File name: | Debug.zip |
Full analysis: | https://app.any.run/tasks/ca23558c-5419-4e76-8dc2-e05d52c9fd22 |
Verdict: | Malicious activity |
Analysis date: | March 22, 2019, 00:42:45 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | FF5029CC1281128BC5B7E165247C7634 |
SHA1: | B036CE234F04CA3048A044C32C29F7674AB6A962 |
SHA256: | DC0E18A9AF2C0869E80A86F2F8DF93B385F27D7081A3EDC476FC8859405D33B3 |
SSDEEP: | 6144:tSr9WkagPTUO1XEXrVGOxzCsvjhTpGrqec0Ey3YNdYescwu:/kagpXIrVDljhTpG+6Ey3kYU7 |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | FixUrShitDiscord.exe |
---|---|
ZipUncompressedSize: | 15360 |
ZipCompressedSize: | 6628 |
ZipCRC: | 0x23d99e06 |
ZipModifyDate: | 2018:10:20 10:45:03 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1604 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Debug.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3592 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2800 | "C:\Users\admin\Desktop\FixUrShitDiscord.exe" | C:\Users\admin\Desktop\FixUrShitDiscord.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Description: FixUrShitDiscord Exit code: 3762504530 Version: 1.0.0.0 | ||||
1520 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\combo.txt | C:\Windows\system32\NOTEPAD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2656 | "C:\Users\admin\Desktop\FixUrShitDiscord.exe" | C:\Users\admin\Desktop\FixUrShitDiscord.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Description: FixUrShitDiscord Version: 1.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1604 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1604.39756\FixUrShitDiscord.exe | — | |
MD5:— | SHA256:— | |||
1604 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1604.39756\Newtonsoft.Json.dll | — | |
MD5:— | SHA256:— | |||
1604 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1604.39756\Newtonsoft.Json.xml | — | |
MD5:— | SHA256:— | |||
2656 | FixUrShitDiscord.exe | C:\Users\admin\Desktop\Cumsies.txt | html | |
MD5:86D929370FB245906151E74DF6B63273 | SHA256:409FA23CCD731D8392E2CB8A9125532B84165CCFDD0195BDACE42960B39D720C | |||
1520 | NOTEPAD.EXE | C:\Users\admin\Desktop\combo.txt | text | |
MD5:583D2DE601295B6B9850B561096EEBC2 | SHA256:94A2C24C45B770FEA88501A8F2D9D1469E83A38944B82D28674B5329326BCCDB | |||
2800 | FixUrShitDiscord.exe | C:\Users\admin\Desktop\Cumsies.txt | html | |
MD5:86D929370FB245906151E74DF6B63273 | SHA256:409FA23CCD731D8392E2CB8A9125532B84165CCFDD0195BDACE42960B39D720C |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2800 | FixUrShitDiscord.exe | 104.28.5.69:443 | proxyscrape.com | Cloudflare Inc | US | shared |
2800 | FixUrShitDiscord.exe | 104.27.189.178:443 | proxyscra.pe | Cloudflare Inc | US | shared |
2656 | FixUrShitDiscord.exe | 104.27.189.178:443 | proxyscra.pe | Cloudflare Inc | US | shared |
2656 | FixUrShitDiscord.exe | 104.28.5.69:443 | proxyscrape.com | Cloudflare Inc | US | shared |
Domain | IP | Reputation |
---|---|---|
proxyscra.pe |
| malicious |
proxyscrape.com |
| suspicious |