File name: | ee947b7f12b3d58f07df70640d1f8a3d75874cc04ac207f740d1a33031d54003.bin.gz |
Full analysis: | https://app.any.run/tasks/205351f1-ecc3-4a9a-8636-18c2e49039ef |
Verdict: | Malicious activity |
Analysis date: | July 17, 2019, 09:31:39 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/gzip |
File info: | gzip compressed data, max compression, from Unix |
MD5: | 160A83C561A5E893D55122993678FC72 |
SHA1: | E9C61D00C7BF4E51B074873F6DA7B356E4D5FE2C |
SHA256: | C80D5DA53E8DD0022B44B735F0C09BE5E624B991621A39236A84F333DC70F300 |
SSDEEP: | 49152:GWufxo7Fn/RYgGr3Dd+Cm0qoahNYixEjk+E:GWu5WF/0bENYixqVE |
.z/gz/gzip | | | GZipped data (100) |
---|
OperatingSystem: | Unix |
---|---|
ExtraFlags: | Maximum Compression |
ModifyDate: | 0000:00:00 00:00:00 |
Flags: | (none) |
Compression: | Deflated |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3088 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\ee947b7f12b3d58f07df70640d1f8a3d75874cc04ac207f740d1a33031d54003.bin.gz.z" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2684 | "C:\Users\admin\Desktop\ee947b7f12b3d58f07df70640d1f8a3d75874cc04ac207f740d1a33031d54003.bin.exe" | C:\Users\admin\Desktop\ee947b7f12b3d58f07df70640d1f8a3d75874cc04ac207f740d1a33031d54003.bin.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Exit code: 3221226540 Version: 1.0.0.0 | ||||
2888 | "C:\Users\admin\Desktop\ee947b7f12b3d58f07df70640d1f8a3d75874cc04ac207f740d1a33031d54003.bin.exe" | C:\Users\admin\Desktop\ee947b7f12b3d58f07df70640d1f8a3d75874cc04ac207f740d1a33031d54003.bin.exe | explorer.exe | |
User: admin Integrity Level: HIGH Version: 1.0.0.0 | ||||
2576 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe8_ Global\UsGthrCtrlFltPipeMssGthrPipe8 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\system32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) |
(PID) Process: | (3088) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (3088) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (3088) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (3088) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop\ee947b7f12b3d58f07df70640d1f8a3d75874cc04ac207f740d1a33031d54003.bin.gz.z | |||
(PID) Process: | (3088) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (3088) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (3088) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (3088) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3088 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3088.43591\ee947b7f12b3d58f07df70640d1f8a3d75874cc04ac207f740d1a33031d54003.bin.gz | — | |
MD5:— | SHA256:— | |||
2888 | ee947b7f12b3d58f07df70640d1f8a3d75874cc04ac207f740d1a33031d54003.bin.exe | C:\Users\admin\AppData\Local\Temp\DevID\tools\infinst.x64.exe | executable | |
MD5:E98B260E1B6063FDFE4F6CB749EE48C4 | SHA256:561E9CDF1609C13023DD3007CB0658F5C3CCF1C9BF1FFD67B4E943D80B6DBC09 | |||
2888 | ee947b7f12b3d58f07df70640d1f8a3d75874cc04ac207f740d1a33031d54003.bin.exe | C:\Users\admin\AppData\Local\Temp\DevID\tools.7z | compressed | |
MD5:231EA994A841D5FAF98F4F30FE831864 | SHA256:1FD549AAC9192066B5EB33F8BC2358D8B67849060BCC393745F164553C2E2FF4 | |||
2888 | ee947b7f12b3d58f07df70640d1f8a3d75874cc04ac207f740d1a33031d54003.bin.exe | C:\Users\admin\AppData\Local\Temp\DevID\tools\infinst.exe | executable | |
MD5:564B69B9DCEB878BE75E5C71920085AF | SHA256:215A1778D06B0820D06163343E6D41F56E317F39515768B95ACB15410F74B044 | |||
2888 | ee947b7f12b3d58f07df70640d1f8a3d75874cc04ac207f740d1a33031d54003.bin.exe | C:\Users\admin\AppData\Local\Temp\DevID\data.7z | compressed | |
MD5:662D9CBD47F0FC7F222B68F527C59B62 | SHA256:8EC09DE37CF694104595C1C5ABA354E0C0F53F8E02F5CEA630E94E3B72073BA4 | |||
2888 | ee947b7f12b3d58f07df70640d1f8a3d75874cc04ac207f740d1a33031d54003.bin.exe | C:\Users\admin\AppData\Local\Temp\DevID\tools\winxp\x86\devcon.exe | executable | |
MD5:C4B470269324517EE838789C7CF5E606 | SHA256:5F9B898315AD8192E87E21A499FD87D31B886513BB39D368476174AAA89A2BF9 | |||
2888 | ee947b7f12b3d58f07df70640d1f8a3d75874cc04ac207f740d1a33031d54003.bin.exe | C:\Users\admin\Desktop\7z.dll | executable | |
MD5:CA41D56630191E61565A343C59695CA1 | SHA256:6C80E3F49FCF561E6A0B52F9B4C81D1D07B22085F7864EE4CFD30DD10F6B3B12 | |||
2888 | ee947b7f12b3d58f07df70640d1f8a3d75874cc04ac207f740d1a33031d54003.bin.exe | C:\Users\admin\AppData\Local\Temp\DevID\tools\winxp\x64\devcon.exe | executable | |
MD5:3904D0698962E09DA946046020CBCB17 | SHA256:A51E25ACC489948B31B1384E1DC29518D19B421D6BC0CED90587128899275289 | |||
2888 | ee947b7f12b3d58f07df70640d1f8a3d75874cc04ac207f740d1a33031d54003.bin.exe | C:\Users\admin\AppData\Local\Temp\DevID\tools\win7-10\x86\devcon.exe | executable | |
MD5:B141565B508C89FE8DC30B009EC2EFDA | SHA256:B6736028D4957A1DC385A3BE3C59F2578CF4F5E57E6976EE6EE705E407AB811F | |||
2888 | ee947b7f12b3d58f07df70640d1f8a3d75874cc04ac207f740d1a33031d54003.bin.exe | C:\Users\admin\AppData\Local\Temp\DevID\tools\win7-10\x64\devcon.exe | executable | |
MD5:530DEDEFF00322BE5F5A0FBF341DB2CA | SHA256:97CFF42F8C0FE4FBDF991273159516BF78090625A933C3983EBD6F62284E329A |