File name: | HG-7546467.IMG |
Full analysis: | https://app.any.run/tasks/96eba4f6-36ac-4e0f-ac16-da326c441469 |
Verdict: | Malicious activity |
Analysis date: | July 12, 2020, 14:43:38 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-iso9660-image |
File info: | ISO 9660 CD-ROM filesystem data 'DESKTOP' (bootable) |
MD5: | 47C8E52F6A5EC3B7E1FC050F94888B00 |
SHA1: | 8AC0B91CC093923450544E0742C0D545D2155A70 |
SHA256: | CC9F12ABD22D7512DB0E8B74953E9B9762BFE4B6858282CAEA26368A38775566 |
SSDEEP: | 12288:xanIGRsR6avSWV1L8C3KH7KkCAumS54fCwEIkrHKvPwMuXuHix:rEs64SU1L8C3a3S5/HK3AMK |
.iso | | | ISO 9660 CD image (27.6) |
---|---|---|
.atn | | | Photoshop Action (27.1) |
.gmc | | | Game Music Creator Music (6.1) |
VolumeName: | DESKTOP |
---|---|
VolumeBlockCount: | 599 |
VolumeBlockSize: | 2048 |
RootDirectoryCreateDate: | 2020:05:25 10:35:20+01:00 |
VolumeSetName: | UNDEFINED |
Software: | IMGBURN V2.5.8.0 - THE ULTIMATE IMAGE BURNER! |
VolumeCreateDate: | 2020:05:25 10:35:20.00+01:00 |
VolumeModifyDate: | 2020:05:25 10:35:20.00+01:00 |
BootSystem: | EL TORITO SPECIFICATION |
VolumeSize: | 1198 kB |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1608 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\HG-7546467.IMG.iso" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3824 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa1608.36718\HG-754646.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa1608.36718\HG-754646.exe | WinRAR.exe | |
User: admin Integrity Level: MEDIUM Exit code: 2 | ||||
2876 | C:\Windows\system32\rundll32.exe CoffinWarweary,Sixpack | C:\Windows\system32\rundll32.exe | — | HG-754646.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3968 | "C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe" | C:\Windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe | rundll32.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: MSBuild.exe Version: 2.0.50727.5420 built by: Win7SP1 |
(PID) Process: | (1608) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (1608) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (1608) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (1608) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\12F\52C64B7E |
Operation: | write | Name: | @C:\Windows\system32\NetworkExplorer.dll,-1 |
Value: Network | |||
(PID) Process: | (1608) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\HG-7546467.IMG.iso | |||
(PID) Process: | (1608) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (1608) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (1608) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (1608) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (1608) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3824 | HG-754646.exe | C:\Users\admin\AppData\Local\Temp\cam\adminhelp\garbage\system-config-printer.appdata.xml | xml | |
MD5:6859A5DEAF4C7334693FAA3B3FB7FD58 | SHA256:ACF9BB7DCBCB1721D648692452830589AF4AE9F4F82615A6170429C78A4D959E | |||
1608 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa1608.36718\HG-754646.exe | executable | |
MD5:2804E1C69456DCA3F31FE2DE39AD329B | SHA256:9622908507FF3A40FE99ED3CF65F8A7628F17C011EA2A13C1F4573F8AC92CBD9 | |||
3824 | HG-754646.exe | C:\Users\admin\AppData\Local\Temp\cam\adminhelp\garbage\MicrosoftVsaVb.dll | executable | |
MD5:C7E1B994C3F732B1C8B4F08881AC4982 | SHA256:236FFE70834DBC7805BD717F610702AC78F1ABF22C3DE7827CCA00BD68C534CF | |||
3824 | HG-754646.exe | C:\Users\admin\AppData\Local\Temp\cam\adminhelp\garbage\MicrosoftVSDesignerUI.dll | executable | |
MD5:A93047DA478D7764F2A846E138989EE8 | SHA256:B6AEB0465115C0234EFAFA4CE5E5F666F14EFA59AEB82A2B1B0C20226C14EFAD | |||
3824 | HG-754646.exe | C:\Users\admin\AppData\Local\Temp\_baks\navSiteAdmin\pkcs12.xml | xml | |
MD5:B6EEABE4319F33E6486747AFB3655655 | SHA256:AB4FC9322DDC574804729E73CCDBD24F851155D2A9F2BB8A5FF2481A69AA9220 | |||
3824 | HG-754646.exe | C:\Users\admin\AppData\Local\Temp\_baks\navSiteAdmin\sqldbg.dll | executable | |
MD5:84845B78CF3D23C2F3B97DF129710C6B | SHA256:8A247053DAA5C45C4EF5B98703330A02A0991C0D52C2555808716C978E52A839 | |||
3824 | HG-754646.exe | C:\Users\admin\AppData\Local\Temp\cam\adminhelp\garbage\MicrosoftVsa.dll | executable | |
MD5:6E930243A0E7DCAEF6206B6278564457 | SHA256:C32B888DD5B400BC2CF3D5C31616502704824031009839E0DF4F01522FCF3789 | |||
3824 | HG-754646.exe | C:\Users\admin\AppData\Local\Temp\cam\adminhelp\garbage\remmina-mime.xml | xml | |
MD5:DD19C66E8612B2BE90629D787A135DC8 | SHA256:6A0D305CA60296A2C78AE3B519EDA6CE45F540872B45EB0E55675E1955268A4E | |||
3824 | HG-754646.exe | C:\Users\admin\AppData\Local\Temp\cam\adminhelp\garbage\pkcs7-mime.xml | xml | |
MD5:E458F30DA6C61D7F9AC738FDE9B7E0B0 | SHA256:03CDD7C4B92201025413C4A7A7BE99158E32D1E630A1AB78062AFCE8021EA95A | |||
3824 | HG-754646.exe | C:\Users\admin\AppData\Local\Temp\cam\adminhelp\garbage\x-opus+ogg.xml | xml | |
MD5:BB591755DC5608D46A051D615373A4AC | SHA256:C0739B2C916B138498295A5AF105E0FC1A3081EFECF5091FE40B7347B1BCD0D3 |
Domain | IP | Reputation |
---|---|---|
smtp.oamedie.ru |
| unknown |