download: | Heart-Sender-V1.2_1.zip |
Full analysis: | https://app.any.run/tasks/8a3b91c6-3181-442c-9b1d-132313f8764c |
Verdict: | Malicious activity |
Analysis date: | February 22, 2020, 14:34:04 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v1.0 to extract |
MD5: | 483F2CA873DEA94669CE1707335D84EE |
SHA1: | 4D8C52F9C4C0C5F30795994D292A48D2B58B635D |
SHA256: | E1AC482B2273160DB19FA01F800F1358B49C22998B829E87B1F460EB5B86B543 |
SSDEEP: | 12288:/KkGX3wLOhAi8csBbucu5laA+ehdXSfNDtZbxuKOs2GkI93FEZx:/5GX3wA6cebgyA+e7XSFlu5sddS7 |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 10 |
---|---|
ZipBitFlag: | - |
ZipCompression: | None |
ZipModifyDate: | 2020:02:20 13:17:15 |
ZipCRC: | 0x00000000 |
ZipCompressedSize: | - |
ZipUncompressedSize: | - |
ZipFileName: | logs/ |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1500 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Heart-Sender-V1.2_1.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3424 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa1500.6696\Heart-Sender-V1.2.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa1500.6696\Heart-Sender-V1.2.exe | — | WinRAR.exe |
User: admin Company: HeartFamily Integrity Level: MEDIUM Description: Heart Sender V1 Exit code: 0 Version: 1.0.0.0 | ||||
4084 | "C:\Users\admin\Desktop\Heart-Sender-V1.2.exe" | C:\Users\admin\Desktop\Heart-Sender-V1.2.exe | — | explorer.exe |
User: admin Company: HeartFamily Integrity Level: MEDIUM Description: Heart Sender V1 Exit code: 0 Version: 1.0.0.0 | ||||
1916 | "C:\Users\admin\Desktop\setup.exe" | C:\Users\admin\Desktop\setup.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Exit code: 3221226540 | ||||
3508 | "C:\Users\admin\Desktop\setup.exe" | C:\Users\admin\Desktop\setup.exe | explorer.exe | |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
2760 | "C:\Users\admin\AppData\Roaming\Windows Network\Windows Network.exe" | C:\Users\admin\AppData\Roaming\Windows Network\Windows Network.exe | setup.exe | |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
3132 | "C:\Users\admin\Desktop\setup.exe" | C:\Users\admin\Desktop\setup.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Exit code: 3221226540 | ||||
4020 | "C:\Users\admin\Desktop\setup.exe" | C:\Users\admin\Desktop\setup.exe | explorer.exe | |
User: admin Integrity Level: HIGH | ||||
2828 | "C:\Users\admin\AppData\Roaming\Windows Network\Windows Network.exe" | C:\Users\admin\AppData\Roaming\Windows Network\Windows Network.exe | — | Windows Network.exe |
User: admin Integrity Level: HIGH |
PID | Process | Filename | Type | |
---|---|---|---|---|
1500 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1500.8267\Heart-Sender-V1.2.exe | — | |
MD5:— | SHA256:— | |||
1500 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1500.8553\setup.exe | — | |
MD5:— | SHA256:— | |||
3508 | setup.exe | C:\Users\admin\AppData\Roaming\Windows Network\Windows Network.exe:ZoneIdentifier | — | |
MD5:— | SHA256:— | |||
1500 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa1500.6696\Settings.ini | text | |
MD5:41679E215270290E80D2264E5335AA18 | SHA256:A2D5E22F98B7E97D90D7F2BBB0FB514B3951D0FFA9F4E87537BF1BAAFB5311E7 | |||
2760 | Windows Network.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Network.vbs | text | |
MD5:63E83CAC146354F1B2660FB3C533B22C | SHA256:E295DFCD2A515D4631A86E132996E0929DAA03EAA6863C798806C5DC1491231F | |||
1500 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa1500.6696\setup.exe | executable | |
MD5:A323D08293166506A9BA81A953ECD156 | SHA256:93A044F25C84FE757C1ED0AD5D7D75AB42BF6BBAC393AE3CCD78649A1183DA89 | |||
2828 | Windows Network.exe | C:\Users\admin\AppData\Local\Temp\FransescoPast.txt | text | |
MD5:999B8E36DD8728EFB1C5846A50106F59 | SHA256:CF8273FE85EF2985623E89A0DAD31A75527139C89C77D3D4308CC6A8A3698783 | |||
3508 | setup.exe | C:\Users\admin\AppData\Roaming\Windows Network\Windows Network.exe | executable | |
MD5:A323D08293166506A9BA81A953ECD156 | SHA256:93A044F25C84FE757C1ED0AD5D7D75AB42BF6BBAC393AE3CCD78649A1183DA89 | |||
4084 | Heart-Sender-V1.2.exe | C:\Users\admin\Desktop\Settings.ini | text | |
MD5:C264554E8E058A904B349426E9D55106 | SHA256:6F19282087AE76E463085C178CEB3866908AD76D775CDAE52DCDFA54208FCD6F | |||
4084 | Heart-Sender-V1.2.exe | C:\Users\admin\Desktop\license.txt | text | |
MD5:B28BA1C42E3F7AC4A232F995DB96F8E6 | SHA256:F9598EBA595AAB0895F5804807EAD4546E9C1770F10028D0FA843707A11F2897 |