File name: | raid_tool - alphascript.zip |
Full analysis: | https://app.any.run/tasks/e4ef888d-e2d8-41c2-ab89-c6957167a9d3 |
Verdict: | Malicious activity |
Analysis date: | October 20, 2020, 04:03:07 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 28440286BCCC4CDA9AFF930C0DF80373 |
SHA1: | 21C724681ADB18974894433B494CF0D3D212854B |
SHA256: | C7DA9A493534C075BB8C3D805F9D5FFA439D58EB6F8D11D575C9501E1DBC34D2 |
SSDEEP: | 196608:egzE5VUziCh92ESzIYsbO1m8v26jrkNDRHcthJZ409aXKNdSF88C0YwAfcjrZIVK:dz/0nzIfi1m8u6QHcthbtE2V0Y9kxjGM |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | Deflated |
ZipModifyDate: | 2020:07:22 17:41:08 |
ZipCRC: | 0x3365e02f |
ZipCompressedSize: | 11572330 |
ZipUncompressedSize: | 12028416 |
ZipFileName: | raid_tool.exe |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2224 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\raid_tool - alphascript.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2900 | "C:\Users\admin\Desktop\raid_tool.exe" | C:\Users\admin\Desktop\raid_tool.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM | ||||
3592 | "C:\Users\admin\Desktop\raid_tool.exe" | C:\Users\admin\Desktop\raid_tool.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Exit code: 3221225786 | ||||
4004 | "C:\Users\admin\Desktop\raid_tool.exe" | C:\Users\admin\Desktop\raid_tool.exe | — | raid_tool.exe |
User: admin Integrity Level: MEDIUM | ||||
3432 | "C:\Users\admin\Desktop\raid_tool.exe" | C:\Users\admin\Desktop\raid_tool.exe | — | raid_tool.exe |
User: admin Integrity Level: MEDIUM Exit code: 3221225786 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2224 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2224.44903\raid_tool.exe | — | |
MD5:— | SHA256:— | |||
2900 | raid_tool.exe | C:\Users\admin\AppData\Local\Temp\_MEI29002\_decimal.pyd | executable | |
MD5:8601C853146A4BE85238A57C9FD56865 | SHA256:2A57023D4F355E3857187C02577FA4641A4D1DFF195196B3C33B90322EDF9FD4 | |||
2900 | raid_tool.exe | C:\Users\admin\AppData\Local\Temp\_MEI29002\_bz2.pyd | executable | |
MD5:0F75C236C4CCFEA1B16F132F6C139236 | SHA256:5DC26DCBF58CC7F5BFDEC0BADD5240D6724DB3E34010AAF35A31876FE4057158 | |||
2900 | raid_tool.exe | C:\Users\admin\AppData\Local\Temp\_MEI29002\_multiprocessing.pyd | executable | |
MD5:8901E96BB7A8EEAD994AF2BDF54A2447 | SHA256:823A96F080A3424F4C5327CF61FF517723E19A69679EBE93EA97061063D8D593 | |||
2900 | raid_tool.exe | C:\Users\admin\AppData\Local\Temp\_MEI29002\_cffi_backend.cp38-win32.pyd | executable | |
MD5:012DB6C90D38DB71D0647659217CA286 | SHA256:4207E3276411F75A6680EAE28D7D5ED7F6CAD946B1DE7B724440F44593267414 | |||
2900 | raid_tool.exe | C:\Users\admin\AppData\Local\Temp\_MEI29002\_lzma.pyd | executable | |
MD5:54F12E2385A77D825AE4D41A4AC515FE | SHA256:08DE18FBA635822F3BB89C9429F175E3680B7261546430BA9E2ED09BB31F5218 | |||
2900 | raid_tool.exe | C:\Users\admin\AppData\Local\Temp\_MEI29002\_hashlib.pyd | executable | |
MD5:05362ADD80824B06014645A7951337D8 | SHA256:20B3A3D3350B3D4D57911ECFDB15F77512A6E73C3BF72B410724F81C79A5B1AF | |||
2900 | raid_tool.exe | C:\Users\admin\AppData\Local\Temp\_MEI29002\_testcapi.pyd | executable | |
MD5:F33981092BFAE8CABF404AAB0199A979 | SHA256:5796A1D619CE13CC90B1E6EBFDDC374BE33EDBC1B3D9CB562DDD05007D6C845E | |||
2900 | raid_tool.exe | C:\Users\admin\AppData\Local\Temp\_MEI29002\_socket.pyd | executable | |
MD5:CEA329CE0935E99A8BC01070F07FEFAF | SHA256:D1A4D66C557C2FE7DC441614CA62E67F37EC44BEF5A762BAC41BAC15D491A930 | |||
2900 | raid_tool.exe | C:\Users\admin\AppData\Local\Temp\_MEI29002\VCRUNTIME140.dll | executable | |
MD5:4C360F78DE1F5BAAA5F110E65FAC94B4 | SHA256:AD1B0992B890BFE88EF52D0A830873ACC0AECC9BD6E4FC22397DBCCF4D2B4E37 |