analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

http://www.mininglog.com/downloads/client2/LBMLv1.0.5.2.zip

Full analysis: https://app.any.run/tasks/5d01b9f7-e109-4a69-8dda-721049b7336d
Verdict: Malicious activity
Analysis date: January 18, 2020, 12:53:11
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

2EB653E434BDDF81914DAB8CDB77042B

SHA1:

0D1B5075ED0119D2535D009976F817AD5EE36DAE

SHA256:

D7C035CB10739D0E4F1CA1524245FB8AE949DEEB4DB84D1220864D6DB1957E4F

SSDEEP:

49152:cZEQUNttJItgDNzysbzEeOzklZtFS9LIFc9YRtsW2K7BRWfUDlhxuYZxJD9YU5PE:USJ8g9weigZTE0Fx7sWxBRWyHpqjb2FC

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Loads dropped or rewritten executable

      • SearchProtocolHost.exe (PID: 3472)

    • Application was dropped or rewritten from another process

      • LittleBigMiningLog.exe (PID: 1536)
      • LbmlUpdater.exe (PID: 2480)
      • LbmlUpdater_tmp.exe (PID: 2608)
      • LittleBigMiningLog.exe (PID: 2692)
      • LbmlUpdater_tmp.exe (PID: 3708)
      • LittleBigMiningLog.exe (PID: 3172)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 1520)
      • LbmlUpdater.exe (PID: 2480)

    • Starts itself from another location

      • LbmlUpdater.exe (PID: 2480)

    • Modifies files in Chrome extension folder

      • chrome.exe (PID: 2856)

  • INFO

    • Manual execution by user

      • explorer.exe (PID: 2968)
      • LittleBigMiningLog.exe (PID: 1536)
      • LbmlUpdater.exe (PID: 2480)
      • LbmlUpdater_tmp.exe (PID: 3708)
      • NOTEPAD.EXE (PID: 388)
      • chrome.exe (PID: 2856)

    • Reads the hosts file

      • chrome.exe (PID: 3392)
      • chrome.exe (PID: 2856)

    • Reads settings of System Certificates

      • chrome.exe (PID: 3392)

    • Application launched itself

      • chrome.exe (PID: 2856)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipRequiredVersion: 20
ZipBitFlag: -
ZipCompression: Deflated
ZipModifyDate: 2019:02:20 12:54:27
ZipCRC: 0x68e2f930
ZipCompressedSize: 1288
ZipUncompressedSize: 1676
ZipFileName: filelist.dat
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
90
Monitored processes
50
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start drop and start winrar.exe explorer.exe no specs searchprotocolhost.exe no specs littlebigmininglog.exe no specs lbmlupdater.exe lbmlupdater_tmp.exe littlebigmininglog.exe no specs notepad.exe no specs lbmlupdater_tmp.exe littlebigmininglog.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1520"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\LBMLv1.0.5.2.zip"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.60.0
2968"C:\Windows\explorer.exe" C:\Windows\explorer.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
1
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
3472"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" C:\Windows\System32\SearchProtocolHost.exeSearchIndexer.exe
User:
SYSTEM
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Microsoft Windows Search Protocol Host
Exit code:
0
Version:
7.00.7600.16385 (win7_rtm.090713-1255)
1536"C:\Users\admin\Downloads\LBMLv1.0.5.2\LittleBigMiningLog.exe" C:\Users\admin\Downloads\LBMLv1.0.5.2\LittleBigMiningLog.exeexplorer.exe
User:
admin
Company:
Digital Envision - www.digital-envision.com
Integrity Level:
MEDIUM
Description:
LittleBigMiningLog
Exit code:
0
Version:
1.0.5.2
2480"C:\Users\admin\Downloads\LBMLv1.0.5.2\LbmlUpdater.exe" C:\Users\admin\Downloads\LBMLv1.0.5.2\LbmlUpdater.exe
explorer.exe
User:
admin
Company:
Digital Envision - www.digital-envision.com
Integrity Level:
MEDIUM
Description:
LBML Updater
Exit code:
0
Version:
1.0.1.1
2608"C:\Users\admin\Downloads\LBMLv1.0.5.2\updates\tmp_updater\LbmlUpdater_tmp.exe" C:\Users\admin\Downloads\LBMLv1.0.5.2\updates\tmp_updater\LbmlUpdater_tmp.exe
LbmlUpdater.exe
User:
admin
Company:
Digital Envision - www.digital-envision.com
Integrity Level:
MEDIUM
Description:
LBML Updater
Exit code:
0
Version:
1.0.1.1
2692"C:\Users\admin\Downloads\LBMLv1.0.5.2\LittleBigMiningLog.exe" C:\Users\admin\Downloads\LBMLv1.0.5.2\LittleBigMiningLog.exeLbmlUpdater_tmp.exe
User:
admin
Company:
Digital Envision - www.digital-envision.com
Integrity Level:
MEDIUM
Description:
LittleBigMiningLog
Exit code:
0
Version:
1.0.5.2
388"C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Downloads\LBMLv1.0.5.2\updates\2020_01_18_12_53_53.txtC:\Windows\system32\NOTEPAD.EXEexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
3708"C:\Users\admin\Downloads\LBMLv1.0.5.2\updates\tmp_updater\LbmlUpdater_tmp.exe" C:\Users\admin\Downloads\LBMLv1.0.5.2\updates\tmp_updater\LbmlUpdater_tmp.exe
explorer.exe
User:
admin
Company:
Digital Envision - www.digital-envision.com
Integrity Level:
MEDIUM
Description:
LBML Updater
Exit code:
0
Version:
1.0.1.1
3172"C:\Users\admin\Downloads\LBMLv1.0.5.2\LittleBigMiningLog.exe" C:\Users\admin\Downloads\LBMLv1.0.5.2\LittleBigMiningLog.exeLbmlUpdater_tmp.exe
User:
admin
Company:
Digital Envision - www.digital-envision.com
Integrity Level:
MEDIUM
Description:
LittleBigMiningLog
Exit code:
0
Version:
1.0.5.2
Total events
2 527
Read events
2 397
Write events
0
Delete events
0

Modification events

No data
Executable files
9
Suspicious files
39
Text files
287
Unknown types
10

Dropped files

PID
Process
Filename
Type
1520WinRAR.exeC:\Users\admin\Downloads\LBMLv1.0.5.2\filelist.dattext
MD5:7D5EBE67846747AEF2672CD4FA318050
SHA256:2F6E194394FE8694FE9495F9E7E2C39919A2BF5A3E299DC4A844FDBCCB90DF8D
2480LbmlUpdater.exeC:\Users\admin\Downloads\LBMLv1.0.5.2\updates\tmp_updater\Protect32.dllexecutable
MD5:67B8F715701DF2570042F3A4830762A3
SHA256:FD06C39DDCC6FAABC8AEEE4201F8425BE2AE4D59CCB9B530756CC8D43BB3BC7F
2856chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old
MD5:
SHA256:
2856chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RF3b21e0.TMP
MD5:
SHA256:
1520WinRAR.exeC:\Users\admin\Downloads\LBMLv1.0.5.2\LbmlUpdater.exeexecutable
MD5:E0D20DF0E0C4FDF4B75A7C168FC0C9B6
SHA256:4950E2AFEF5224D3CEE67A88AEC41DD4868DA9C6E531FD24AB81E8041B774C41
2480LbmlUpdater.exeC:\Users\admin\Downloads\LBMLv1.0.5.2\updates\tmp_updater\LbmlUpdater_tmp.exeexecutable
MD5:E0D20DF0E0C4FDF4B75A7C168FC0C9B6
SHA256:4950E2AFEF5224D3CEE67A88AEC41DD4868DA9C6E531FD24AB81E8041B774C41
1520WinRAR.exeC:\Users\admin\Downloads\LBMLv1.0.5.2\RemoteObjects.dllexecutable
MD5:B5DFF5932FC5A2E33423418BA065F0E1
SHA256:7D2B567D6FB5C198C787FAD0AB496BDF871EB8B15362F076E34D4FECA19A4C42
2608LbmlUpdater_tmp.exeC:\Users\admin\Downloads\LBMLv1.0.5.2\updates\2020_01_18_12_53_53.txttext
MD5:4C7C30A31EBAE8BBAD26FFFCF0E8DB9C
SHA256:039CC8CB58AA486A78476F2FA6DD6988F110181A3F6DB4DA99E1F08F92D03085
2480LbmlUpdater.exeC:\Users\admin\Downloads\LBMLv1.0.5.2\updates\tmp_updater\Protect64.dllexecutable
MD5:49AD4010D40304B43CD2366738629CE8
SHA256:9481FB2DE05FE4398CD49C8A2444C318306AF45C90653800BC6DC278314351E6
2856chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.oldtext
MD5:213AE3DA120D7862D60B5763B6C9D466
SHA256:5736534D6EE654C1BF1A8E79E73330AF58F622E8657285330D2C7189A55604F4
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
27
TCP/UDP connections
44
DNS requests
33
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3392
chrome.exe
GET
132.148.61.1:80
http://www.mininglog.com/
US
suspicious
3392
chrome.exe
GET
302
172.217.22.46:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx
US
html
510 b
whitelisted
3708
LbmlUpdater_tmp.exe
GET
200
132.148.61.1:80
http://www.mininglog.com/downloads/version2.php
US
text
242 b
suspicious
3392
chrome.exe
GET
302
172.217.22.46:80
http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx
US
html
515 b
whitelisted
3392
chrome.exe
GET
200
74.125.4.203:80
http://r5---sn-aigzrner.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mip=78.110.162.166&mm=28&mn=sn-aigzrner&ms=nvh&mt=1579351994&mv=m&mvi=4&pl=20&shardbypass=yes
US
crx
862 Kb
whitelisted
3392
chrome.exe
GET
200
74.125.4.166:80
http://r1---sn-aigzrne7.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&mip=78.110.162.166&mm=28&mn=sn-aigzrne7&ms=nvh&mt=1579351994&mv=m&mvi=0&pl=20&shardbypass=yes
US
crx
293 Kb
whitelisted
3392
chrome.exe
GET
200
132.148.61.1:80
http://www.mininglog.com/img/donate.jpg
US
image
2.06 Kb
suspicious
2608
LbmlUpdater_tmp.exe
GET
200
132.148.61.1:80
http://www.mininglog.com/downloads/version2.php
US
text
242 b
suspicious
3392
chrome.exe
GET
200
132.148.61.1:80
http://www.mininglog.com/download.php
US
html
3.55 Kb
suspicious
3392
chrome.exe
GET
200
132.148.61.1:80
http://mininglog.com/
US
html
12.6 Kb
suspicious
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3392
chrome.exe
172.217.18.170:443
fonts.googleapis.com
Google Inc.
US
whitelisted
3708
LbmlUpdater_tmp.exe
132.148.61.1:80
www.mininglog.com
GoDaddy.com, LLC
US
suspicious
3392
chrome.exe
216.58.210.14:443
ogs.google.com
Google Inc.
US
whitelisted
3392
chrome.exe
172.217.16.195:443
www.gstatic.com
Google Inc.
US
whitelisted
3392
chrome.exe
172.217.23.99:443
www.google.com.ua
Google Inc.
US
whitelisted
2608
LbmlUpdater_tmp.exe
132.148.61.1:80
www.mininglog.com
GoDaddy.com, LLC
US
suspicious
3392
chrome.exe
172.217.21.195:443
clientservices.googleapis.com
Google Inc.
US
whitelisted
3392
chrome.exe
216.58.207.77:443
accounts.google.com
Google Inc.
US
whitelisted
3392
chrome.exe
132.148.61.1:80
www.mininglog.com
GoDaddy.com, LLC
US
suspicious
3392
chrome.exe
172.217.16.142:443
apis.google.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
www.mininglog.com
  • 132.148.61.1
suspicious
clientservices.googleapis.com
  • 172.217.21.195
whitelisted
accounts.google.com
  • 216.58.207.77
shared
www.google.com.ua
  • 172.217.23.99
whitelisted
fonts.googleapis.com
  • 172.217.18.170
whitelisted
www.gstatic.com
  • 172.217.16.195
whitelisted
fonts.gstatic.com
  • 172.217.21.195
whitelisted
apis.google.com
  • 172.217.16.142
whitelisted
ogs.google.com
  • 216.58.210.14
whitelisted
clients2.google.com
  • 216.58.205.238
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
http://www.mininglog.com/downloads/client2/LBMLv1.0.5.2.zip