File name: | SLskC.7z |
Full analysis: | https://app.any.run/tasks/99692aa8-941e-4bb0-b79f-cc80bcf353b0 |
Verdict: | Malicious activity |
Analysis date: | May 30, 2020, 08:09:23 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-7z-compressed |
File info: | 7-zip archive data, version 0.4 |
MD5: | 9F97BAD35B8084440E655218C923A8B7 |
SHA1: | AFBA38FB39102652E78D74AC731BF754EEFE38BE |
SHA256: | CB11DE448907B2AA4D14243E6D36AA07AB1F46418C15F8229B2A0070AEA691AC |
SSDEEP: | 12288:lY3qg569F389C++ia10x8lI97Goc8JdTfhiUI/cRHmpkzpIKFtPjD:llF3hu26Tq+dThi505lJt/ |
.7z | | | 7-Zip compressed archive (v0.4) (57.1) |
---|---|---|
.7z | | | 7-Zip compressed archive (gen) (42.8) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2872 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\SLskC.7z" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3328 | "C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Desktop\SLskC.7z" C:\Users\admin\Desktop\SLskC\ | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
1624 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2188 | "C:\Windows\System32\fontview.exe" C:\Users\admin\Desktop\SLskC\Install Me!.ttf | C:\Windows\System32\fontview.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Font Viewer Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3408 | C:\Windows\system32\DllHost.exe /Processid:{642EF9D6-48A5-476B-919A-A507CFD02C0F} | C:\Windows\system32\DllHost.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: COM Surrogate Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3944 | "C:\Users\admin\Desktop\SLskC\TokenX.exe" | C:\Users\admin\Desktop\SLskC\TokenX.exe | — | explorer.exe |
User: admin Company: HP Inc. Integrity Level: MEDIUM Description: TokenX Version: 1.0.0.0 |
(PID) Process: | — | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | — | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | — | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | — | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E |
Operation: | write | Name: | @C:\Windows\system32\NetworkExplorer.dll,-1 |
Value: Network | |||
(PID) Process: | — | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop\SLskC.7z | |||
(PID) Process: | — | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | — | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | — | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | — | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | — | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E |
Operation: | write | Name: | @C:\Windows\system32\notepad.exe,-469 |
Value: Text Document |
PID | Process | Filename | Type | |
---|---|---|---|---|
3328 | WinRAR.exe | C:\Users\admin\Desktop\SLskC\Anarchy.dll | executable | |
MD5:4BB491A20C5BF97DDAB33EF7174D3355 | SHA256:8EDEE658943E3D9871E3F4CFF5C2301AC56078C22989315F82F8CAE70C4DE682 | |||
3328 | WinRAR.exe | C:\Users\admin\Desktop\SLskC\Cracked.to Authentication.dll | executable | |
MD5:1722E9B8A75163DA09D7B0443DAB0E0C | SHA256:F98AB8F3CB1E42DE9918629264D365BD37D2438C286076B06C6C4D882723B814 | |||
3328 | WinRAR.exe | C:\Users\admin\Desktop\SLskC\Install Me!.ttf | ttf | |
MD5:EAE9C18CEE82A8A1A52E654911F8FE83 | SHA256:B34CBB71D75B84EB4925F51E050249F65FB3E3550133ABA0A4C161C6820AEC82 | |||
3328 | WinRAR.exe | C:\Users\admin\Desktop\SLskC\websocket-sharp-with-proxy-support.dll | executable | |
MD5:70B6B4E92485D389D5E89F4A1871771D | SHA256:BF9A54934E94A76697E83299E87DEE14F87B85691D84D353D53E97107DB8C64F | |||
3328 | WinRAR.exe | C:\Users\admin\Desktop\SLskC\TokenX.exe | executable | |
MD5:F4BA474BCE00EF8E5B8B087B26315356 | SHA256:BABF0958F7B4085D2BDF1A2730017E24FEE16073B953F85DDA79F94551FF8F15 | |||
3328 | WinRAR.exe | C:\Users\admin\Desktop\SLskC\JMaterialTextbox.dll | executable | |
MD5:5CB1E472902EA4799AF42EAC0B4EB37A | SHA256:A82EB797A4191CB53AECD6C13A051D6B18DEE0BB90C70F221517AD05974329DA | |||
3328 | WinRAR.exe | C:\Users\admin\Desktop\SLskC\Read Me!.txt | text | |
MD5:24CD3A36798304044C5225BF0F11822E | SHA256:B3A0BFAFCAE7860394C53FDE3DAF02CB5E2A4BBDC05C25CF0E0550C4EDB3D619 | |||
3328 | WinRAR.exe | C:\Users\admin\Desktop\SLskC\Newtonsoft.Json.Schema.dll | executable | |
MD5:9C4CA74DF958F8CBEC953FE756245B73 | SHA256:D27E6413382FB31FA30D1AB95C956284C4F8B1C1834CF22B79A83C894F5A8DD0 | |||
3328 | WinRAR.exe | C:\Users\admin\Desktop\SLskC\Newtonsoft.Json.dll | executable | |
MD5:4DF6C8781E70C3A4912B5BE796E6D337 | SHA256:3598CCCAD5B535FEA6F93662107A4183BFD6167BF1D0F80260436093EDC2E3AF | |||
3408 | DllHost.exe | C:\Windows\Fonts\Install Me!.ttf | ttf | |
MD5:EAE9C18CEE82A8A1A52E654911F8FE83 | SHA256:B34CBB71D75B84EB4925F51E050249F65FB3E3550133ABA0A4C161C6820AEC82 |