File name: | CarterOs.zip |
Full analysis: | https://app.any.run/tasks/032d9681-4776-4d9b-9363-b256ecb3d189 |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 18:19:02 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 24EF4394FC1A6F227D82D8EC4536550B |
SHA1: | F370D79DCF0FADC349D44EEC398321E8C6A5B4AD |
SHA256: | D0487C7F2A690CD415D38BA75A4DA5253BA54E40CBDE2F117FFAAC1AD7C358AE |
SSDEEP: | 192:dzJ/3hfnmaof77GHtX+RfSu7EwyglXflV3hrN91l32Rs4CP:bxfn1I2Ht0SusgFlV3lwXCP |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | 4.txt |
---|---|
ZipUncompressedSize: | 2056 |
ZipCompressedSize: | 619 |
ZipCRC: | 0x3177d1a5 |
ZipModifyDate: | 2021:12:31 07:17:29 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
612 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\CarterOs.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | Explorer.EXE | |||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 Modules
| |||||||||||||||
2440 | C:\Windows\system32\cmd.exe /c ""C:\Users\admin\AppData\Local\Temp\Rar$DIa612.1140\carteros.bat" " | C:\Windows\system32\cmd.exe | — | WinRAR.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 3221225786 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
2292 | C:\Windows\system32\cmd.exe /c ""C:\Users\admin\Desktop\carteros.bat" " | C:\Windows\system32\cmd.exe | — | Explorer.EXE | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
3248 | findstr /v "ljkshlfjhdas" boot.txt | C:\Windows\system32\findstr.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Find String (QGREP) Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
2244 | C:\Windows\system32\cmd.exe /S /D /c" echo" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
1508 | C:\Windows\system32\cmd.exe /S /D /c" set /p="#"" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
3708 | C:\Windows\system32\cmd.exe /S /D /c" echo" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
1116 | C:\Windows\system32\cmd.exe /S /D /c" set /p="#"" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
3044 | C:\Windows\system32\cmd.exe /S /D /c" echo" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
2800 | C:\Windows\system32\cmd.exe /S /D /c" set /p="#"" | C:\Windows\system32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
|
(PID) Process: | (612) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (612) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (612) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (612) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
(PID) Process: | (612) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
(PID) Process: | (612) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\CarterOs.zip | |||
(PID) Process: | (612) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (612) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (612) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (612) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
612 | WinRAR.exe | C:\Users\admin\Desktop\font.txt | text | |
MD5:A2513C4CDBE89909FF7FB5CF6E7A9AD7 | SHA256:B33DFAD175B63F2CEC86DC9EAD162D302011C1F33A622732D8EE0690671D5DAC | |||
612 | WinRAR.exe | C:\Users\admin\Desktop\menu.txt | text | |
MD5:AD52F04A39EC03A55BD79DE641437AAE | SHA256:9EE4EDBB23A9A892A0CE54F6B34BDD8C8B55C450CE86A6C67C3D69BFC47CE7EF | |||
612 | WinRAR.exe | C:\Users\admin\Desktop\boot.txt | text | |
MD5:0C84A63DB3464922FB5079429F4515A1 | SHA256:F9F4B66F6AE1A776F2AFF6478D98599968DC44857E3E1C07B49966CEDD13101C | |||
612 | WinRAR.exe | C:\Users\admin\Desktop\4.txt | text | |
MD5:2A1FBB536351825238E19A6AAF7C7A92 | SHA256:77486019539260EA39DFF9712667DBE28AC0EFBACCB055C08F1942C57374244C | |||
612 | WinRAR.exe | C:\Users\admin\Desktop\loading2.txt | text | |
MD5:5297F9B74CE7A236E69874D04AF632B7 | SHA256:E4359630263731F03E32C7E41ECFB96D5BDAB81C90EE4636431E0C7C0476D7D7 | |||
612 | WinRAR.exe | C:\Users\admin\Desktop\loading.txt | text | |
MD5:B0EAEB4E45B9D22BF049B5C6094ECED2 | SHA256:A5C7D548C886A387F437B2955954712488BF6A78802EDF6676B47C37B569CEFC | |||
612 | WinRAR.exe | C:\Users\admin\Desktop\carteros.bat | text | |
MD5:023046B7B8BCC660B24642706CCCC4E8 | SHA256:17AC4777CA14509FB4839E5D7F963C587CD322D879FD627BC0FC9E888A6B3EB7 | |||
612 | WinRAR.exe | C:\Users\admin\Desktop\carteros.lnk | lnk | |
MD5:113342FFCA4D9710B12869C1597330F7 | SHA256:1F974FD63669548CD1478EECCAE7D372F5EA2234209E4CA8EAD672AACF2A3578 | |||
612 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa612.1140\carteros.bat | text | |
MD5:023046B7B8BCC660B24642706CCCC4E8 | SHA256:17AC4777CA14509FB4839E5D7F963C587CD322D879FD627BC0FC9E888A6B3EB7 | |||
612 | WinRAR.exe | C:\Users\admin\Desktop\Notepad.txt | text | |
MD5:E4D909C290D0FB1CA068FFADDF22CBD0 | SHA256:EF537F25C895BFA782526529A9B63D97AA631564D5D789C2B765448C8635FB6C |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 192.168.100.2:53 | — | — | — | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.microsoft.com |
| whitelisted |