File name: | XP 2012 Updated.rar |
Full analysis: | https://app.any.run/tasks/3be70a6a-aca6-4b1f-8511-245e9e7cc0e6 |
Verdict: | Malicious activity |
Analysis date: | May 21, 2022, 06:02:21 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32 |
MD5: | 562BEBBF86F7B803900BAFED69489B6B |
SHA1: | 64DEBFB1BB27AED8A9026C4E97A8BF0B802DCC21 |
SHA256: | CF46DCCA4195957D87F7453A6FE91122C23749781F0592C297A58CE0E6DD96CE |
SSDEEP: | 6144:4Bm+sTKxXQ43DBZ8sMgRtVmXgoZduVkIgA6NvG3xILUyshiBY4B1yfRy7J:44+mWQ43DIsMgRtFgkgA6NehIIyNBYMn |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
ArchivedFileName: | oiu0.8315073219590121.exe |
---|---|
PackingMethod: | Normal |
ModifyDate: | 2012:01:13 16:48:23 |
OperatingSystem: | Win32 |
UncompressedSize: | 463824 |
CompressedSize: | 381798 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
116 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\XP 2012 Updated.rar" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
4044 | "C:\Users\admin\Desktop\oiu0.8315073219590121.exe" | C:\Users\admin\Desktop\oiu0.8315073219590121.exe | Explorer.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Outlook Express Exit code: 0 Version: 6.00.2900.5931 (xpsp_sp3_gdr.100129-1321) | ||||
1080 | C:\Windows\Explorer.EXE | C:\Windows\Explorer.EXE | — | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1988 | C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} | C:\Windows\system32\DllHost.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: COM Surrogate Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2916 | "C:\Users\admin\AppData\Local\fvu.exe" -a "C:\Windows\system32\taskmgr.exe" /4 | C:\Users\admin\AppData\Local\fvu.exe | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Outlook Express Exit code: 0 Version: 6.00.2900.5931 (xpsp_sp3_gdr.100129-1321) | ||||
3352 | "C:\Windows\system32\taskmgr.exe" /4 | C:\Windows\system32\taskmgr.exe | — | fvu.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Task Manager Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1292 | C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} | C:\Windows\system32\DllHost.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: COM Surrogate Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3648 | C:\Windows\system32\wbem\unsecapp.exe -Embedding | C:\Windows\system32\wbem\unsecapp.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Sink to receive asynchronous callbacks for WMI client application Version: 10.0.14409.1005 (rs1_srvoob.161208-1155) | ||||
2756 | "C:\Windows\system32\taskmgr.exe" /4 | C:\Windows\system32\taskmgr.exe | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Task Manager Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
4044 | oiu0.8315073219590121.exe | C:\Users\admin\AppData\Local\fvu.exe | executable | |
MD5:981C0D16EEF0B35259EE8232CDC90B1C | SHA256:6560A915088D6F9833F2AE3C533E77373902759F7C581FC4925F6F05E87F6108 | |||
1080 | Explorer.EXE | C:\MSOCache\All Users\{90140000-006E-0407-0000-0000000FF1CE}-C\dwtrig20.exe | executable | |
MD5:8B1CAA6BB6FCAD3C92137ED9166B4470 | SHA256:E6680139681668DBCABFEF83B1876C5811B3CF72150BAE342C725C65EAE68B71 | |||
1080 | Explorer.EXE | C:\MSOCache\All Users\{90140000-006E-040C-0000-0000000FF1CE}-C\dwtrig20.exe | executable | |
MD5:D0CB77BFA5C357E3B974F161B002915B | SHA256:151903CF0F2A1214DF1ADA1976D9EBA3A06738943275C2435450D4521849B350 | |||
1080 | Explorer.EXE | C:\MSOCache\All Users\{90140000-006E-0419-0000-0000000FF1CE}-C\dwtrig20.exe | executable | |
MD5:6F3A715D22DC9E1825ACCEDFC3287C80 | SHA256:F99A988F9B1887427904CFF182D5B568CCFC0985AA4DD07A5ACE672DEB1ECFAE | |||
1080 | Explorer.EXE | C:\MSOCache\All Users\{90140000-006E-0407-0000-0000000FF1CE}-C\DW20.EXE | executable | |
MD5:6B032D231F8CC6FBBED39DC08482C861 | SHA256:9EC41CDEFADC46455C5714B172CCBC6E2E60FCDAA202250DCB5BC972E8559666 | |||
1080 | Explorer.EXE | C:\MSOCache\All Users\{90140000-006E-0410-0000-0000000FF1CE}-C\dwtrig20.exe | executable | |
MD5:15A32ECC8C8CD2A720B9BCFB13C09F77 | SHA256:659126D85246561D3667A9A53D693C18D55EE209842CD968E9FE4994D96FD160 | |||
1080 | Explorer.EXE | C:\MSOCache\All Users\{90140000-006E-0416-0000-0000000FF1CE}-C\dwtrig20.exe | executable | |
MD5:875EF992E100142D0C4E9DCC7D9B7999 | SHA256:25CB2176818B4998E16A49F2B81B2D5D1842F94CC73109FD55E7ED71FAF61D7A | |||
1080 | Explorer.EXE | C:\MSOCache\All Users\{90140000-003D-0000-0000-0000000FF1CE}-C\setup.exe | executable | |
MD5:47F60244BCFB62E3D12093728BB944B6 | SHA256:C32EA98B6E9BE222B83E59E1F749EAC7F93B72C3865E2A75E249F368267FBE53 | |||
1080 | Explorer.EXE | C:\MSOCache\All Users\{90140000-006E-0411-0000-0000000FF1CE}-C\DW20.EXE | executable | |
MD5:3749FCAA41DDDB2BE6E2ED817DE70514 | SHA256:3BCFFDE84541495A778D2356EEEABE6237B1B0FE3601D32E743BDF4555A2D896 | |||
1080 | Explorer.EXE | C:\MSOCache\All Users\{90140000-006E-0410-0000-0000000FF1CE}-C\DW20.EXE | executable | |
MD5:E0C944CFECCD6D0EAE6A761D09C4B57A | SHA256:1B2B9438F3C34C88A93D647EF9B5DBE097C876E5100490205A97AB03AA6A05FA |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4044 | oiu0.8315073219590121.exe | 20.112.52.29:80 | microsoft.com | — | US | malicious |
4044 | oiu0.8315073219590121.exe | 20.53.203.50:80 | microsoft.com | — | US | suspicious |
4044 | oiu0.8315073219590121.exe | 20.84.181.62:80 | microsoft.com | — | US | suspicious |
4044 | oiu0.8315073219590121.exe | 20.103.85.33:80 | microsoft.com | — | US | suspicious |
Domain | IP | Reputation |
---|---|---|
vuforazaj.com |
| unknown |
fyzybopufanuj.com |
| unknown |
nyzysemadyk.com |
| suspicious |
gavotataran.com |
| unknown |
pubepujiwusiwy.com |
| unknown |
zetofyhecynovu.com |
| unknown |
hypulycyfaqaba.com |
| unknown |
rehudomydefe.com |
| unknown |
vequtycarykeg.com |
| unknown |
sesycifaqago.com |
| unknown |