File name: | Re-Loader_2.2.E_M_A.zip |
Full analysis: | https://app.any.run/tasks/0cffe8ac-a943-45e1-a475-8d6a336f0667 |
Verdict: | Malicious activity |
Analysis date: | May 21, 2022, 10:35:53 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 4AD97213F92C5A65F64DA72B5A168A53 |
SHA1: | 2ED8A07092F476155ECFDF6962CD70F772794F99 |
SHA256: | CB7A1E88EBEEF643537CA8ACEDFF68F8EA5BE7802A7768813B4D2EACBC4B5368 |
SSDEEP: | 24576:wEK6GoKe1iMRwQAp/U3seqXs+fqtWg0UspguYR2lnTnrUGh1OGo:lZKewMRwQ3pqDfqQgFuo2xTRhBo |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | SetupComplete.cmd |
---|---|
ZipUncompressedSize: | 331 |
ZipCompressedSize: | 176 |
ZipCRC: | 0xcc3b0923 |
ZipModifyDate: | 2015:03:10 14:28:20 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2932 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Re-Loader_2.2.E_M_A.zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
2464 | "C:\Users\admin\Desktop\[email protected]" | C:\Users\admin\Desktop\[email protected] | — | Explorer.EXE |
User: admin Integrity Level: MEDIUM Description: Activator Exit code: 3221226540 Version: 2.2.3.0 | ||||
3080 | "C:\Users\admin\Desktop\[email protected]" | C:\Users\admin\Desktop\[email protected] | Explorer.EXE | |
User: admin Integrity Level: HIGH Description: Activator Version: 2.2.3.0 | ||||
3192 | C:\Windows\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801} | C:\Windows\system32\DllHost.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: COM Surrogate Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2876 | C:\Windows\system32\vssvc.exe | C:\Windows\system32\vssvc.exe | — | services.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft® Volume Shadow Copy Service Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2684 | "C:\Users\admin\AppData\Local\Temp\Re-Loader\OEM\brset.exe" /nt60 SYS /force | C:\Users\admin\AppData\Local\Temp\Re-Loader\OEM\brset.exe | — | [email protected] |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Boot Sector Manipulation Tool Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3980 | "C:\Users\admin\AppData\Local\Temp\Re-Loader\OEM\bootsect.exe" /nt52 SYS /force | C:\Users\admin\AppData\Local\Temp\Re-Loader\OEM\bootsect.exe | — | [email protected] |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Boot Sector Manipulation Tool Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3192 | DllHost.exe | C:\System Volume Information\SPP\metadata-2 | — | |
MD5:— | SHA256:— | |||
2684 | brset.exe | \Device\HarddiskVolume1 | — | |
MD5:— | SHA256:— | |||
3980 | bootsect.exe | \Device\HarddiskVolume1 | — | |
MD5:— | SHA256:— | |||
2932 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2932.1971\Readme\Lisezmoi.txt | text | |
MD5:E2C6426E8F78CF30F14D93968A90CF7F | SHA256:E08EA033BF758F3F9601D6AA2D23ACA55EE307473B42DB9A63367597C048D07A | |||
3192 | DllHost.exe | C:\System Volume Information\SPP\snapshot-2 | binary | |
MD5:03E0D7F9CD3F9B8122B16CF4B5658C9D | SHA256:C1F2C3A87822C61FDEE077276C7661593376B0EDFD30C3E9CD0049EC8E7E55A8 | |||
3080 | [email protected] | C:\Users\admin\AppData\Local\Temp\Re-Loader\OEM\bootsect.exe | executable | |
MD5:F2900E7CBF0390EDBDD014CBCDD26459 | SHA256:930BE9B567B1C0710819EE95AA388640D617E503EE868332B3C24A1652C66AA9 | |||
2932 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2932.1971\Readme\自述.txt | text | |
MD5:932390B97A626CFFCAC17E821CCE1013 | SHA256:3616FFEA81B4193A3C4A78CF25659F6B7AEC9AD57CBA5D6BEE6EE7133D828D53 | |||
2932 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2932.1971\Readme\Readme.txt | text | |
MD5:963F908CE0ED3D8EB251F2205F91139F | SHA256:46AFEE6C920CE80769A0C845CDCB4B4E2F571E0E238FA6087A14BC71171E7F06 | |||
2932 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2932.1971\[email protected] | executable | |
MD5:3C8289913E7994117532856CAEE1C06C | SHA256:391C989D2103DD488D9D4C2C8E1776BC6264F613656BB5BEBCD7722DB22160E7 | |||
3080 | [email protected] | C:\Users\admin\AppData\Local\Temp\Re-Loader\OEM\SLIC\W5GWW | binary | |
MD5:49864D91EDA705BB680AF048D74AD0A5 | SHA256:730DF9B3FFB7D69476D81EF8A20D4F845797B0344233F9C49EB962A378F7518C |