File name: | JDhlV5V0XkF_Twitch-Booster.zip |
Full analysis: | https://app.any.run/tasks/c78738a8-7596-4806-aec4-fd2dbdc86572 |
Verdict: | Malicious activity |
Analysis date: | May 30, 2020, 07:06:27 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 1060940B935E005B5929CFED504A1E7D |
SHA1: | 3CECD21EB5CD9E1D300F6A96191A85F471B98F93 |
SHA256: | E00E8CFFA177DFE69F25E1189A1553C29B2CFD36C842FF0C1D184C10E90BEC42 |
SSDEEP: | 98304:+Mtc++luPSrDBHq4wylheU6Btmic0Ezf1dBeqUipRM3HFEiU8:6hlQKBxlhejOfzFeqHiHFEiU8 |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2676 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\JDhlV5V0XkF_Twitch-Booster.zip.rar" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2440 | "C:\Users\admin\Desktop\Twitch Booster\melter.exe" | C:\Users\admin\Desktop\Twitch Booster\melter.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
1540 | cmd /c ""C:\Users\admin\Desktop\Twitch Booster\StreamHelpersSetup.bat" " | C:\Windows\system32\cmd.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
324 | timeout /t 5 /nobreak | C:\Windows\system32\timeout.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: timeout - pauses command processing Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2908 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\Desktop\Twitch Booster\Parle.vbs" | C:\Windows\System32\WScript.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 3221225547 Version: 5.8.7600.16385 | ||||
3712 | timeout /t 15 /nobreak | C:\Windows\system32\timeout.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: timeout - pauses command processing Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3024 | taskkill /F /IM chrome.exe | C:\Windows\system32\taskkill.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Terminates Processes Exit code: 128 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1784 | taskkill /F /IM iexplore.exe | C:\Windows\system32\taskkill.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Terminates Processes Exit code: 128 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3264 | taskkill /F /IM java.ewe | C:\Windows\system32\taskkill.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Terminates Processes Exit code: 128 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3728 | taskkill /F /IM javaw.exe | C:\Windows\system32\taskkill.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Terminates Processes Exit code: 128 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2676 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2676.24887\Twitch Booster\Dance.mp3 | — | |
MD5:— | SHA256:— | |||
2676 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2676.24887\Twitch Booster\melter.exe | — | |
MD5:— | SHA256:— | |||
2676 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2676.24887\Twitch Booster\msgbox.vbs | — | |
MD5:— | SHA256:— | |||
2676 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2676.24887\Twitch Booster\music.vbs | — | |
MD5:— | SHA256:— | |||
2676 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2676.24887\Twitch Booster\Parle.vbs | — | |
MD5:— | SHA256:— | |||
2676 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2676.24887\Twitch Booster\StreamHelpersSetup.bat | — | |
MD5:— | SHA256:— | |||
2676 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2676.24887\Twitch Booster\StreamHelpersSetup.lnk | — | |
MD5:— | SHA256:— | |||
2908 | WScript.exe | C:\Users\admin\AppData\Roaming\Microsoft\Speech\Files\UserLexicons\SP_6C0E5B6B13BD4B29AC7028E5512E4C03.dat | binary | |
MD5:5C91934356F5F366A413F6D7D9D8A9D4 | SHA256:6342EDF8359644FD89F3B54CF66A4F5F43EC238970E4390EB4328909EABAFB02 |