File name: | BitCoin Private Key Finder.zip |
Full analysis: | https://app.any.run/tasks/1789f612-3537-49b9-9c86-18dbda137bd7 |
Verdict: | Malicious activity |
Analysis date: | January 24, 2022, 17:16:06 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 6D1108B20FAAC324D259588C4398C31F |
SHA1: | F90E71A475DFCF31D2DCA5D1E98717418E7D4281 |
SHA256: | E1BFDF5D83FA14C9BD54109306BDC04D70F2133CA2309400DA487CC1B16A35F9 |
SSDEEP: | 98304:gIepfby9+WDN9FrVwOcTDuCf19XVJeZvmZ7ySJbsGX:DSfbovR9FrVwlvuCf1ZVJWvkfwQ |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | Microsoft.Extensions.Logging.Abstractions.dll |
---|---|
ZipUncompressedSize: | 43512 |
ZipCompressedSize: | 19776 |
ZipCRC: | 0xa4e8bf39 |
ZipModifyDate: | 2016:06:22 09:14:28 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3504 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\BitCoin Private Key Finder.zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.91.0 | ||||
3524 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3504.26034\BitCoin Private Key Finder.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3504.26034\BitCoin Private Key Finder.exe | WinRAR.exe | |
User: admin Integrity Level: MEDIUM Exit code: 3221225786 |
(PID) Process: | (3504) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (3504) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (3504) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (3504) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
(PID) Process: | (3504) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
(PID) Process: | (3504) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\BitCoin Private Key Finder.zip | |||
(PID) Process: | (3504) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (3504) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (3504) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (3504) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3504 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3504.26034\Target\Wallets.txt | — | |
MD5:— | SHA256:— | |||
3504 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3504.26034\NBitcoin.dll | executable | |
MD5:7CDF4730FA13164F019A3477298576CD | SHA256:DEFEDF09303295EFF49EB88F8BC17E25CE189E2C6F54B95F8DEFF8ACAB726458 | |||
3504 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3504.26034\Newtonsoft.Json.dll | executable | |
MD5:2B8093898E84AEB87BB476FB9685E584 | SHA256:E5FA1EC7205FF6CCA95EB14560E1C70D7D39E86D3A89552448147DCB89243048 | |||
3504 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3504.26034\BitCoin Private Key Finder.exe | executable | |
MD5:FD261F013BB0BB07B2A829F366FC95AD | SHA256:C66C8C8CD4B96FB5CC384FA79EBADC043B3BB37C1A72D40A646E43BEDB76A52F | |||
3504 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3504.26034\QBitNinja.Client.dll | executable | |
MD5:A1B07FB4462F97D7A9654D76F46B2A6E | SHA256:7DCB504C6545C1752514C45F98A637A8DF6CC94D3590F51C74CB3FD4847C1841 | |||
3504 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3504.26034\System.Buffers.dll | executable | |
MD5:775985A0B99BD5B2CF3D231A279660CE | SHA256:E0DFE400D224DBBE40F22F6C66B995FFC350F4105F57FB587D9C59E911D912BE | |||
3504 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3504.26034\Microsoft.Extensions.Logging.Abstractions.dll | executable | |
MD5:73BF8E0F455668D5BC6DCA8DBC2750D2 | SHA256:D331EDF349A4CF8173B29DA9BF30101791F94C63CF68A68DA0EE9328F8704B98 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3524 | BitCoin Private Key Finder.exe | 23.102.12.43:443 | api.qbit.ninja | Microsoft Corporation | IE | unknown |
Domain | IP | Reputation |
---|---|---|
api.qbit.ninja |
| unknown |