File name: | 6561056999243776.zip |
Full analysis: | https://app.any.run/tasks/ac086976-7dff-48bc-8d73-0588474e2fb0 |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 22:30:54 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | B6EEEDB52C8B64799C50CDBD39C79C2F |
SHA1: | C21F6A1A65375D27B74415B286D2F88F63411FC2 |
SHA256: | C0217DB96F90E98F6A9522FB5CE578C3B6EBD0EB6B2C80A3B89CFD3AC2B37051 |
SSDEEP: | 12288:tGg6VhQO0sag3UIKEsZbwBomYoVbgM/sDc5TZmlxC+bsKX4RobFbkX3UQImngVv:8Thx0sag3knKO+zU6TUG8XJJ0kbmgVv |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | e002f29096d44762347df2b8875eb6683747f3604210e0c3c89bc6f50ed21ba6 |
---|---|
ZipUncompressedSize: | 861696 |
ZipCompressedSize: | 695831 |
ZipCRC: | 0x20bdac55 |
ZipModifyDate: | 1980:00:00 00:00:00 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0009 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3980 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\6561056999243776.zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | ||||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.91.0 Modules
| |||||||||||||||
2544 | "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\AppData\Local\Temp\Rar$DIb3980.12388\e002f29096d44762347df2b8875eb6683747f3604210e0c3c89bc6f50ed21ba6 | C:\Windows\system32\rundll32.exe | — | WinRAR.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
1660 | "C:\Program Files\Windows NT\Accessories\WORDPAD.EXE" "C:\Users\admin\AppData\Local\Temp\Rar$DIb3980.12388\e002f29096d44762347df2b8875eb6683747f3604210e0c3c89bc6f50ed21ba6" | C:\Program Files\Windows NT\Accessories\WORDPAD.EXE | — | rundll32.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Wordpad Application Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
3624 | "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\AppData\Local\Temp\Rar$DIb3980.14724\e002f29096d44762347df2b8875eb6683747f3604210e0c3c89bc6f50ed21ba6 | C:\Windows\system32\rundll32.exe | — | WinRAR.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
2132 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\Rar$DIb3980.14724\e002f29096d44762347df2b8875eb6683747f3604210e0c3c89bc6f50ed21ba6 | C:\Program Files\Internet Explorer\iexplore.exe | — | rundll32.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1800 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2132 CREDAT:144385 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1852 | "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\AppData\Local\Temp\Rar$DIb3980.14724\e002f29096d44762347df2b8875eb6683747f3604210e0c3c89bc6f50ed21ba6 | C:\Windows\system32\rundll32.exe | — | iexplore.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
|
(PID) Process: | (3980) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (3980) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (3980) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (3980) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
(PID) Process: | (3980) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
(PID) Process: | (3980) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\6561056999243776.zip | |||
(PID) Process: | (3980) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (3980) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (3980) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (3980) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2132 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFA07755356248BFD0.TMP | gmc | |
MD5:74C70B57F709A37DC065370789097FB7 | SHA256:DB8C85A8C414FAB4773B18B110444E15DD89CE951288B2BEB1652C5856EFF793 | |||
2132 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{686FD093-7D65-11EC-A20C-12A9866C77DE}.dat | binary | |
MD5:15999CE667826A869F1383D7AB841619 | SHA256:46DF8D75F7235D3A7CFEDEDDE26F31FDC05BCA49AACCEF5DBFB2A4D9EEE2EC75 | |||
3980 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIb3980.14724\e002f29096d44762347df2b8875eb6683747f3604210e0c3c89bc6f50ed21ba6 | executable | |
MD5:58C134EF33BE6BAFAD0C44CDD2364B42 | SHA256:E002F29096D44762347DF2B8875EB6683747F3604210E0C3C89BC6F50ED21BA6 | |||
3980 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIb3980.12388\e002f29096d44762347df2b8875eb6683747f3604210e0c3c89bc6f50ed21ba6 | executable | |
MD5:58C134EF33BE6BAFAD0C44CDD2364B42 | SHA256:E002F29096D44762347DF2B8875EB6683747F3604210E0C3C89BC6F50ED21BA6 |