URL: | http://put.nu/files/DtI0a01.rar |
Full analysis: | https://app.any.run/tasks/2f4422dd-0f53-4025-a073-e4068ce39d5e |
Verdict: | Malicious activity |
Analysis date: | July 12, 2020, 16:55:34 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 3C39D600F984792A1C9197B6A96928FA |
SHA1: | 14EC785B556D3A17A52EFA8E47053AD9FD2F50DA |
SHA256: | CCAAD1D75B234E6A4F31C729A1B0314194626CC21FB910EE072BACC9FA5FC474 |
SSDEEP: | 3:N1KOQRDzHsQX:COuDsQX |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
632 | "C:\Program Files\Internet Explorer\iexplore.exe" http://put.nu/files/DtI0a01.rar | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1888 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:632 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) Modules
| |||||||||||||||
1088 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\DtI0a01.rar" | C:\Program Files\WinRAR\WinRAR.exe | iexplore.exe | ||||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 Modules
| |||||||||||||||
532 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe | |||||||||||
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
1752 | "C:\Users\admin\Desktop\DtI0a01\Minecraft_Launcher.exe" | C:\Users\admin\Desktop\DtI0a01\Minecraft_Launcher.exe | explorer.exe | ||||||||||||
User: admin Company: Mojang Integrity Level: MEDIUM Description: Minecraft Launcher Exit code: 0 Version: 0.0.0.0 Modules
| |||||||||||||||
3584 | "C:\Windows\System32\arp.exe" -a | C:\Windows\System32\arp.exe | — | Minecraft_Launcher.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: TCP/IP Arp Command Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
3276 | "C:\Windows\System32\arp.exe" -a | C:\Windows\System32\arp.exe | — | Minecraft_Launcher.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: TCP/IP Arp Command Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
2336 | "C:\Windows\System32\arp.exe" -a | C:\Windows\System32\arp.exe | — | Minecraft_Launcher.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: TCP/IP Arp Command Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
1488 | "C:\Windows\System32\fontview.exe" C:\Users\admin\Desktop\DtI0a01\Oswald.ttf | C:\Windows\System32\fontview.exe | — | Minecraft_Launcher.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Font Viewer Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
3912 | C:\Windows\system32\DllHost.exe /Processid:{642EF9D6-48A5-476B-919A-A507CFD02C0F} | C:\Windows\system32\DllHost.exe | — | svchost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: COM Surrogate Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
632 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF385AB9CC75768B8F.TMP | — | |
MD5:— | SHA256:— | |||
632 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\DtI0a01.rar.db1w1g5.partial:Zone.Identifier | — | |
MD5:— | SHA256:— | |||
632 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Cab9E7F.tmp | — | |
MD5:— | SHA256:— | |||
632 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\Tar9E80.tmp | — | |
MD5:— | SHA256:— | |||
632 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\ver9EC0.tmp | — | |
MD5:— | SHA256:— | |||
1888 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MFAQUS6V\DtI0a01[1].rar | compressed | |
MD5:66D7CBEFCD108172C63135FFE803F326 | SHA256:48BC1DF9E4BCAFD69713486B31A47BFCA4B77B5C1C4F4A8B504F091132BB0832 | |||
1088 | WinRAR.exe | C:\Users\admin\Desktop\DtI0a01\Guna.UI2.dll | executable | |
MD5:E0874624E2C8613AFF1773ABD93CA790 | SHA256:21EF27B505AC4814DE4FFB73A40EA4F249E93A878F7BE6727F2FD776FBCF438F | |||
632 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\78RFYB7Z\DtI0a01.rar | compressed | |
MD5:66D7CBEFCD108172C63135FFE803F326 | SHA256:48BC1DF9E4BCAFD69713486B31A47BFCA4B77B5C1C4F4A8B504F091132BB0832 | |||
632 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{88D5E48B-C460-11EA-B03F-5254004A04AF}.dat | binary | |
MD5:AF5A71646974AC85A5C84C40F8ED8F00 | SHA256:6711EBFBA2CD17D3303DE931D9928CD1CFE0525EB4AD67CEE0533D66BA8D8BC1 | |||
1088 | WinRAR.exe | C:\Users\admin\Desktop\DtI0a01\Minecraft_Launcher.exe | executable | |
MD5:02FDAE46D73583AC61258648BDD15960 | SHA256:8FD3D2B21E92CCBA523981042EB7C5F4167CCE96B52DD4EA00B058C627842FC8 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1888 | iexplore.exe | GET | 200 | 52.70.201.25:80 | http://put.nu/files/DtI0a01.rar | US | compressed | 3.07 Mb | suspicious |
632 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
632 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
632 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 52.70.201.25:80 | put.nu | Amazon.com, Inc. | US | suspicious |
1888 | iexplore.exe | 52.70.201.25:80 | put.nu | Amazon.com, Inc. | US | suspicious |
1752 | Minecraft_Launcher.exe | 104.24.111.151:443 | api.auth.gg | Cloudflare Inc | US | shared |
1752 | Minecraft_Launcher.exe | 162.159.133.233:443 | cdn.discordapp.com | Cloudflare Inc | — | shared |
632 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
632 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
1568 | Minecraft_Launcher.exe | 104.24.111.151:443 | api.auth.gg | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
put.nu |
| suspicious |
api.auth.gg |
| whitelisted |
cdn.discordapp.com |
| shared |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |