File name: | files.cab |
Full analysis: | https://app.any.run/tasks/2a3fd1fd-7c1e-4278-bb72-a310015364f3 |
Verdict: | Malicious activity |
Analysis date: | November 29, 2020, 10:51:11 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 64 bit) |
Indicators: | |
MIME: | application/vnd.ms-cab-compressed |
File info: | Microsoft Cabinet archive data, 473611 bytes, 42 files |
MD5: | 87FB33B0283C6D949B7F0EA16037B324 |
SHA1: | 175FD2D0F8140DBDF6F72E588B60EDBC09188BD8 |
SHA256: | C63876DD54C912A87450EE3344B215793794CB9AB1EDA264C7774A700BEAD70D |
SSDEEP: | 12288:JY69daSc4mGtteR0S84o2d1cuVRYR7gv23oW:KSNtsR+p2suc6vbW |
.cab | | | Microsoft Cabinet Archive (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1608 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\files.cab" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
1412 | "C:\Windows\system32\cmd.exe" | C:\Windows\system32\cmd.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1448 | "C:\Users\admin\Desktop\MountImg.exe" | C:\Users\admin\Desktop\MountImg.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Description: Mount new virtual disk Exit code: 0 | ||||
1396 | "C:\Users\admin\Desktop\MountImg.exe" /UAC 4 "C:\Users\admin\Desktop\MountImg.exe" | C:\Users\admin\Desktop\MountImg.exe | MountImg.exe | |
User: admin Integrity Level: HIGH Description: Mount new virtual disk Exit code: 0 | ||||
2448 | "C:\Users\admin\Desktop\ImDisk-Dlg.exe" | C:\Users\admin\Desktop\ImDisk-Dlg.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Description: ImDisk Exit code: 3221226540 | ||||
2312 | "C:\Users\admin\Desktop\ImDisk-Dlg.exe" | C:\Users\admin\Desktop\ImDisk-Dlg.exe | explorer.exe | |
User: admin Integrity Level: HIGH Description: ImDisk Exit code: 1 |
(PID) Process: | (1608) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (1608) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (1608) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\13B\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (1608) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\files.cab | |||
(PID) Process: | (1608) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (1608) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (1608) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (1608) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (1608) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop | |||
(PID) Process: | (1448) MountImg.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | ProxyBypass |
Value: 1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1608 | WinRAR.exe | C:\Users\admin\Desktop\DiscUtils.Core.dll | executable | |
MD5:813B770B73E9505B3EA3EB6D7D6CA7CF | SHA256:3A99CC01DF1D29707FEB851865E9C71374CB889130D1849599E0E90F9FCFA9AF | |||
1608 | WinRAR.exe | C:\Users\admin\Desktop\DiscUtils.Vhd.dll | executable | |
MD5:F9760CEBAA347078DB0B7AED6DC7FA87 | SHA256:DB7C1E2CB7A2EA47AEF69425850464FAD452BDF45F49AEA406F79BE14C596E40 | |||
1608 | WinRAR.exe | C:\Users\admin\Desktop\DiscUtils.Vmdk.dll | executable | |
MD5:1F7B5B9A40B4491B9444BAE6B9FF71CF | SHA256:5DA8D175424DD3C02777DD50AB68BFB9792F30FF507D141EA298814F18B36CB3 | |||
1608 | WinRAR.exe | C:\Users\admin\Desktop\DevioNet.dll | executable | |
MD5:CCAF972C81EE77B07FBDAC457AFCF690 | SHA256:501ADF028D9FA8CD874BB5B980358ADD57481D3BF547E68900E10EB10F37F80E | |||
1608 | WinRAR.exe | C:\Users\admin\Desktop\DiscUtils.Streams.dll | executable | |
MD5:E9B48528E79CC66F90A632CD8045B087 | SHA256:825F3939189EF0B432932328A58A77ABF3C3260D249087ED82ADC239A53521ED | |||
1608 | WinRAR.exe | C:\Users\admin\Desktop\DiscUtilsDevio.exe | executable | |
MD5:CE8CC14DCBD1424CC49DCEE1A20097DE | SHA256:9C380B67361EA80801DD47411F401B3EF9D56C75E2066FC60FBE9FB5662CB634 | |||
1608 | WinRAR.exe | C:\Users\admin\Desktop\MountImg.exe | executable | |
MD5:EFF14343FD898429EC7257E268D3A920 | SHA256:6BD7E8E7A87352202E0DCCE96833F8979F1EF792C048570022BA9BF7DFE44DA8 | |||
1608 | WinRAR.exe | C:\Users\admin\Desktop\DiscUtils.Vdi.dll | executable | |
MD5:5293E35B1F9F564CBF1516B3238A02D5 | SHA256:CFDF9420BEBD575B62F8F6ED303B0ADC46C012EF30537DCF02279A979149DC5B | |||
1608 | WinRAR.exe | C:\Users\admin\Desktop\DiscUtils.Dmg.dll | executable | |
MD5:5A0B891A67A4842629085E31290E82A4 | SHA256:7AA3EA9630EB6B6E6008F810D4D6C4478E8146C0AF11180855CC1B81CE26437E | |||
1608 | WinRAR.exe | C:\Users\admin\Desktop\DiscUtils.Vhdx.dll | executable | |
MD5:9FB3E1FC3999BB0B8949770F06BF8AEE | SHA256:F7AF7F93345B800C8C037200882CD6A926BB7BEB47423BB64A3104786B8D40B8 |