File name: | 1C - плaтежноe пopучeнние №34729636725 - 2019.rar |
Full analysis: | https://app.any.run/tasks/7d109d2c-b998-44a5-b3dd-7f5445bfa3f7 |
Verdict: | Malicious activity |
Analysis date: | July 18, 2019, 08:49:31 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, flags: EncryptedBlockHeader |
MD5: | A2181138EEEC6D9AFB066F1BB325CA01 |
SHA1: | 37D2EA8FBECA59207AFEEB751439D7195F1F0B5E |
SHA256: | CE0A72B4A1A6E4F4BBB0EAFCE37932F90AC3642DD2B28E26CA4A88079DE8C0FF |
SSDEEP: | 24576:BsFQ5kUFvn7k5jWbMU4XrIUAlZF7UAmgUMBp3nEHqNHoAZFr:VVKjWbMxrJAlzwAmkEKNIAr |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3300 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\1C - плaтежноe пopучeнние №34729636725 - 2019.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3596 | "C:\Users\admin\Desktop\1C - плaтежноe пopучeнние №34729636725 - 2019.scr" /S | C:\Users\admin\Desktop\1C - плaтежноe пopучeнние №34729636725 - 2019.scr | — | explorer.exe |
User: admin Company: 73443316.523404.8564521 Integrity Level: MEDIUM Description: 128.7502.94331.2341 4643220.234259.2342341.234236 Installati Exit code: 3221226540 Version: 4643220.234259.23423 | ||||
3808 | "C:\Users\admin\Desktop\1C - плaтежноe пopучeнние №34729636725 - 2019.scr" /S | C:\Users\admin\Desktop\1C - плaтежноe пopучeнние №34729636725 - 2019.scr | explorer.exe | |
User: admin Company: 73443316.523404.8564521 Integrity Level: HIGH Description: 128.7502.94331.2341 4643220.234259.2342341.234236 Installati Exit code: 0 Version: 4643220.234259.23423 | ||||
2044 | "C:\Program Files\Notepad++\notepad++.exe" "C:\Users\admin\Desktop\1C - плaтежноe пopучeнние №34729636725 - 2019.scr" | C:\Program Files\Notepad++\notepad++.exe | explorer.exe | |
User: admin Company: Don HO [email protected] Integrity Level: MEDIUM Description: Notepad++ : a free (GNU) source code editor Exit code: 0 Version: 7.51 | ||||
3616 | "C:\Program Files\Notepad++\updater\gup.exe" -v7.51 | C:\Program Files\Notepad++\updater\gup.exe | notepad++.exe | |
User: admin Company: Don HO [email protected] Integrity Level: MEDIUM Description: GUP : a free (LGPL) Generic Updater Exit code: 0 Version: 4.1 | ||||
2684 | "C:\Users\admin\Desktop\1C - плaтежноe пopучeнние №34729636725 - 2019.scr" /S | C:\Users\admin\Desktop\1C - плaтежноe пopучeнние №34729636725 - 2019.scr | — | explorer.exe |
User: admin Company: 73443316.523404.8564521 Integrity Level: MEDIUM Description: 128.7502.94331.2341 4643220.234259.2342341.234236 Installati Exit code: 3221226540 Version: 4643220.234259.23423 | ||||
3424 | "C:\Users\admin\Desktop\1C - плaтежноe пopучeнние №34729636725 - 2019.scr" /S | C:\Users\admin\Desktop\1C - плaтежноe пopучeнние №34729636725 - 2019.scr | explorer.exe | |
User: admin Company: 73443316.523404.8564521 Integrity Level: HIGH Description: 128.7502.94331.2341 4643220.234259.2342341.234236 Installati Exit code: 0 Version: 4643220.234259.23423 |
(PID) Process: | (3300) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (3300) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (3300) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (3300) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface |
Operation: | write | Name: | ShowPassword |
Value: 0 | |||
(PID) Process: | (3300) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\1C - плaтежноe пopучeнние №34729636725 - 2019.rar | |||
(PID) Process: | (3300) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (3300) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (3300) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (3300) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (3300) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\70\52C64B7E |
Operation: | write | Name: | @shell32,-10162 |
Value: Screen saver |
PID | Process | Filename | Type | |
---|---|---|---|---|
2044 | notepad++.exe | C:\Users\admin\AppData\Roaming\Notepad++\session.xml | text | |
MD5:379E9468394B48FADF836881E0C48970 | SHA256:AAD5CFDF4542D34CCD50E832CD334A096672544D4D846B645C6A6CFFB1F04A13 | |||
3300 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3300.31223\1C - плaтежноe пopучeнние №34729636725 - 2019.scr | executable | |
MD5:ED8029C038BAD9583DDE1D113D0F1FDD | SHA256:CDDE95F4DA79994A9613B0901350A4B8C6148B437CCE9F8BD395E3CD79C05ADF | |||
2044 | notepad++.exe | C:\Users\admin\AppData\Roaming\Notepad++\backup\1C - плaтежноe пopучeнние №34729636725 - 2019.scr@2019-07-18_095145 | executable | |
MD5:C1AEA156E13D7DE4E3F208CD499CAEB2 | SHA256:9244B1DFB30EFB4A51F6C0118A3DDA826368E62BC79D7A30029DD91F2902BC82 | |||
2044 | notepad++.exe | C:\Users\admin\AppData\Roaming\Notepad++\config.xml | xml | |
MD5:411C9D3CA2805DF6B6EAD9F33C028ABB | SHA256:55659CF0494B7DD78126A5B55836604C52D890CFA2F86FD71ADC0A542A9E7914 | |||
2044 | notepad++.exe | C:\Users\admin\AppData\Roaming\Notepad++\plugins\Config\converter.ini | text | |
MD5:F70F579156C93B097E656CABA577A5C9 | SHA256:B926498A19CA95DC28964B7336E5847107DD3C0F52C85195C135D9DD6CA402D4 | |||
2044 | notepad++.exe | C:\Users\admin\AppData\Roaming\Notepad++\stylers.xml | xml | |
MD5:44982E1D48434C0AB3E8277E322DD1E4 | SHA256:3E661D3F1FF3977B022A0ACC26B840B5E57D600BC03DCFC6BEFDB408C665904C | |||
2044 | notepad++.exe | C:\Users\admin\AppData\Roaming\Notepad++\shortcuts.xml | text | |
MD5:AD21A64014891793DD9B21D835278F36 | SHA256:C24699C9D00ABDD510140FE1B2ACE97BFC70D8B21BF3462DED85AFC4F73FE52F | |||
2044 | notepad++.exe | C:\Users\admin\AppData\Roaming\Notepad++\langs.xml | xml | |
MD5:E792264BEC29005B9044A435FBA185AB | SHA256:5298FD2F119C43D04F6CF831F379EC25B4156192278E40E458EC356F9B49D624 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3616 | gup.exe | 37.59.28.236:443 | notepad-plus-plus.org | OVH SAS | FR | whitelisted |
— | — | 2.20.189.204:80 | isrg.trustid.ocsp.identrust.com | Akamai International B.V. | — | whitelisted |
Domain | IP | Reputation |
---|---|---|
notepad-plus-plus.org |
| whitelisted |
isrg.trustid.ocsp.identrust.com |
| whitelisted |
Process | Message |
---|---|
notepad++.exe | VerifyLibrary: C:\Program Files\Notepad++\SciLexer.dll
|
notepad++.exe | VerifyLibrary: certificate revocation checking is disabled
|
notepad++.exe | 42C4C5846BB675C74E2B2C90C69AB44366401093
|