File name: | NanoCore 1.2.2.0.zip |
Full analysis: | https://app.any.run/tasks/dcc31dce-2005-4c19-90ad-48fcf484f1bc |
Verdict: | Malicious activity |
Analysis date: | December 06, 2018, 06:54:56 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v1.0 to extract |
MD5: | 5D5F5BE6CD646E13F2396C898FAA9BCE |
SHA1: | F89558FBB24D21030B25C1DC693EF61CB41F0D43 |
SHA256: | CD9B3888CB65067D32581E84CA37F0CC205E4414DEE66EF9F6D10A15933D72CF |
SSDEEP: | 196608:QKXT4Mv59c0eUeCjAWkzT3nYLekAyzyu9:zTt80nzI06kAyzyw |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | NanoCore 1.2.2.0/ |
---|---|
ZipUncompressedSize: | - |
ZipCompressedSize: | - |
ZipCRC: | 0x00000000 |
ZipModifyDate: | 2018:11:17 21:20:26 |
ZipCompression: | None |
ZipBitFlag: | - |
ZipRequiredVersion: | 10 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3104 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\NanoCore 1.2.2.0.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2196 | "C:\Users\admin\Desktop\NanoCore 1.2.2.0\NanoCore.exe" | C:\Users\admin\Desktop\NanoCore 1.2.2.0\NanoCore.exe | explorer.exe | |
User: admin Integrity Level: HIGH Description: NanoCore Exit code: 0 Version: 1.2.2.0 | ||||
1596 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2312 | "C:\Users\admin\Desktop\NanoCore 1.2.2.0\PluginCompiler.exe" | C:\Users\admin\Desktop\NanoCore 1.2.2.0\PluginCompiler.exe | explorer.exe | |
User: admin Integrity Level: HIGH Description: Exit code: 0 Version: 1.2.0.0 | ||||
2996 | "C:\Program Files\Opera\opera.exe" | C:\Program Files\Opera\opera.exe | explorer.exe | |
User: admin Company: Opera Software Integrity Level: MEDIUM Description: Opera Internet Browser Exit code: 0 Version: 1748 | ||||
3496 | "C:\Program Files\Google\Chrome\Application\chrome.exe" | C:\Program Files\Google\Chrome\Application\chrome.exe | explorer.exe | |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Exit code: 3221225547 Version: 68.0.3440.106 | ||||
2204 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win32 --annotation=prod=Chrome --annotation=ver=68.0.3440.106 --initial-client-data=0x78,0x7c,0x80,0x74,0x84,0x6bac00b0,0x6bac00c0,0x6bac00cc | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 68.0.3440.106 | ||||
2180 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=watcher --main-thread-id=3308 --on-initialized-event-handle=304 --parent-handle=308 /prefetch:6 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: MEDIUM Description: Google Chrome Exit code: 0 Version: 68.0.3440.106 | ||||
2612 | "C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:1 | C:\Program Files\Windows Media Player\wmplayer.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Media Player Exit code: 0 Version: 12.0.7600.16385 (win7_rtm.090713-1255) | ||||
360 | "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=892,11979275594380805880,3727513952695735873,131072 --enable-features=PasswordImport --gpu-preferences=KAAAAAAAAACAAwBAAQAAAAAAAAAAAGAAEAAAAAAAAAAAAAAAAAAAACgAAAAEAAAAIAAAAAAAAAAoAAAAAAAAADAAAAAAAAAAOAAAAAAAAAAQAAAAAAAAAAAAAAAKAAAAEAAAAAAAAAAAAAAACwAAABAAAAAAAAAAAQAAAAoAAAAQAAAAAAAAAAEAAAALAAAA --service-request-channel-token=7CF0F13B866206B3C8B92897851EE9AF --mojo-platform-channel-handle=912 --ignored=" --type=renderer " /prefetch:2 | C:\Program Files\Google\Chrome\Application\chrome.exe | — | chrome.exe |
User: admin Company: Google Inc. Integrity Level: LOW Description: Google Chrome Exit code: 0 Version: 68.0.3440.106 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3104 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\builder.log | text | |
MD5:1EB5E804756D82ED0FB4846FB9E9C398 | SHA256:D36573F53F48163DE58905AE9B8B11A8DF28FDE6B687BA5272E55B2C586A1203 | |||
3104 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Exceptions\Server\1.2.2.0\daa8ff5112677ab959cf02d9c2f07392.log | text | |
MD5:DAA8FF5112677AB959CF02D9C2F07392 | SHA256:C9D7CC4DA53214DA02BBB4949EE975AF4A22065ACE57AD1407F9A15DD2E737FD | |||
3104 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Databases\main.sqlite | sqlite | |
MD5:BAE99297D96B524FB81FB96B76ABAA42 | SHA256:7C3C680B49C197DFBDEEDE96999E863F5654E3EAE51B6B3A01C8129B2E7201B1 | |||
3104 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Databases\network.sqlite | sqlite | |
MD5:A037725F54B0222F8A9A720C9BC7B606 | SHA256:D9FB6F22737445E3238AC5F39CF4C5747ECE33DB8A3D27F08A035A962BD3C2A7 | |||
3104 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Plugins\MiscTools.ncp | binary | |
MD5:78E3006FC6468EB7DFC7761072B84AC6 | SHA256:3A3A3B105EEFB45E3B70CC1592E484DF02DF7020D5154E8C2E5D7D439E295E46 | |||
3104 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Plugins\NanoCoreSwiss.ncp | binary | |
MD5:FCB5AFD01E75ACA8ED9FBD35A46E54F3 | SHA256:BF0386F6E9B4A35FEFE5FE917E2BE7C64867EFE24521F18E4567F8AF5F6DD5E5 | |||
3104 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\client.bin | executable | |
MD5:906A949E34472F99BA683EFF21907231 | SHA256:9D3EA5AF7DC261BF93C76F55D702A315AA22FB241E4207DC86CD834C262245C8 | |||
3104 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Plugins\ManagementPlugin.ncp | binary | |
MD5:B612C2C9A6D361A5DB14C04BA126119C | SHA256:B86FE4E126A9748A383A34D615B9598C715F2380C0AAD957495C66923902026C | |||
3104 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Plugins\AIO.ncp | binary | |
MD5:60C274CCB344DA9E3D77449F6068D253 | SHA256:0A59AAEE013C57F3B6190D683160D88CA1C5868565CBF5ACBB7B17D3E925C602 | |||
3104 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3104.32403\NanoCore 1.2.2.0\Plugins\CorePlugin.ncp | binary | |
MD5:7914E7302F72D330AA5F6C5C8C26DF43 | SHA256:F66985518B1E56A04F512D110F5B79F21ED91CBCBF6BD3E17EBA3DCDFB85F9B5 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2996 | opera.exe | GET | 200 | 66.225.197.197:80 | http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl | US | der | 543 b | whitelisted |
2996 | opera.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY%2Bsl%2Bj4yzQuAcL2oQno5fCgQUUWj%2FkK8CB3U8zNllZGKiErhZcjsCEAOXQPQlVpLtFek%2BmcpabOk%3D | US | der | 471 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2996 | opera.exe | 66.225.197.197:80 | crl4.digicert.com | CacheNetworks, Inc. | US | whitelisted |
3496 | chrome.exe | 216.58.215.238:443 | apis.google.com | Google Inc. | US | whitelisted |
3496 | chrome.exe | 216.58.215.234:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
3496 | chrome.exe | 172.217.168.10:443 | safebrowsing.googleapis.com | Google Inc. | US | whitelisted |
3496 | chrome.exe | 172.217.168.36:443 | www.google.com | Google Inc. | US | whitelisted |
2996 | opera.exe | 82.145.215.40:443 | certs.opera.com | Opera Software AS | — | whitelisted |
2996 | opera.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
3496 | chrome.exe | 172.217.168.3:443 | www.google.de | Google Inc. | US | whitelisted |
3496 | chrome.exe | 216.58.215.227:443 | clientservices.googleapis.com | Google Inc. | US | whitelisted |
3496 | chrome.exe | 216.58.215.237:443 | accounts.google.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
lazyshare.net |
| unknown |
clientservices.googleapis.com |
| whitelisted |
www.google.de |
| whitelisted |
safebrowsing.googleapis.com |
| whitelisted |
accounts.google.com |
| shared |
www.gstatic.com |
| whitelisted |
ssl.gstatic.com |
| whitelisted |
certs.opera.com |
| whitelisted |
crl4.digicert.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
Process | Message |
---|---|
NanoCore.exe | Trying to load native SQLite library "C:\Users\admin\Desktop\NanoCore 1.2.2.0\x86\SQLite.Interop.dll"...
|