File name: | JungkookSploit.rar |
Full analysis: | https://app.any.run/tasks/235ccf4b-b046-459a-a67f-a4aa89f6b4f7 |
Verdict: | Malicious activity |
Analysis date: | July 11, 2019, 19:27:37 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 0B7318106D3663809140E8139AC8A8C6 |
SHA1: | 08A7518BC23BEAFBAD67B522D7EC6C566245EEFF |
SHA256: | D4A7017B105791A9C0D52A684F9FCB0FD21C4750B689F9D6B072182DE1058EDB |
SSDEEP: | 49152:A50qg9p8lzK9Du2NplBaA2HBsw+e1FX9ZbX29JU+SDj756HNU5j9:AzgsFK9a2H3aA2HBsw+erXa9JU+SbCWZ |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3040 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\JungkookSploit.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
1640 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3040.30471\JungkookSploit\JungkookSploit.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3040.30471\JungkookSploit\JungkookSploit.exe | WinRAR.exe | |
User: admin Integrity Level: MEDIUM Description: AxonSimpleUI Version: 1.0.0.0 | ||||
3088 | cmd /c ""C:\Users\admin\AppData\Local\Temp\Rar$DIa3040.31693\open roblox folder - u dont need to add this.bat" " | C:\Windows\system32\cmd.exe | — | WinRAR.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
3880 | explorer C:\Users\admin\AppData\Local\Roblox\Versions\version-8ea9490e0ca04991 | C:\Windows\explorer.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2660 | C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding | C:\Windows\explorer.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3804 | cmd /c ""C:\Users\admin\AppData\Local\Temp\Rar$DIa3040.33979\open roblox folder - u dont need to add this.bat" " | C:\Windows\system32\cmd.exe | — | WinRAR.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 3221225786 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2812 | explorer C:\Users\admin\AppData\Local\Roblox\Versions\version-8ea9490e0ca04991 | C:\Windows\explorer.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3600 | C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding | C:\Windows\explorer.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3040 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3040.30471\JungkookSploit\Workspace\autoexe\init.lua | text | |
MD5:B86B1B29646BD0A54D10C6D03027CF86 | SHA256:16D738030422011E4C543109847CEDBB6264DEDE4978E9263BA69A5E88FF8277 | |||
3040 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3040.30471\JungkookSploit\JungkookSploit.dll | executable | |
MD5:F61349E9F5B03F86AEED5D0FCC46C725 | SHA256:9B111F05F83F16F726AF85B19C44DB13EBA2452C56866DE565AF6D34941667C0 | |||
3040 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3040.30471\JungkookSploit\PUT THESE IN ROBLOX FOLDER\open roblox folder - u dont need to add this.bat | text | |
MD5:3DB345F2BE33730515BBE28B997129C4 | SHA256:38E48B87926DFAF78A5C27A45D795962A36048A7543A35DE6C9A2C4CDCDA0B91 | |||
3040 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa3040.33979\open roblox folder - u dont need to add this.bat | text | |
MD5:3DB345F2BE33730515BBE28B997129C4 | SHA256:38E48B87926DFAF78A5C27A45D795962A36048A7543A35DE6C9A2C4CDCDA0B91 | |||
3040 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3040.30471\JungkookSploit\ScintillaNET.dll | executable | |
MD5:9166536C31F4E725E6BEFE85E2889A4B | SHA256:AD0CC5A4D4A6AAE06EE360339C851892B74B8A275CE89C1B48185672179F3163 | |||
3040 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3040.30471\JungkookSploit\ScintillaNET.xml | xml | |
MD5:E200C312A4C43F78021A9CFD75B0B9D2 | SHA256:D40A05B1D45B13C7AD7395024743E68667A340D488CD9ACD71BC4824D6944538 | |||
3040 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3040.30471\JungkookSploit\JungkookSploit.exe | executable | |
MD5:E6DF29D0F003599E63D42D9D136C878B | SHA256:D0F3F23C21883A0CA1ED78C981FB355CFA7650591BE5802121449D2ED9BD70BD | |||
3040 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3040.30471\JungkookSploit\PUT THESE IN ROBLOX FOLDER\VMProtectSDK32.dll | executable | |
MD5:1E6FDCD6D847BBF9CD3A37BA72CDA3F7 | SHA256:06754CB39C2E814577AC287B7DD0083F59933C867038407CDDFB22EBC6C0F193 | |||
3040 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa3040.31693\open roblox folder - u dont need to add this.bat | text | |
MD5:3DB345F2BE33730515BBE28B997129C4 | SHA256:38E48B87926DFAF78A5C27A45D795962A36048A7543A35DE6C9A2C4CDCDA0B91 | |||
1640 | JungkookSploit.exe | C:\Users\admin\AppData\Local\Temp\ScintillaNET\3.6.3\x86\SciLexer.dll | executable | |
MD5:2FF7ACFA80647EE46CC3C0E446327108 | SHA256:08F0CBBC5162F236C37166772BE2C9B8FFD465D32DF17EA9D45626C4ED2C911D |