File name: | 4.rar |
Full analysis: | https://app.any.run/tasks/d46c002c-83c0-46d6-b94c-8ec60eabcc53 |
Verdict: | Malicious activity |
Analysis date: | January 18, 2019, 08:33:11 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | ACF56AA41259A7C0DB6E919FFA2CACCF |
SHA1: | 7D7DD70AA7FB45BCD8EC5B33C3F58025C2A3417D |
SHA256: | BC48B395C4892E684C34534015C653FD3EB6302D6ED1F81E616CD74878BE7D34 |
SSDEEP: | 3072:qlnKcRT/Sjn4AmLVEpBze59GepowHfmydy0MJmpsrvw0y0k9ixAZK0lCo8C8c:iZRT/aiVEnkCw/ldDMMb9ixxwl |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2992 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\4.rar" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3924 | "C:\Users\admin\Desktop\Netflix by burnwood 2.1\Netflix V2.0.exe" | C:\Users\admin\Desktop\Netflix by burnwood 2.1\Netflix V2.0.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Description: Netflix V2.0 Exit code: 0 Version: 1.0.0.0 | ||||
3632 | "C:\Users\admin\AppData\Local\Temp\Netflix V2.0.exe" | C:\Users\admin\AppData\Local\Temp\Netflix V2.0.exe | — | Netflix V2.0.exe |
User: admin Integrity Level: MEDIUM Description: Netflix V2.0 Exit code: 3221225786 Version: 1.0.0.0 | ||||
3972 | "C:\Users\admin\AppData\Local\Temp\Service.exe" | C:\Users\admin\AppData\Local\Temp\Service.exe | Netflix V2.0.exe | |
User: admin Integrity Level: MEDIUM Description: Service Exit code: 0 Version: 1.0.0.0 | ||||
1860 | "C:\Users\admin\AppData\Roaming\UAC.exe" | C:\Users\admin\AppData\Roaming\UAC.exe | Service.exe | |
User: admin Integrity Level: MEDIUM Description: Service Version: 1.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2992 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb2992.41811\Netflix by burnwood 2.1\Netflix V2.0.exe | — | |
MD5:— | SHA256:— | |||
2992 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb2992.41811\Netflix by burnwood 2.1\xNet-Ameliorated.dll | — | |
MD5:— | SHA256:— | |||
2992 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb2992.41811\Netflix by burnwood 2.1\Netflix V2.0.exe.config | — | |
MD5:— | SHA256:— | |||
1860 | UAC.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\logs.lnk | lnk | |
MD5:7E532EFDD49C1284964144A4E708488E | SHA256:64AFAFAC8DFB1813E1E0393A9E2A7B30BA7B9E8B7D3EDA26C19C6EAF56FC88F5 | |||
3924 | Netflix V2.0.exe | C:\Users\admin\AppData\Local\Temp\Netflix V2.0.exe | executable | |
MD5:B8314FE31F60F60FCD8259A98F6D9F75 | SHA256:F4F3E8EBD084A82970D8506960A8D3D44EEBCBFBF22DC95D05180D6F82C3BB66 | |||
3972 | Service.exe | C:\Users\admin\AppData\Roaming\UAC.exe | executable | |
MD5:C95F07A0BC85B6E6771BC877EBDBF615 | SHA256:594BCE8C8316D4A86E827197C0CED91C5B2F6BDF36EC468F8FFC3A1564CD3922 | |||
3924 | Netflix V2.0.exe | C:\Users\admin\AppData\Local\Temp\Service.exe | executable | |
MD5:C95F07A0BC85B6E6771BC877EBDBF615 | SHA256:594BCE8C8316D4A86E827197C0CED91C5B2F6BDF36EC468F8FFC3A1564CD3922 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1860 | UAC.exe | 39.52.173.29:2222 | uogapk7.ddns.net | Pakistan Telecom Company Limited | PK | unknown |
— | — | 39.52.173.29:2222 | uogapk7.ddns.net | Pakistan Telecom Company Limited | PK | unknown |
3972 | Service.exe | 39.52.173.29:2222 | uogapk7.ddns.net | Pakistan Telecom Company Limited | PK | unknown |
Domain | IP | Reputation |
---|---|---|
uogapk3.ddns.net |
| malicious |
uogapk4.ddns.net |
| malicious |
uogapk5.ddns.net |
| malicious |
uogapk6.ddns.net |
| malicious |
uogapk7.ddns.net |
| malicious |
dns.msftncsi.com |
| shared |
uogapk8.ddns.net |
| malicious |
uogapk9.ddns.net |
| malicious |
uogapk10.ddns.net |
| malicious |
uogapk11.ddns.net |
| malicious |