File name: | any run.zip |
Full analysis: | https://app.any.run/tasks/74d036fb-32c3-4448-9587-016eaa377ea4 |
Verdict: | Malicious activity |
Analysis date: | May 20, 2022, 22:21:10 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | D5580C9560F5FF87A09FC6100654D4E4 |
SHA1: | 5F42337E5F30A7D73546BFBB399453D2328E5A8D |
SHA256: | C33C4CC5639886BFF516F52872C773EC9D7D15B6CAAE3530753A0458B334C60B |
SSDEEP: | 196608:XH/djrRJhxwSAGm7eGfp4mFWjsa0e1y8ky+q:XVvfH2lpbafT+q |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | aramaware.exe |
---|---|
ZipUncompressedSize: | 616717 |
ZipCompressedSize: | 186036 |
ZipCRC: | 0x75455c4d |
ZipModifyDate: | 2022:05:12 13:09:21 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3068 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\any run.zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
4052 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3068.44292\Losinium.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3068.44292\Losinium.exe | — | WinRAR.exe |
User: admin Integrity Level: MEDIUM Exit code: 3221226540 | ||||
2332 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3068.44344\Losinium.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3068.44344\Losinium.exe | — | WinRAR.exe |
User: admin Integrity Level: MEDIUM Exit code: 3221226540 | ||||
2848 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3068.44292\Losinium.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3068.44292\Losinium.exe | WinRAR.exe | |
User: admin Integrity Level: HIGH | ||||
2860 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3068.44344\Losinium.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3068.44344\Losinium.exe | WinRAR.exe | |
User: admin Integrity Level: HIGH | ||||
2340 | "C:\Users\admin\Desktop\Mythlas.exe" | C:\Users\admin\Desktop\Mythlas.exe | — | Explorer.EXE |
User: admin Integrity Level: MEDIUM |
PID | Process | Filename | Type | |
---|---|---|---|---|
3068 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3068.44344\quantizer.exe | executable | |
MD5:1458480CF8803569195F934D47AC7481 | SHA256:68D528F9AC891E920449188198A233B71B2860838AF4FB970B9966F941CE82CA | |||
3068 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3068.44292\quantizer.exe | executable | |
MD5:1458480CF8803569195F934D47AC7481 | SHA256:68D528F9AC891E920449188198A233B71B2860838AF4FB970B9966F941CE82CA | |||
3068 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3068.44292\Mythlas.exe | executable | |
MD5:1BCCDB1CBBDB299F4053DBAB4236DADC | SHA256:E65C793A31137AE75A6F30AE2933BD7CAE74FCD4330B6C8770C14466BC3A878F | |||
3068 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3068.44344\aramaware.exe | executable | |
MD5:3ACDCDEE17825753CACC8DFD414E57D3 | SHA256:82BB1809904786AFC0C13ABEC22A48B320581EC913BF5BBDDDD02FCE05EF77E8 | |||
3068 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3068.44292\Phsyletric.exe | executable | |
MD5:4DB23CF50F64A83759DB9DF6AD222D65 | SHA256:465F8BF12FE8FC53C9EF45E498B5F9D95B783C61096147BBC09182F6D19DD129 | |||
3068 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3068.44292\Sclerosis.exe | executable | |
MD5:1AD7F52A5B59C3D3F7FBA2F72ECE6FF1 | SHA256:D76F8F1C1B52D353712AD0A74808EBB8B13F513E89C5A58803211CDCB3EDCFD0 | |||
3068 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3068.44344\Sclerosis.exe | executable | |
MD5:1AD7F52A5B59C3D3F7FBA2F72ECE6FF1 | SHA256:D76F8F1C1B52D353712AD0A74808EBB8B13F513E89C5A58803211CDCB3EDCFD0 | |||
3068 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3068.44344\Losinium.exe | executable | |
MD5:3FAD30EF9BBB47488E86DEFA0F81ACAB | SHA256:69D2AD4DDD61C4B2E6FF350FD87B61DB5DE36218626812E69C4289DE5782CD0C | |||
3068 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3068.44783\Mythlas.exe | executable | |
MD5:1BCCDB1CBBDB299F4053DBAB4236DADC | SHA256:E65C793A31137AE75A6F30AE2933BD7CAE74FCD4330B6C8770C14466BC3A878F | |||
3068 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3068.44292\aramaware.exe | executable | |
MD5:3ACDCDEE17825753CACC8DFD414E57D3 | SHA256:82BB1809904786AFC0C13ABEC22A48B320581EC913BF5BBDDDD02FCE05EF77E8 |