File name: | sup121.zip |
Full analysis: | https://app.any.run/tasks/23369a68-0580-480b-93be-5f22d3d9913d |
Verdict: | Malicious activity |
Analysis date: | March 31, 2020, 07:58:15 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 6ABE1661890FB8DC45B415F8B2E7B9E4 |
SHA1: | 1EFF4A03E8FD827660B4702F81A220020C60AEFD |
SHA256: | D9349E0383552C1F40DD89D7C788565FDF93782F0CB54F23CFD409E2C1F62508 |
SSDEEP: | 3072:auqUXSoD78yYClkhI3bp4qqVDt/Y6avP7cI1vANt3i:LrXSAjkhI3bNiwrTRAG |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | 6a577d9156c3734a6c61ba2e0923d297219683dd5fd2e5bb727da367dc80bbfd |
---|---|
ZipUncompressedSize: | 282112 |
ZipCompressedSize: | 136847 |
ZipCRC: | 0x11f8e6cc |
ZipModifyDate: | 1980:00:00 00:00:00 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0009 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3972 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\sup121.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3604 | "C:\Users\admin\Desktop\kik.exe" | C:\Users\admin\Desktop\kik.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Exit code: 3221226540 | ||||
3384 | "C:\Users\admin\Desktop\kik.exe" | C:\Users\admin\Desktop\kik.exe | explorer.exe | |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
576 | "C:\Users\admin\Desktop\kik.exe" | C:\Users\admin\Desktop\kik.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Exit code: 3221226540 | ||||
2132 | "C:\Users\admin\Desktop\kik.exe" | C:\Users\admin\Desktop\kik.exe | explorer.exe | |
User: admin Integrity Level: HIGH Exit code: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3972 | WinRAR.exe | C:\Users\admin\Desktop\6a577d9156c3734a6c61ba2e0923d297219683dd5fd2e5bb727da367dc80bbfd | executable | |
MD5:946945EE4555FC7F7ACED80904FE802F | SHA256:6A577D9156C3734A6C61BA2E0923D297219683DD5FD2E5BB727DA367DC80BBFD |