File name: | x64__x32__installer.zip |
Full analysis: | https://app.any.run/tasks/792c7a12-1ba1-4cec-abed-4c5e2b6754f8 |
Verdict: | Malicious activity |
Analysis date: | May 01, 2024, 18:17:14 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract, compression method=deflate |
MD5: | 8C311968FB83ADC9052F4BE272504A26 |
SHA1: | 01E9324892FF2F4286BB0B52B0249E950BBAF7DF |
SHA256: | BCBEB2A22072A7CFD302AA31B78A556722AA7D52D7B136ADEACEC711F481821C |
SSDEEP: | 98304:7g7eIXMCeqCMvgdUeq7RDG1w3ECKGUah4EEdaIdQEqwJQbkYku3bj3SR38CKTdA5:G/ajAxXTGZSrnCL |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | Deflated |
ZipModifyDate: | 2024:05:01 17:32:46 |
ZipCRC: | 0x682aa699 |
ZipCompressedSize: | 4174 |
ZipUncompressedSize: | 980346 |
ZipFileName: | password.jpg |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
676 | C:\Windows\system32\msiexec.exe /V | C:\Windows\System32\msiexec.exe | services.exe | ||||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
820 | "C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\Rar$DIa4000.26146\x64__x32___setup.zip | C:\Program Files\WinRAR\WinRAR.exe | WinRAR.exe | ||||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 Modules
| |||||||||||||||
1244 | "C:\Windows\system32\taskmgr.exe" /1 | C:\Windows\System32\taskmgr.exe | taskmgr.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Task Manager Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
2124 | "C:\Windows\system32\taskmgr.exe" /4 | C:\Windows\System32\taskmgr.exe | — | explorer.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Task Manager Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
2484 | C:\Windows\system32\MsiExec.exe -Embedding 0ED4715EB6D086AD57560329635124E9 | C:\Windows\System32\msiexec.exe | — | msiexec.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
2656 | "C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\Desktop\setup\setup.msi" | C:\Windows\System32\msiexec.exe | — | explorer.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
4000 | "C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\x64__x32__installer.zip | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe | |||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 Modules
| |||||||||||||||
4044 | C:\Windows\system32\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503} | C:\Windows\System32\dllhost.exe | — | svchost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: COM Surrogate Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
|
(PID) Process: | (4000) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (4000) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (4000) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (4000) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 3 |
Value: C:\Users\admin\Desktop\phacker.zip | |||
(PID) Process: | (4000) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
(PID) Process: | (4000) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\curl-8.5.0_1-win32-mingw.zip | |||
(PID) Process: | (4000) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\x64__x32__installer.zip | |||
(PID) Process: | (4000) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (4000) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (4000) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 |
PID | Process | Filename | Type | |
---|---|---|---|---|
820 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb820.27231\setup.msi | — | |
MD5:— | SHA256:— | |||
676 | msiexec.exe | C:\Windows\Installer\10f86b.msi | — | |
MD5:— | SHA256:— | |||
820 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb820.27231\iasnap\mprddm.dll | executable | |
MD5:AA6C7B6257F5C9175979A36A29B66BE7 | SHA256:6B7AAB5FC92181204E2FA92058C3D1A321377827580164C47973930F3D8335AC | |||
4000 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa4000.25810\password.jpg | image | |
MD5:338E61371ABE6DCE32235FA39A40387E | SHA256:267A7F2AE4BDDD8A5CF05E734ED92EFC1CFC0E05199060F8DFFE16349CC2665C | |||
4000 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa4000.26146\x64__x32___setup.zip | compressed | |
MD5:C88020C08C062EC13B18DA5608533B40 | SHA256:C83BD870B634F645A52FB92F34CC26B6EAA6204C6F59F8CDC91D4EFAF696212B | |||
820 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb820.27231\winmde\daxexec.dll | executable | |
MD5:AA304599017322A35B85A25C05B2181C | SHA256:DB2FE02682D410DE2E4FA6E9435B9DC14B3739922FE1E6796E8B94942F711944 | |||
820 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb820.27231\winmde\MMDevAPI.dll | executable | |
MD5:8123FCED22F5424445BAA833E790ABE8 | SHA256:0A5E682042A3DAD4BF67AB9A0E3542683A12B75C727EC4972820CF15E5CF59C2 | |||
820 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb820.27231\winmde\mi.dll | executable | |
MD5:0987DB6E1D0563E9A91E8C8FBF266482 | SHA256:5271E8C2759227B34A2E28C5172798B1D79E86F6EEB325979141D903B8F1F7AB | |||
820 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb820.27231\iasnap\iasnap.dll | executable | |
MD5:9159148D50715F59A725A977967898B7 | SHA256:7C1DFB2B669A3346DB1C72AA240AA0C8C11AE874F295957A4AE5225AEA5CE338 | |||
820 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb820.27231\srhelper\sppobjs.dll | executable | |
MD5:BF28019CD8187341479BBB4EFECC45D6 | SHA256:6B051B1D3E3E74201A97FED167AF3A10409237A275EFE514FDAD5EF4BFEA03F9 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
— | — | 224.0.0.252:5355 | — | — | — | unknown |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
1088 | svchost.exe | 224.0.0.252:5355 | — | — | — | unknown |