File name: | 1XMLIMG1911-1958682032_.zip |
Full analysis: | https://app.any.run/tasks/f9b1d0d6-e828-4df4-9c3f-bc03f2ff5ee4 |
Verdict: | Malicious activity |
Analysis date: | October 09, 2019, 17:13:13 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/octet-stream |
File info: | data |
MD5: | 155182584992C8E4F717CB64E08C7AC4 |
SHA1: | BFF088121F847544885C709656083CB4F580A440 |
SHA256: | C304D47F318FDE337BCB32B22A1938A544B0835169DDE182A40820666A01B169 |
SSDEEP: | 6144:jOdsD1vjSQA6z87QbskebenZVSRqQPWcXFyr:IIvj/A6zFbTyYZYkazYr |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2912 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\1XMLIMG1911-1958682032_.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3468 | "C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\Rar$EXa2912.23469\1SCX7734769589574545.msi" | C:\Windows\System32\msiexec.exe | WinRAR.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3260 | C:\Windows\system32\msiexec.exe /V | C:\Windows\system32\msiexec.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2864 | C:\Windows\system32\MsiExec.exe -Embedding 74D0DC856EAAF8DFD79FD4BB19B1FC00 C | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3812 | "C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\Rar$EXa2912.23546\1SCX7734769589574545.msi" | C:\Windows\System32\msiexec.exe | — | WinRAR.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2668 | C:\Windows\system32\MsiExec.exe -Embedding 8168C7AD0F4DB7D1C47D1B42A385B2BA C | C:\Windows\system32\MsiExec.exe | — | msiexec.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3156 | C:\Windows\system32\vssvc.exe | C:\Windows\system32\vssvc.exe | — | services.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft® Volume Shadow Copy Service Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3364 | DrvInst.exe "1" "200" "STORAGE\VolumeSnapshot\HarddiskVolumeSnapshot22" "" "" "695c3f483" "00000000" "00000390" "000005BC" | C:\Windows\system32\DrvInst.exe | — | svchost.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Driver Installation Module Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3056 | C:\Windows\system32\MsiExec.exe -Embedding 43530338BA8696290EE91D5C5F39F1C1 | C:\Windows\system32\MsiExec.exe | msiexec.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3468 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\MSIAF97.tmp | — | |
MD5:— | SHA256:— | |||
3468 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\MSIAFB7.tmp | — | |
MD5:— | SHA256:— | |||
3468 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\MSIB006.tmp | — | |
MD5:— | SHA256:— | |||
3812 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\MSIB10D.tmp | — | |
MD5:— | SHA256:— | |||
3812 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\MSIB18B.tmp | — | |
MD5:— | SHA256:— | |||
3812 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\MSIB19C.tmp | — | |
MD5:— | SHA256:— | |||
3812 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\MSIB1CC.tmp | — | |
MD5:— | SHA256:— | |||
3260 | msiexec.exe | C:\System Volume Information\SPP\metadata-2 | — | |
MD5:— | SHA256:— | |||
3468 | msiexec.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0968A1E3A40D2582E7FD463BAEB59CD | der | |
MD5:DB78CBD190952735D940BC80AC2432C0 | SHA256:1A5174980A294A528A110726D5855650266C48D9883BEA692B67B6D726DA98C5 | |||
3260 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\~DF45F0438323D2D206.TMP | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3468 | msiexec.exe | GET | 200 | 91.199.212.52:80 | http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt | GB | der | 1.37 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3468 | msiexec.exe | 91.199.212.52:80 | crt.usertrust.com | Comodo CA Ltd | GB | suspicious |
Domain | IP | Reputation |
---|---|---|
crt.usertrust.com |
| whitelisted |