BB4E8E341CEA8844AB35B9A73F5 | |||
2224 | COSY V1 - Spotify Checker.exe | C:\Users\admin\AppData\Local\Temp\_MEI22242\msvcp90.dll | executable | |
MD5:90D560C689F507489485DEDDAEFA3153 | SHA256:BC53359AD6A8146B41DD3083462BC045ACEFE96E079282EA4A6DF21F87B5E9FF | |||
3984 | COSY V1 - Spotify Checker.exe | C:\Users\admin\Desktop\file_exe.exe | executable | |
MD5:0BB87E53833306ABB1950EEDDB508820 | SHA256:B13CB13936757B1476BCDF6AADE881672B7B426A6018F2D308BD5479D5F77731 | |||
2224 | COSY V1 - Spotify Checker.exe | C:\Users\admin\AppData\Local\Temp\_MEI22242\select.pyd | executable | |
MD5:54F519FBC33CCCE8408AFF7E8F07ADD7 | SHA256:72A48C97570E10F2A52FD080AA78D312B5166C6EF20CCB858BA7A19D47EEE739 | |||
2224 | COSY V1 - Spotify Checker.exe | C:\Users\admin\AppData\Local\Temp\_MEI22242\unicodedata.pyd | executable | |
MD5:54B9007FA39C1837EA87BCF6B175D3B9 | SHA256:ACDE1374475BD6295D8EDE0720BFCCE346D949AD302592C0DF0D4A7B1BF9B9AA | |||
4004 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa4004.31221\COSY V1 - Spotify Checker.exe | executable | |
MD5:8238B5BE742EA1460544560516F1304F | SHA256:261ABF333AA01937E7EE01E8BB3846C55F919B6A8891AB30C21432B09DB8781D | |||
2224 | COSY V1 - Spotify Checker.exe | C:\Users\admin\AppData\Local\Temp\_MEI22242\output.exe.manifest | xml | |
MD5:803233C765043F1F78ECB54967B39C9C | SHA256:FE210792A9054BF81B0C7A6E4EF1A0FFDF1F31A803FE4F3380EF1A8822D44A4B | |||
4004 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa4004.31221\Criminality.Helper.dll | executable | |
MD5:0D50DEA884FA78B67C06FF9AEA5F0330 | SHA256:2361ACAA7BAB686475605B0840427AF92A3FACA8C453E356AAA13ED85D40389F | |||
2224 | COSY V1 - Spotify Checker.exe | C:\Users\admin\AppData\Local\Temp\_MEI22242\msvcr90.dll | executable | |
MD5:4FDC6EF163C587677AA196C3D17B8F5C | SHA256:C6C504830E7EFC3C6E2F3922E1500F5C3B732D13A321E1F30D9C75E1BE4AC303 | |||
2224 | COSY V1 - Spotify Checker.exe | C:\Users\admin\AppData\Local\Temp\_MEI22242\_hashlib.pyd | executable | |
MD5:AE1F3D94D27139D5A1BB8C6F1D9B9BA9 | SHA256:68E9FF80F9A0759BB801816F439397615DC9BB8D9CFED534ACEF0BF09E520533 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3140 | Win32.exe | 185.209.23.138:5050 | — | NovoServe B.V. | NL | unknown |
3140 | Win32.exe | 104.20.209.21:443 | pastebin.com | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
pastebin.com |
| shared |
Process | Message |
---|---|
mmc.exe | Constructor: Microsoft.TaskScheduler.SnapIn.TaskSchedulerSnapIn
|
mmc.exe | OnInitialize: Microsoft.TaskScheduler.SnapIn.TaskSchedulerSnapIn
|
mmc.exe | AddIcons: Microsoft.TaskScheduler.SnapIn.TaskSchedulerSnapIn
|
mmc.exe | ProcessCommandLineArguments: Microsoft.TaskScheduler.SnapIn.TaskSchedulerSnapIn
|