File name: | Nueva carpeta.7z |
Full analysis: | https://app.any.run/tasks/50fa4319-a2ae-4f1c-87a6-3dc18a2f800e |
Verdict: | Malicious activity |
Analysis date: | October 04, 2022, 22:43:19 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-7z-compressed |
File info: | 7-zip archive data, version 0.4 |
MD5: | 4A9E7B4A11FC5DC1D977A1E0B194706F |
SHA1: | 995EC8F6EEE0BBB7B17EDD5ACFF717498A43FD06 |
SHA256: | C710223BFCA39FD10E42DB6404C6A8A2EADA5007B609E42F2E042B85E3BB2D90 |
SSDEEP: | 1536:vB1ARw/AMEehkPX6bhufGURoUYzhBOmCf6/Hlf3YULTHAJh51CRp:viwVDpVueu/NmCyvVwhzCRp |
.7z | | | 7-Zip compressed archive (v0.4) (57.1) |
---|---|---|
.7z | | | 7-Zip compressed archive (gen) (42.8) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3068 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Nueva carpeta.7z" | C:\Program Files\WinRAR\WinRAR.exe | — | Explorer.EXE |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
1968 | "C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver "-an=C:\Users\admin\Desktop\69F3ED90441B6F99D70551FF2D31D701.zip" -- "C:\Users\admin\Desktop\E0B6A2D1E460EA4AD4D48FA3FEF7E143.zip" "?\" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
3836 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\system32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211) | ||||
912 | C:\Windows\Explorer.EXE | C:\Windows\Explorer.EXE | — | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1324 | "C:\Users\admin\Desktop\Desktop\regasm.exe\regasm.exe" | C:\Users\admin\Desktop\Desktop\regasm.exe\regasm.exe | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft .NET Assembly Registration Utility Exit code: 0 Version: 4.6.76.2 built by: NETFXREL2 | ||||
3140 | "C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\admin\Desktop\Desktop\regasm.exe\pluginscontract.dll | C:\Windows\system32\rundll32.exe | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1968 | WinRAR.exe | C:\Users\admin\Desktop\Desktop\regasm.exe\regasm.exe | executable | |
MD5:15BFFAAD72804D35E27BE0248902B66A | SHA256:00271881346E8C7FCF324686631894B977CF0F43A26A2FED8554B9B604A0BD5D | |||
912 | Explorer.EXE | C:\Users\admin\Desktop\69F3ED90441B6F99D70551FF2D31D701.zip | compressed | |
MD5:612042E0364A2B1B60EFDF2DFE928900 | SHA256:8B518AF1B2BFC341C426662AE211D03D094ADF0915BF234E19C34EB9C605BA22 | |||
3068 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3068.6904\Nueva carpeta\69F3ED90441B6F99D70551FF2D31D701.zip | compressed | |
MD5:612042E0364A2B1B60EFDF2DFE928900 | SHA256:8B518AF1B2BFC341C426662AE211D03D094ADF0915BF234E19C34EB9C605BA22 | |||
1968 | WinRAR.exe | C:\Users\admin\Desktop\Desktop\details.json | binary | |
MD5:1E73DF1B3E4BF1B01F803AAC4F20462A | SHA256:88A342BEC906696336A5A9DC795F8EFCAAEA9F4DF0BBF360368B578C0C8D2E9B | |||
1968 | WinRAR.exe | C:\Users\admin\Desktop\Desktop\pluginscontract.dll\pluginscontract.dll | executable | |
MD5:A9EDBAC58A39839985012B603FC5237A | SHA256:0C4EFA118678953E84BE5B636376E1C7B5D0CB115CABEE5A41C9AED27FE45833 | |||
912 | Explorer.EXE | C:\Users\admin\Desktop\Desktop\regasm.exe\pluginscontract.dll | executable | |
MD5:A9EDBAC58A39839985012B603FC5237A | SHA256:0C4EFA118678953E84BE5B636376E1C7B5D0CB115CABEE5A41C9AED27FE45833 | |||
912 | Explorer.EXE | C:\Users\admin\Desktop\E0B6A2D1E460EA4AD4D48FA3FEF7E143.zip | compressed | |
MD5:9CC7AC582BDC8FCF4CB8AC992E1148BF | SHA256:081D60C546B21F73D8CAF531EA4A8FB5DBE774675CE027DB8CF53475958CEA06 | |||
3068 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3068.6904\Nueva carpeta\E0B6A2D1E460EA4AD4D48FA3FEF7E143.zip | compressed | |
MD5:9CC7AC582BDC8FCF4CB8AC992E1148BF | SHA256:081D60C546B21F73D8CAF531EA4A8FB5DBE774675CE027DB8CF53475958CEA06 | |||
912 | Explorer.EXE | C:\Users\admin\Desktop\pluginscontract.dll | executable | |
MD5:A9EDBAC58A39839985012B603FC5237A | SHA256:0C4EFA118678953E84BE5B636376E1C7B5D0CB115CABEE5A41C9AED27FE45833 |