File name: | VKLumit crack [MacrosL].rar |
Full analysis: | https://app.any.run/tasks/6c75e189-ce88-4911-b581-9d4a7e4bc846 |
Verdict: | Malicious activity |
Analysis date: | March 22, 2019, 13:08:03 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 855DDB76DA165C92343F816E53ED727F |
SHA1: | 6AD55C2BA219880989664D3EC286FC594F8D2D97 |
SHA256: | BEF165B30EFEB99EDD848EBAE3D042765418A3CDDA3A45794980884345278DC4 |
SSDEEP: | 196608:/UNFsM28o3VlbWakW+cnvA6ROH2upzNpi9ftiD4TTBa4C:/6sD86lbpkW+h6tSuU24 |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3604 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\VKLumit crack [MacrosL].rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
880 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3604.11084\Loader.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3604.11084\Loader.exe | — | WinRAR.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
3708 | "C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "C:\Users\admin\AppData\Local\Temp\Rar$EXa3604.11084\Loader.exe" org.develnext.jphp.ext.javafx.FXLauncher | C:\Program Files\Java\jre1.8.0_92\bin\javaw.exe | — | Loader.exe |
User: admin Company: Oracle Corporation Integrity Level: MEDIUM Description: Java(TM) Platform SE binary Exit code: 0 Version: 8.0.920.14 | ||||
2760 | "VK Lumit.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3604.11084\VK Lumit.exe | javaw.exe | |
User: admin Integrity Level: MEDIUM Exit code: 2000 | ||||
2964 | "C:\Users\admin\AppData\Local\Temp\RarSFX0\start.exe" | C:\Users\admin\AppData\Local\Temp\RarSFX0\start.exe | — | VK Lumit.exe |
User: admin Integrity Level: MEDIUM Exit code: 1000 | ||||
1524 | "C:\Windows\system32\cmd.exe" /c "C:\Users\admin\AppData\Local\Temp\1\37EA.tmp.bat C:\Users\admin\AppData\Local\Temp\RarSFX0\start.exe" | C:\Windows\system32\cmd.exe | — | start.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1000 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3076 | build.exe -palesha | C:\Users\admin\AppData\Local\Temp\RarSFX0\build.exe | cmd.exe | |
User: admin Integrity Level: MEDIUM Exit code: 1000 | ||||
3488 | "C:\Users\admin\AppData\Local\Temp\RarSFX1\start.exe" | C:\Users\admin\AppData\Local\Temp\RarSFX1\start.exe | — | build.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
4004 | cmd.exe /c "chcp 65001 | tasklist /V /FO CSV /NH /FI "IMAGENAME eq start.exe"" | C:\Windows\system32\cmd.exe | — | javaw.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2772 | chcp 65001 | C:\Windows\system32\chcp.com | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Change CodePage Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3708 | javaw.exe | C:\Users\admin\AppData\Local\Temp\{XF-CO-17-TR-I-AL}.SYS | text | |
MD5:683EE249FC7E5DB296CBDF965B09EE81 | SHA256:85D5E77BE91D5501371C89428EC19E6A0131BB76A3E01FF15DFD90BE1B2E2326 | |||
3708 | javaw.exe | C:\Users\admin\.oracle_jre_usage\90737d32e3abaa4.timestamp | text | |
MD5:C5BCF9042636B53970A24672B35EBC17 | SHA256:6D0E388B16EBD3D1A11CCF7596437F68ED9AF17357D66786112B45BA17265710 | |||
3604 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3604.11084\Loader.exe | executable | |
MD5:DEA3E9B2A675819B2991D88025481E5A | SHA256:B16496B69352A6B474531CBA9BE47E5B7833CCE5540F28A0B15566CBB2B037FD | |||
3076 | build.exe | C:\Users\admin\AppData\Local\Temp\RarSFX1\ext\php_curl.dll | executable | |
MD5:E8977AB00A9C709195A931E264F71720 | SHA256:4223CD949379213C38561399E99C62067B0B0D5A4B59EC4877C8F3F97C364723 | |||
3076 | build.exe | C:\Users\admin\AppData\Local\Temp\RarSFX1\data\blur\4.png | image | |
MD5:152C0A26BBF5D79F63CDDA6CE8DDDFAF | SHA256:D40D80BA989A4363F2454771583F4FA6424BDDB2036D39AC41A51B7B8CCCF5BF | |||
2964 | start.exe | C:\Users\admin\AppData\Local\Temp\1\37EA.tmp.bat | text | |
MD5:2F9CF8105581F86325966332E10AC006 | SHA256:4A4E2B4C3A97D6FC07DAB4F59CF93EE5D3F9B14A6BAC14385B9B56B41EF62445 | |||
3076 | build.exe | C:\Users\admin\AppData\Local\Temp\RarSFX1\data\blur\5.png | image | |
MD5:5FDDEAD1A4279F057D86F2ABF6609B13 | SHA256:A875DECCAED4A9875E28CEA497FC038640C3494B95277D878E1E545074505D68 | |||
3076 | build.exe | C:\Users\admin\AppData\Local\Temp\RarSFX1\data\blur\10.png | image | |
MD5:DC878A01BCD72400963A93FF93B98D5B | SHA256:AEA8BDF7C4BE976B2ED12CDB3CD74849C6C7842050383AF1068F7BABD013E925 | |||
2760 | VK Lumit.exe | C:\Users\admin\AppData\Local\Temp\RarSFX0\start.exe | executable | |
MD5:056CD7A8E817E99EA412088C41B10F04 | SHA256:1632DAF850DA269784AA8BA75D5C86AD9455A48478C42F46A423027BC95F2F46 | |||
3076 | build.exe | C:\Users\admin\AppData\Local\Temp\RarSFX1\ShadowForm.dll | executable | |
MD5:059DADA01FCBDEF087BBECF5CBF0AE22 | SHA256:C8E84431A7E5B3FED3D838082A8D2EC46189B9A1419ED0044E92545C6B49227C |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2300 | start.exe | 87.240.129.135:443 | oauth.vk.com | VKontakte Ltd | RU | suspicious |
Domain | IP | Reputation |
---|---|---|
oauth.vk.com |
| whitelisted |