File name: | http://www.mininglog.com/downloads/client2/LBMLv1.0.5.2.zip |
Full analysis: | https://app.any.run/tasks/5d01b9f7-e109-4a69-8dda-721049b7336d |
Verdict: | Malicious activity |
Analysis date: | January 18, 2020, 12:53:11 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 2EB653E434BDDF81914DAB8CDB77042B |
SHA1: | 0D1B5075ED0119D2535D009976F817AD5EE36DAE |
SHA256: | D7C035CB10739D0E4F1CA1524245FB8AE949DEEB4DB84D1220864D6DB1957E4F |
SSDEEP: | 49152:cZEQUNttJItgDNzysbzEeOzklZtFS9LIFc9YRtsW2K7BRWfUDlhxuYZxJD9YU5PE:USJ8g9weigZTE0Fx7sWxBRWyHpqjb2FC |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | Deflated |
ZipModifyDate: | 2019:02:20 12:54:27 |
ZipCRC: | 0x68e2f930 |
ZipCompressedSize: | 1288 |
ZipUncompressedSize: | 1676 |
ZipFileName: | filelist.dat |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1520 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\LBMLv1.0.5.2.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2968 | "C:\Windows\explorer.exe" | C:\Windows\explorer.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3472 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
1536 | "C:\Users\admin\Downloads\LBMLv1.0.5.2\LittleBigMiningLog.exe" | C:\Users\admin\Downloads\LBMLv1.0.5.2\LittleBigMiningLog.exe | — | explorer.exe |
User: admin Company: Digital Envision - www.digital-envision.com Integrity Level: MEDIUM Description: LittleBigMiningLog Exit code: 0 Version: 1.0.5.2 | ||||
2480 | "C:\Users\admin\Downloads\LBMLv1.0.5.2\LbmlUpdater.exe" | C:\Users\admin\Downloads\LBMLv1.0.5.2\LbmlUpdater.exe | explorer.exe | |
User: admin Company: Digital Envision - www.digital-envision.com Integrity Level: MEDIUM Description: LBML Updater Exit code: 0 Version: 1.0.1.1 | ||||
2608 | "C:\Users\admin\Downloads\LBMLv1.0.5.2\updates\tmp_updater\LbmlUpdater_tmp.exe" | C:\Users\admin\Downloads\LBMLv1.0.5.2\updates\tmp_updater\LbmlUpdater_tmp.exe | LbmlUpdater.exe | |
User: admin Company: Digital Envision - www.digital-envision.com Integrity Level: MEDIUM Description: LBML Updater Exit code: 0 Version: 1.0.1.1 | ||||
2692 | "C:\Users\admin\Downloads\LBMLv1.0.5.2\LittleBigMiningLog.exe" | C:\Users\admin\Downloads\LBMLv1.0.5.2\LittleBigMiningLog.exe | — | LbmlUpdater_tmp.exe |
User: admin Company: Digital Envision - www.digital-envision.com Integrity Level: MEDIUM Description: LittleBigMiningLog Exit code: 0 Version: 1.0.5.2 | ||||
388 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Downloads\LBMLv1.0.5.2\updates\2020_01_18_12_53_53.txt | C:\Windows\system32\NOTEPAD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3708 | "C:\Users\admin\Downloads\LBMLv1.0.5.2\updates\tmp_updater\LbmlUpdater_tmp.exe" | C:\Users\admin\Downloads\LBMLv1.0.5.2\updates\tmp_updater\LbmlUpdater_tmp.exe | explorer.exe | |
User: admin Company: Digital Envision - www.digital-envision.com Integrity Level: MEDIUM Description: LBML Updater Exit code: 0 Version: 1.0.1.1 | ||||
3172 | "C:\Users\admin\Downloads\LBMLv1.0.5.2\LittleBigMiningLog.exe" | C:\Users\admin\Downloads\LBMLv1.0.5.2\LittleBigMiningLog.exe | — | LbmlUpdater_tmp.exe |
User: admin Company: Digital Envision - www.digital-envision.com Integrity Level: MEDIUM Description: LittleBigMiningLog Exit code: 0 Version: 1.0.5.2 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1520 | WinRAR.exe | C:\Users\admin\Downloads\LBMLv1.0.5.2\filelist.dat | text | |
MD5:7D5EBE67846747AEF2672CD4FA318050 | SHA256:2F6E194394FE8694FE9495F9E7E2C39919A2BF5A3E299DC4A844FDBCCB90DF8D | |||
2480 | LbmlUpdater.exe | C:\Users\admin\Downloads\LBMLv1.0.5.2\updates\tmp_updater\Protect32.dll | executable | |
MD5:67B8F715701DF2570042F3A4830762A3 | SHA256:FD06C39DDCC6FAABC8AEEE4201F8425BE2AE4D59CCB9B530756CC8D43BB3BC7F | |||
2856 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old | — | |
MD5:— | SHA256:— | |||
2856 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RF3b21e0.TMP | — | |
MD5:— | SHA256:— | |||
1520 | WinRAR.exe | C:\Users\admin\Downloads\LBMLv1.0.5.2\LbmlUpdater.exe | executable | |
MD5:E0D20DF0E0C4FDF4B75A7C168FC0C9B6 | SHA256:4950E2AFEF5224D3CEE67A88AEC41DD4868DA9C6E531FD24AB81E8041B774C41 | |||
2480 | LbmlUpdater.exe | C:\Users\admin\Downloads\LBMLv1.0.5.2\updates\tmp_updater\LbmlUpdater_tmp.exe | executable | |
MD5:E0D20DF0E0C4FDF4B75A7C168FC0C9B6 | SHA256:4950E2AFEF5224D3CEE67A88AEC41DD4868DA9C6E531FD24AB81E8041B774C41 | |||
1520 | WinRAR.exe | C:\Users\admin\Downloads\LBMLv1.0.5.2\RemoteObjects.dll | executable | |
MD5:B5DFF5932FC5A2E33423418BA065F0E1 | SHA256:7D2B567D6FB5C198C787FAD0AB496BDF871EB8B15362F076E34D4FECA19A4C42 | |||
2608 | LbmlUpdater_tmp.exe | C:\Users\admin\Downloads\LBMLv1.0.5.2\updates\2020_01_18_12_53_53.txt | text | |
MD5:4C7C30A31EBAE8BBAD26FFFCF0E8DB9C | SHA256:039CC8CB58AA486A78476F2FA6DD6988F110181A3F6DB4DA99E1F08F92D03085 | |||
2480 | LbmlUpdater.exe | C:\Users\admin\Downloads\LBMLv1.0.5.2\updates\tmp_updater\Protect64.dll | executable | |
MD5:49AD4010D40304B43CD2366738629CE8 | SHA256:9481FB2DE05FE4398CD49C8A2444C318306AF45C90653800BC6DC278314351E6 | |||
2856 | chrome.exe | C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\LOG.old | text | |
MD5:213AE3DA120D7862D60B5763B6C9D466 | SHA256:5736534D6EE654C1BF1A8E79E73330AF58F622E8657285330D2C7189A55604F4 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3392 | chrome.exe | GET | — | 132.148.61.1:80 | http://www.mininglog.com/ | US | — | — | suspicious |
3392 | chrome.exe | GET | 302 | 172.217.22.46:80 | http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx | US | html | 510 b | whitelisted |
3708 | LbmlUpdater_tmp.exe | GET | 200 | 132.148.61.1:80 | http://www.mininglog.com/downloads/version2.php | US | text | 242 b | suspicious |
3392 | chrome.exe | GET | 302 | 172.217.22.46:80 | http://redirector.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx | US | html | 515 b | whitelisted |
3392 | chrome.exe | GET | 200 | 74.125.4.203:80 | http://r5---sn-aigzrner.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOWVmQUFXS041NV9ZVXlJVWwxbGc5TUM4dw/7519.422.0.3_pkedcjkdefgpdelpbcmbmeomcjbeemfm.crx?cms_redirect=yes&mip=78.110.162.166&mm=28&mn=sn-aigzrner&ms=nvh&mt=1579351994&mv=m&mvi=4&pl=20&shardbypass=yes | US | crx | 862 Kb | whitelisted |
3392 | chrome.exe | GET | 200 | 74.125.4.166:80 | http://r1---sn-aigzrne7.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvOTRmQUFXVHlhaGJaUTdMLWtCSkNJUl9ZQQ/1.0.0.5_nmmhkkegccagdldgiimedpiccmgmieda.crx?cms_redirect=yes&mip=78.110.162.166&mm=28&mn=sn-aigzrne7&ms=nvh&mt=1579351994&mv=m&mvi=0&pl=20&shardbypass=yes | US | crx | 293 Kb | whitelisted |
3392 | chrome.exe | GET | 200 | 132.148.61.1:80 | http://www.mininglog.com/img/donate.jpg | US | image | 2.06 Kb | suspicious |
2608 | LbmlUpdater_tmp.exe | GET | 200 | 132.148.61.1:80 | http://www.mininglog.com/downloads/version2.php | US | text | 242 b | suspicious |
3392 | chrome.exe | GET | 200 | 132.148.61.1:80 | http://www.mininglog.com/download.php | US | html | 3.55 Kb | suspicious |
3392 | chrome.exe | GET | 200 | 132.148.61.1:80 | http://mininglog.com/ | US | html | 12.6 Kb | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3392 | chrome.exe | 172.217.18.170:443 | fonts.googleapis.com | Google Inc. | US | whitelisted |
3708 | LbmlUpdater_tmp.exe | 132.148.61.1:80 | www.mininglog.com | GoDaddy.com, LLC | US | suspicious |
3392 | chrome.exe | 216.58.210.14:443 | ogs.google.com | Google Inc. | US | whitelisted |
3392 | chrome.exe | 172.217.16.195:443 | www.gstatic.com | Google Inc. | US | whitelisted |
3392 | chrome.exe | 172.217.23.99:443 | www.google.com.ua | Google Inc. | US | whitelisted |
2608 | LbmlUpdater_tmp.exe | 132.148.61.1:80 | www.mininglog.com | GoDaddy.com, LLC | US | suspicious |
3392 | chrome.exe | 172.217.21.195:443 | clientservices.googleapis.com | Google Inc. | US | whitelisted |
3392 | chrome.exe | 216.58.207.77:443 | accounts.google.com | Google Inc. | US | whitelisted |
3392 | chrome.exe | 132.148.61.1:80 | www.mininglog.com | GoDaddy.com, LLC | US | suspicious |
3392 | chrome.exe | 172.217.16.142:443 | apis.google.com | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
www.mininglog.com |
| suspicious |
clientservices.googleapis.com |
| whitelisted |
accounts.google.com |
| shared |
www.google.com.ua |
| whitelisted |
fonts.googleapis.com |
| whitelisted |
www.gstatic.com |
| whitelisted |
fonts.gstatic.com |
| whitelisted |
apis.google.com |
| whitelisted |
ogs.google.com |
| whitelisted |
clients2.google.com |
| whitelisted |