File name: | HitmanPro.Alert.3.7.10.Build.789.zip |
Full analysis: | https://app.any.run/tasks/59151bcb-6211-454b-b25f-32857e316520 |
Verdict: | Malicious activity |
Analysis date: | September 18, 2019, 16:40:18 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v1.0 to extract |
MD5: | AE13C1E1D49A4F2A6603C99B1805B19D |
SHA1: | 38F656555CC2C82804C4F916AC016508667FA46E |
SHA256: | DEB3DAA2AFBD18A1BADB9416AE246A6780CA7C5E6981FC849C3AA5D943D9D470 |
SSDEEP: | 49152:nkl0MZNn4cLPLSxU5AJMvGg7Sck8C2SJyjAHNJEhdDqRH13TVG+fltIMS3b2bukv:n80M/n4lWQgGWAsHD03RGyl+Nqbd |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 10 |
---|---|
ZipBitFlag: | - |
ZipCompression: | None |
ZipModifyDate: | 2019:09:06 21:08:23 |
ZipCRC: | 0x00000000 |
ZipCompressedSize: | - |
ZipUncompressedSize: | - |
ZipFileName: | HitmanPro.Alert 3.7.10 Build 789 Multilingual/ |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3696 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\HitmanPro.Alert.3.7.10.Build.789.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3492 | "C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Desktop\HitmanPro.Alert 3.7.10 Build 789 Multilingual\Patch.zip" "C:\Users\admin\Desktop\HitmanPro.Alert 3.7.10 Build 789 Multilingual\" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2512 | "C:\Users\admin\Desktop\HitmanPro.Alert 3.7.10 Build 789 Multilingual\hitmanpro.alert.v3.7.0.717-patch.exe" | C:\Users\admin\Desktop\HitmanPro.Alert 3.7.10 Build 789 Multilingual\hitmanpro.alert.v3.7.0.717-patch.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Exit code: 3221226540 | ||||
2940 | "C:\Users\admin\Desktop\HitmanPro.Alert 3.7.10 Build 789 Multilingual\hitmanpro.alert.v3.7.0.717-patch.exe" | C:\Users\admin\Desktop\HitmanPro.Alert 3.7.10 Build 789 Multilingual\hitmanpro.alert.v3.7.0.717-patch.exe | explorer.exe | |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
2368 | "C:\Users\admin\Desktop\HitmanPro.Alert 3.7.10 Build 789 Multilingual\hmpalert3.exe" | C:\Users\admin\Desktop\HitmanPro.Alert 3.7.10 Build 789 Multilingual\hmpalert3.exe | — | explorer.exe |
User: admin Company: SurfRight B.V. Integrity Level: MEDIUM Description: HitmanPro.Alert Exit code: 1 Version: 3.7.10.789 | ||||
3500 | "C:\Users\admin\Desktop\HitmanPro.Alert 3.7.10 Build 789 Multilingual\hmpalert3.exe" /elevated /mode=cryptoguard | C:\Users\admin\Desktop\HitmanPro.Alert 3.7.10 Build 789 Multilingual\hmpalert3.exe | hmpalert3.exe | |
User: admin Company: SurfRight B.V. Integrity Level: HIGH Description: HitmanPro.Alert Exit code: 0 Version: 3.7.10.789 | ||||
2880 | "C:\Program Files\HitmanPro.Alert\hmpalert.exe" /service | C:\Program Files\HitmanPro.Alert\hmpalert.exe | services.exe | |
User: SYSTEM Company: SurfRight B.V. Integrity Level: SYSTEM Description: HitmanPro.Alert Exit code: 1 Version: 3.7.10.789 | ||||
2340 | "C:\Program Files\HitmanPro.Alert\hmpalert.exe" /tray | C:\Program Files\HitmanPro.Alert\hmpalert.exe | hmpalert.exe | |
User: admin Company: SurfRight B.V. Integrity Level: MEDIUM Description: HitmanPro.Alert Exit code: 1 Version: 3.7.10.789 | ||||
3932 | "C:\Users\admin\Desktop\HitmanPro.Alert 3.7.10 Build 789 Multilingual\hitmanpro.alert.v3.7.0.717-patch.exe" | C:\Users\admin\Desktop\HitmanPro.Alert 3.7.10 Build 789 Multilingual\hitmanpro.alert.v3.7.0.717-patch.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Exit code: 3221226540 | ||||
2432 | "C:\Users\admin\Desktop\HitmanPro.Alert 3.7.10 Build 789 Multilingual\hitmanpro.alert.v3.7.0.717-patch.exe" | C:\Users\admin\Desktop\HitmanPro.Alert 3.7.10 Build 789 Multilingual\hitmanpro.alert.v3.7.0.717-patch.exe | explorer.exe | |
User: admin Integrity Level: HIGH |
PID | Process | Filename | Type | |
---|---|---|---|---|
2880 | hmpalert.exe | C:\ProgramData\HitmanPro.Alert\excalibur.db-journal | — | |
MD5:— | SHA256:— | |||
2340 | hmpalert.exe | C:\Users\admin\AppData\Local\Temp\hmpalert.bf | — | |
MD5:— | SHA256:— | |||
3492 | WinRAR.exe | C:\Users\admin\Desktop\HitmanPro.Alert 3.7.10 Build 789 Multilingual\README.TXT | text | |
MD5:F6D08E520B01802D0C09572259C2D383 | SHA256:B1D4148ECC50D43105DEDAADEB8942771DA3995581ED6F49BA3E9DB268352585 | |||
3500 | hmpalert3.exe | C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro.Alert\HitmanPro.Alert.lnk | lnk | |
MD5:B339D9852E031ACB28EADEA1A6F2967D | SHA256:51C3B3C75F94CF1264636E9E539916C314FEF6F2E39F5664E1754FB6E11E7338 | |||
3696 | WinRAR.exe | C:\Users\admin\Desktop\HitmanPro.Alert 3.7.10 Build 789 Multilingual\hmpalert3.exe | executable | |
MD5:E8FE4B6D76994174F3A84086993ADC2A | SHA256:F0A9340F09F2CB58C5B7F0CE694376520AC5D0B36B8072E080C66CFA92C4F18D | |||
2940 | hitmanpro.alert.v3.7.0.717-patch.exe | C:\Users\admin\AppData\Local\Temp\XNX678.tmp | executable | |
MD5:8F070B6EBDBE8DDE835486641BCA6D91 | SHA256:62BD5B8ECD7EFF8CE624EC18014852DC91941C485EECC80CE4ECE99AD88AF4EE | |||
2880 | hmpalert.exe | C:\ProgramData\HitmanPro.Alert\reports\Report_1 | binary | |
MD5:CE63029BC382444D7F7985FE7EC5A442 | SHA256:1934EF23E4B5EDA8C56F4D3045C0D126C84C9B448125D7FCE6C7B06FFDFAB946 | |||
3492 | WinRAR.exe | C:\Users\admin\Desktop\HitmanPro.Alert 3.7.10 Build 789 Multilingual\hitmanpro.alert.v3.7.0.717-patch.exe | executable | |
MD5:0007A329177A5BBDCC46ECF739C8680F | SHA256:A51F9B67999DB9F9AF1A6026BAFC630BE723F11BD0B9754D031A9CF5BD34A563 | |||
3500 | hmpalert3.exe | C:\Windows\system32\drivers\hmpalert.sys | executable | |
MD5:105249813BDB57627FDB2DB9B5D47D3A | SHA256:1F49716B6BB6D2EACF8C50BCCC6D3928716E557FAD4299735284AD67F1CCC2C9 | |||
3500 | hmpalert3.exe | C:\Program Files\HitmanPro.Alert\hmpalert.exe | executable | |
MD5:E8FE4B6D76994174F3A84086993ADC2A | SHA256:F0A9340F09F2CB58C5B7F0CE694376520AC5D0B36B8072E080C66CFA92C4F18D |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2880 | hmpalert.exe | POST | 200 | 40.71.250.191:80 | http://activate.hitmanpro.nl/activaterequest.aspx | US | — | — | suspicious |
2880 | hmpalert.exe | POST | 200 | 40.71.250.191:80 | http://activate.hitmanpro.nl/activaterequest.aspx | US | — | — | suspicious |
2880 | hmpalert.exe | POST | 200 | 40.71.250.191:80 | http://activate.hitmanpro.nl/activaterequest.aspx | US | text | 1.50 Kb | suspicious |
2880 | hmpalert.exe | POST | 200 | 40.71.250.191:80 | http://activate.hitmanpro.nl/activaterequest.aspx | US | text | 428 b | suspicious |
2340 | hmpalert.exe | POST | 200 | 23.97.160.56:80 | http://alert.hitmanpro.com/report.ashx | NL | text | 29 b | suspicious |
2340 | hmpalert.exe | GET | 304 | 185.105.204.28:80 | http://updates.hitmanpro.com/hmpalert789.exe?f0a9340f09f2cb58c5b7f0ce694376520ac5d0b36b8072e080c66cfa92c4f18d | NL | binary | 7.76 Kb | suspicious |
2340 | hmpalert.exe | GET | 200 | 185.105.204.28:80 | http://updates.hitmanpro.com/hmpalert-blm1.bf | NL | binary | 7.76 Kb | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2880 | hmpalert.exe | 40.71.250.191:80 | activate.hitmanpro.nl | Microsoft Corporation | US | whitelisted |
2340 | hmpalert.exe | 23.97.160.56:80 | alert.hitmanpro.com | Microsoft Corporation | NL | whitelisted |
2340 | hmpalert.exe | 185.105.204.28:80 | updates.hitmanpro.com | Astralus B.V. | NL | suspicious |
Domain | IP | Reputation |
---|---|---|
alert.hitmanpro.com |
| suspicious |
activate.hitmanpro.nl |
| suspicious |
updates.hitmanpro.com |
| suspicious |
Process | Message |
---|---|
hmpalert.exe | Driver: IOCTL_002221C8 failed (error 50)
|
hmpalert.exe | Service: starting
|
hmpalert.exe | Driver: IOCTL_00222000 failed (error 50)
|
hmpalert.exe | Service: mode 2
|
hmpalert.exe | FalsePositiveManager: not initialized
|
hmpalert.exe | Settings: FlyoutFrequency failed
|
hmpalert.exe | Settings: WindowBorder failed
|
hmpalert.exe | Settings: WindowBorderAutoHide failed
|
hmpalert.exe | Settings: WindowBorderKbdGuard failed
|
hmpalert.exe | Driver: IOCTL_00222084 failed (error 50)
|