File name: | Print_DHL8D9D4CF.zip |
Full analysis: | https://app.any.run/tasks/aaf91e76-d16d-44b1-9a2e-ffee91281832 |
Verdict: | Malicious activity |
Analysis date: | June 19, 2019, 13:28:40 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 8C4373805227B37DA523E1F07DD4BF82 |
SHA1: | 5892A1EE93A18A3ABF99A52771C16555181AB5B3 |
SHA256: | D8BA693AD891D62399A14D79FEFAA37016CE63CB1292D84E591011E063D9608B |
SSDEEP: | 6144:iocsVW/rq5nlImrcj5U/4DnRy8shnlEgyEb23ms/F5jM0fB4cNhB2:dcZ3mrd4NnaiLpms/XNBNA |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | Deflated |
ZipModifyDate: | 2017:02:09 11:06:23 |
ZipCRC: | 0x1cfdb238 |
ZipCompressedSize: | 328156 |
ZipUncompressedSize: | 577536 |
ZipFileName: | Print-DHL8D9D4CF.exe |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2920 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Print_DHL8D9D4CF.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3556 | "C:\Users\admin\Desktop\Print-DHL8D9D4CF.exe" | C:\Users\admin\Desktop\Print-DHL8D9D4CF.exe | — | explorer.exe |
User: admin Company: City Integrity Level: MEDIUM Description: Raoadinis Version: 1.09.0002 | ||||
3420 | "C:\Users\admin\Desktop\Print-DHL8D9D4CF.exe" | C:\Users\admin\Desktop\Print-DHL8D9D4CF.exe | — | explorer.exe |
User: admin Company: City Integrity Level: MEDIUM Description: Raoadinis Version: 1.09.0002 | ||||
2396 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2920.48965\Print-DHL8D9D4CF.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2920.48965\Print-DHL8D9D4CF.exe | — | WinRAR.exe |
User: admin Company: City Integrity Level: MEDIUM Description: Raoadinis Version: 1.09.0002 |
(PID) Process: | (2920) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (2920) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (2920) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (2920) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\Print_DHL8D9D4CF.zip | |||
(PID) Process: | (2920) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (2920) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (2920) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (2920) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (2920) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop | |||
(PID) Process: | (2920) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2920 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2920.48965\Print-DHL8D9D4CF.exe | executable | |
MD5:E4D9C42BF0E67B584015D69EFAB0C8E1 | SHA256:6C2699E66A8F3FC020C16CD866AC85B3E5C0CB794847D1C3779CA967A02DBC26 | |||
2920 | WinRAR.exe | C:\Users\admin\Desktop\Print-DHL8D9D4CF.exe | executable | |
MD5:E4D9C42BF0E67B584015D69EFAB0C8E1 | SHA256:6C2699E66A8F3FC020C16CD866AC85B3E5C0CB794847D1C3779CA967A02DBC26 |