File name: | BANK ORDER 103-991-2920.rar |
Full analysis: | https://app.any.run/tasks/ffdd051a-479d-47a7-b03e-ea806926abb5 |
Verdict: | Malicious activity |
Analysis date: | March 31, 2020, 00:51:04 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32 |
MD5: | 4088AA700B9AAB0EA9A58188542AB0A5 |
SHA1: | 00CF014FC4087DA6E203DD9E224C6EFFB07A365F |
SHA256: | E584D5ABD2319076D8FD4D7BB7AC09F52723CD0C2E58990EECA2C0A8F9CABC5B |
SSDEEP: | 768:AxQrSTG3LLeOgpD0lLmKLZm3ieIyLrYgXMo:4QrR+103VmyshXMo |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
CompressedSize: | 24855 |
---|---|
UncompressedSize: | 102400 |
OperatingSystem: | Win32 |
ModifyDate: | 2020:03:29 22:04:04 |
PackingMethod: | Normal |
ArchivedFileName: | BANK ORDER 103-991-2920.bat |
PID | CMD | Path | Indicators | Parent process | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
3092 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\BANK ORDER 103-991-2920.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | ||||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 Modules
| |||||||||||||||
564 | "C:\Users\admin\AppData\Local\Temp\Rar$DIa3092.21532\BANK ORDER 103-991-2920.bat" | C:\Users\admin\AppData\Local\Temp\Rar$DIa3092.21532\BANK ORDER 103-991-2920.bat | — | WinRAR.exe | |||||||||||
User: admin Company: WONderware Integrity Level: MEDIUM Description: term Exit code: 0 Version: 1.00 Modules
| |||||||||||||||
3980 | "C:\Users\admin\AppData\Local\Temp\Rar$DIa3092.21532\BANK ORDER 103-991-2920.bat" | C:\Users\admin\AppData\Local\Temp\Rar$DIa3092.21532\BANK ORDER 103-991-2920.bat | BANK ORDER 103-991-2920.bat | ||||||||||||
User: admin Company: WONderware Integrity Level: MEDIUM Description: term Version: 1.00 Modules
|
PID | Process | Filename | Type | |
---|---|---|---|---|
3980 | BANK ORDER 103-991-2920.bat | C:\Users\admin\AppData\Local\Temp\CabD6E0.tmp | — | |
MD5:— | SHA256:— | |||
3980 | BANK ORDER 103-991-2920.bat | C:\Users\admin\AppData\Local\Temp\TarD6E1.tmp | — | |
MD5:— | SHA256:— | |||
3980 | BANK ORDER 103-991-2920.bat | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BE8B021F9E811DFC8C8A28572A17C05A_0B97942EE72A6E3F514E8E84F294CC72 | binary | |
MD5:93AFF03253948772E427D93878202E40 | SHA256:0FEC695D68633ACB5A99004BF81DA1EE83DC294C37B0D50453AA624D597708C6 | |||
3980 | BANK ORDER 103-991-2920.bat | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B | binary | |
MD5:C8728FBC0E0182896A4EF17969E56773 | SHA256:3271D8C449F1192D29AFBCDFFE7A9716B8517A18665773D98E585778DA448E69 | |||
3980 | BANK ORDER 103-991-2920.bat | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\U2815OK4.txt | text | |
MD5:7DA21B86A2C86906687A4EC39DC476DE | SHA256:A6E2173FD76392749E4F088FDC2ACC22176FC4578F86DCC1C85EBFB01EE20644 | |||
3980 | BANK ORDER 103-991-2920.bat | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CFE86DBBE02D859DC92F1E17E0574EE8_46766FC45507C0B9E264E4C18BC7288B | der | |
MD5:E550DA03AEE5B546B436CD553D3233B9 | SHA256:9ABFD4E29B96CCA442502B1DE6071FE0293455DF22B4EFF19FA3E6DF060947E7 | |||
3092 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa3092.21532\BANK ORDER 103-991-2920.bat | executable | |
MD5:AD300193C6D3FE69AFF036BF28DBFDF5 | SHA256:5E341F1110072646EF48DABA1E0E3040682A2B9470CC43F6BCCA0E9E3C7B2B40 | |||
3980 | BANK ORDER 103-991-2920.bat | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BE8B021F9E811DFC8C8A28572A17C05A_0B97942EE72A6E3F514E8E84F294CC72 | der | |
MD5:F26B1B29960D99AD1C44E71E3D2ABE4C | SHA256:7910B27AFDEE20EA27C4FA19221B1B63E00235E261E1A3FB9F1FB3456CBBB7AC |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3980 | BANK ORDER 103-991-2920.bat | GET | 200 | 172.217.16.195:80 | http://ocsp.pki.goog/gts1o1/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBRCRjDCJxnb3nDwj%2Fxz5aZfZjgXvAQUmNH4bhDrz5vsYJ8YkBug630J%2FSsCEQDL%2FQslYWVuogIAAAAAXGdc | US | der | 472 b | whitelisted |
3980 | BANK ORDER 103-991-2920.bat | GET | 200 | 172.217.16.195:80 | http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D | US | der | 468 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3980 | BANK ORDER 103-991-2920.bat | 172.217.21.206:443 | drive.google.com | Google Inc. | US | whitelisted |
3980 | BANK ORDER 103-991-2920.bat | 172.217.16.195:80 | ocsp.pki.goog | Google Inc. | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
drive.google.com |
| shared |
ocsp.pki.goog |
| whitelisted |