File name: | droogcompanii.zip |
Full analysis: | https://app.any.run/tasks/43316718-d763-453a-a219-0f191d302957 |
Verdict: | Malicious activity |
Analysis date: | August 17, 2019, 15:11:35 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | FFD54EBA0046070D5DB9542A38A37419 |
SHA1: | AB3B745BCA32708BC7B8EE5FDEBAB2C4DFE0DA99 |
SHA256: | D1AF3E37DAB1B1A90437FEC40633C3F9B2A5D90C7D46077402DB8C94938438EE |
SSDEEP: | 6144:t/FVQgk4m0RQ2OjAHv4jw/8ya3wDfuKAtorTTr3uOIu8Hl0oaHb9M4fO08CcMR:hTjvmg8UH1/8ya3ONo8TT70ujHbhO0M8 |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | Deflated |
ZipModifyDate: | 2018:07:31 14:25:11 |
ZipCRC: | 0x778c77ac |
ZipCompressedSize: | 52001 |
ZipUncompressedSize: | 143360 |
ZipFileName: | SuperEngine.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2888 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\droogcompanii.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
848 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
3376 | "C:\Users\admin\Desktop\droogcompanii\DarkEdition.exe" | C:\Users\admin\Desktop\droogcompanii\DarkEdition.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Description: DarkEdition Exit code: 0 Version: 1.0.0.0 |
(PID) Process: | (2888) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (2888) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (2888) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (2888) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\droogcompanii.zip | |||
(PID) Process: | (2888) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (2888) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (2888) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (2888) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (2888) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop\droogcompanii | |||
(PID) Process: | (2888) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin |
Operation: | write | Name: | Placement |
Value: 2C0000000000000001000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2888 | WinRAR.exe | C:\Users\admin\Desktop\droogcompanii\SuperEngine.dll | executable | |
MD5:601F9C5CDA48C9A6C26474AC8981363F | SHA256:CC47E8E67D26FA49FBF27CDEF6696F73B133634A22FCAC3D76E949AD06420CB1 | |||
2888 | WinRAR.exe | C:\Users\admin\Desktop\droogcompanii\DarkEdition.exe | executable | |
MD5:FBDDCBDE687D5A8843C4F9E00EE66D72 | SHA256:CE3DB5C4B983F5F0BEE53821FCC669E11DA1085A1A734B378BB4E8A1CAB13BC3 | |||
2888 | WinRAR.exe | C:\Users\admin\Desktop\droogcompanii\Newtonsoft.Json.dll | executable | |
MD5:C53737821B861D454D5248034C3C097C | SHA256:575E30F98E4EA42C9E516EDC8BBB29AD8B50B173A3E6B36B5BA39E133CCE9406 | |||
2888 | WinRAR.exe | C:\Users\admin\Desktop\droogcompanii\Bunifu_UI_v1.5.3.dll | executable | |
MD5:2ECB51AB00C5F340380ECF849291DBCF | SHA256:F1B3E0F2750A9103E46A6A4A34F1CF9D17779725F98042CC2475EC66484801CF |