File name: | 2.rar |
Full analysis: | https://app.any.run/tasks/b2d27979-37bb-423f-8f48-641faf54d24d |
Verdict: | Malicious activity |
Analysis date: | February 10, 2019, 16:42:30 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | E81B648401165E53C123487DEC35908A |
SHA1: | E5F60A04D5A22AA524B6FB81E7A164F4101D6F3D |
SHA256: | EB86689834FD802BC5BF3851677F67DCF34B53D0CC481DD3E6759500C9BAAE05 |
SSDEEP: | 49152:gy+fn2fdmis/VDE+/Ia0co4rzxmheexa1i3iQoOp1:gl/Ywis/VDE+/smzxmhNxa4Db1 |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3060 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\2.rar" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2564 | "C:\Users\admin\Desktop\OP.GG SCRAPER (BETA)\OP.GG SCRAPER(BETA).exe" | C:\Users\admin\Desktop\OP.GG SCRAPER (BETA)\OP.GG SCRAPER(BETA).exe | explorer.exe | |
User: admin Company: fishing lowly Integrity Level: HIGH Description: OP.GG Exit code: 0 Version: 1.5.0.0 | ||||
4016 | "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\admin\AppData\Local\Temp\lbujwygd.cmdline" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | OP.GG SCRAPER(BETA).exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Visual C# Command Line Compiler Exit code: 0 Version: 4.6.1055.0 built by: NETFXREL2 | ||||
3372 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\admin\AppData\Local\Temp\RESE08D.tmp" "c:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CSC28C6249C648D472AB7F7EBD7BCD3B48.TMP" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | — | csc.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft® Resource File To COFF Object Conversion Utility Exit code: 0 Version: 12.00.52512.0 built by: VSWINSERVICING | ||||
2608 | "C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Defender.exe" | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Defender.exe | — | OP.GG SCRAPER(BETA).exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Defender Exit code: 0 Version: 1.8.0.0 | ||||
4052 | C:\Windows\system32\wbem\WmiApSrv.exe | C:\Windows\system32\wbem\WmiApSrv.exe | — | services.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: WMI Performance Reverse Adapter Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2984 | "C:\Users\admin\Desktop\OP.GG SCRAPER (BETA)\OP.GG SCRAPER(BETA).exe" | C:\Users\admin\Desktop\OP.GG SCRAPER (BETA)\OP.GG SCRAPER(BETA).exe | — | OP.GG SCRAPER(BETA).exe |
User: admin Company: fishing lowly Integrity Level: HIGH Description: OP.GG Version: 1.5.0.0 | ||||
3852 | "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\admin\AppData\Local\Temp\s1ho33zh.cmdline" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | Windows Defender.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Visual C# Command Line Compiler Exit code: 0 Version: 4.6.1055.0 built by: NETFXREL2 | ||||
3176 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\admin\AppData\Local\Temp\RES9FE.tmp" "c:\Users\admin\AppData\Roaming\Windows Defender\CSCCF7693A389B24F378165CAB6A76AC238.TMP" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | — | csc.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Microsoft® Resource File To COFF Object Conversion Utility Exit code: 0 Version: 12.00.52512.0 built by: VSWINSERVICING | ||||
2260 | "C:\Users\admin\AppData\Roaming\Windows Defender\svchost.exe" | C:\Users\admin\AppData\Roaming\Windows Defender\svchost.exe | Windows Defender.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows NT Kernel & System Version: 0.2.4.1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3060 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3060.47626\OP.GG SCRAPER (BETA)\HtmlAgilityPack.dll | — | |
MD5:— | SHA256:— | |||
3060 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3060.47626\OP.GG SCRAPER (BETA)\OP.GG SCRAPER(BETA).exe | — | |
MD5:— | SHA256:— | |||
2564 | OP.GG SCRAPER(BETA).exe | C:\Users\admin\AppData\Local\Temp\tmpDF74.tmp | — | |
MD5:— | SHA256:— | |||
2564 | OP.GG SCRAPER(BETA).exe | C:\Users\admin\AppData\Local\Temp\lbujwygd.0.cs | — | |
MD5:— | SHA256:— | |||
2564 | OP.GG SCRAPER(BETA).exe | C:\Users\admin\AppData\Local\Temp\lbujwygd.cmdline | — | |
MD5:— | SHA256:— | |||
4016 | csc.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CSC28C6249C648D472AB7F7EBD7BCD3B48.TMP | — | |
MD5:— | SHA256:— | |||
3372 | cvtres.exe | C:\Users\admin\AppData\Local\Temp\RESE08D.tmp | — | |
MD5:— | SHA256:— | |||
4016 | csc.exe | C:\Users\admin\AppData\Local\Temp\lbujwygd.out | — | |
MD5:— | SHA256:— | |||
2608 | Windows Defender.exe | C:\Users\admin\AppData\Roaming\Windows Defender\orj3.txt | — | |
MD5:— | SHA256:— | |||
2608 | Windows Defender.exe | C:\Users\admin\AppData\Local\Temp\tmp914.tmp | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2564 | OP.GG SCRAPER(BETA).exe | GET | 200 | 143.204.101.18:80 | http://tr.op.gg/ranking/level/page=5602 | US | html | 127 Kb | whitelisted |
2564 | OP.GG SCRAPER(BETA).exe | GET | 200 | 143.204.101.18:80 | http://tr.op.gg/ranking/level/page=5601 | US | html | 127 Kb | whitelisted |
2564 | OP.GG SCRAPER(BETA).exe | GET | 200 | 143.204.101.18:80 | http://tr.op.gg/ranking/level/page=5600 | US | html | 127 Kb | whitelisted |
2564 | OP.GG SCRAPER(BETA).exe | GET | 200 | 143.204.101.18:80 | http://tr.op.gg/ranking/level/page=5603 | US | html | 144 Kb | whitelisted |
2564 | OP.GG SCRAPER(BETA).exe | GET | 200 | 143.204.101.18:80 | http://tr.op.gg/ranking/level/page=5604 | US | html | 163 Kb | whitelisted |
1488 | iexplore.exe | GET | 200 | 13.107.5.80:80 | http://api.bing.com/qsml.aspx?query=asdasdasdasdas&maxwidth=253&rowheight=20§ionHeight=400&FORM=IE8SSC&market=en-us | US | xml | 222 b | whitelisted |
3532 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
2564 | OP.GG SCRAPER(BETA).exe | GET | 200 | 143.204.101.18:80 | http://tr.op.gg/ranking/level/page=5605 | US | html | 163 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2260 | svchost.exe | 88.99.66.31:443 | iplogger.com | Hetzner Online GmbH | DE | malicious |
1488 | iexplore.exe | 13.107.5.80:80 | api.bing.com | Microsoft Corporation | US | whitelisted |
2564 | OP.GG SCRAPER(BETA).exe | 143.204.101.18:80 | tr.op.gg | — | US | whitelisted |
2260 | svchost.exe | 140.82.118.4:443 | github.com | — | US | malicious |
3532 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
tr.op.gg |
| whitelisted |
github.com |
| shared |
iplogger.com |
| shared |
www.bing.com |
| whitelisted |
api.bing.com |
| whitelisted |