File name: | test.rar |
Full analysis: | https://app.any.run/tasks/3ec86459-b30a-4477-a7d7-42ca4749a855 |
Verdict: | Malicious activity |
Analysis date: | March 14, 2019, 17:06:08 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/octet-stream |
File info: | ACE archive data version 20, from Win/32, version 20 to extract, contains AV-String (unregistered), solid |
MD5: | 7E708BC0122A480F1D350C4BAD2A9497 |
SHA1: | 30284DC85276AC3654FC468EE42518110BB95285 |
SHA256: | D79A28A766206292EA87CE835CA98DE2C84EACDCA891E3F42019B5892B61836C |
SSDEEP: | 6144:uzyGb3MWl8spY9wCnFveTmURmag05gfzDVlVXg:cjMRspGwQveT405GpX |
.ace | | | ACE compressed archive (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3480 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\test.rar" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 1073807364 Version: 5.60.0 | ||||
2256 | "C:\Windows\system32\msconfig.exe" | C:\Windows\system32\msconfig.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: System Configuration Utility Exit code: 3221226540 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3324 | "C:\Windows\system32\msconfig.exe" | C:\Windows\system32\msconfig.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: System Configuration Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3324 | msconfig.exe | \\?\Volume{e1a82db3-a9f0-11e7-b142-806e6f6e6963}\Boot\BCD | — | |
MD5:— | SHA256:— | |||
3324 | msconfig.exe | \\?\Volume{e1a82db3-a9f0-11e7-b142-806e6f6e6963}\Boot\BCD.LOG | — | |
MD5:— | SHA256:— | |||
3324 | msconfig.exe | C:\Windows\pss\boot.backup | hiv | |
MD5:177531DA37D2209E39C91DDFCDC226FC | SHA256:D5C1B519DC99E1D1062B1D019648DCFF776FE8454BA725F589EF6ADCFF77CCBF | |||
3324 | msconfig.exe | C:\Windows\pss\boot.backup.LOG | log | |
MD5:A010DB9959972B9DFA7962C3AF3DFE47 | SHA256:FEE0D12CD0A43DB226A164BDF199D1B880F49C010C0A393471C0B8E513CE0C1E | |||
3324 | msconfig.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk | lnk | |
MD5:A29336CE3EFA12A21F505F05CD61BBB9 | SHA256:D797517A3D77E95A1E6FFD29448EB85C3CA2F16BD1AFC057AC5803EE3D91382D |