File name: | NeverExecute_full.zip |
Full analysis: | https://app.any.run/tasks/582a2c99-c7d9-473d-a68f-ec992ca8adc1 |
Verdict: | Malicious activity |
Analysis date: | April 23, 2019, 23:15:25 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 8FDBE051302788C37848C4F0E92CE355 |
SHA1: | 310A45411971C240205F6AC6D8B7DBB975A0259E |
SHA256: | BFD978EA2866A725F0CF981A3809A4EACF40829D86B41D99BEE30DEDE2FE0D37 |
SSDEEP: | 196608:dG0oq4jGNQzIrxgL3/KcaMqMR0AcoD9eUKZM9PffpoI7:dGfqYmxKaGhK+9fG0 |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | Deflated |
ZipModifyDate: | 2018:08:14 01:03:23 |
ZipCRC: | 0x4a4e82f5 |
ZipCompressedSize: | 880904 |
ZipUncompressedSize: | 2106368 |
ZipFileName: | libcrypto-1_1.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
772 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\NeverExecute_full.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
1944 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
328 | "C:\Users\admin\Desktop\svchost.exe" | C:\Users\admin\Desktop\svchost.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Host Process for Windows Services Version: 10.0.15175.1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
772 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa772.37330\svchost.exe23 | executable | |
MD5:091665A0A133E958E343C191B38F1B0C | SHA256:3B4C15C41296E94F6439CA9F40A30E83488F00F813667142C117E469E0774A58 | |||
772 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa772.37330\libssl-1_1.dll | executable | |
MD5:235BECA4C331599E057F74A311FD0ECF | SHA256:2DDFDF325449D31DCE777C4AD8831C5893B1CCAAF79236DBD00B6B844873F8DA | |||
772 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa772.37330\libcrypto-1_1.dll | executable | |
MD5:E9C9E8B1EFD08B1A4B2812A3B1DB1711 | SHA256:860241AAB98A7EA0DDB31D3A4F96AA4D209F8FAFC69BF3223DE13309F8194565 | |||
772 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa772.37330\msvcr120.dll | executable | |
MD5:034CCADC1C073E4216E9466B720F9849 | SHA256:86E39B5995AF0E042FCDAA85FE2AEFD7C9DDC7AD65E6327BD5E7058BC3AB615F |