File name: | Fatality.win [BY FORCE PROJECT].rar |
Full analysis: | https://app.any.run/tasks/0ca1fd94-8301-45db-81e4-ebeda290b8ea |
Verdict: | Malicious activity |
Analysis date: | September 18, 2019, 20:39:50 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | ADBB469A1F9011E79027BF8E609C1A7A |
SHA1: | CF0D6D0B0F63BAF57E3DD90CA7FD7BEC8ECE6BF9 |
SHA256: | EBC74A32FD9C76F18E667632EC179CF49A838AE0FC95C89EF0BAC94DB8975A89 |
SSDEEP: | 196608:xIYH6+Iu0DfjDTaA+Fdwn/2jLEBT5Dg59QtBCn2mK:yYnkXTaZzwujLEPa9QLC2mK |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3636 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Fatality.win [BY FORCE PROJECT].rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3504 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\КАК ЗАПУСТИТЬ.txt | C:\Windows\system32\NOTEPAD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3800 | "C:\Users\admin\Desktop\vcredist_x64.exe" | C:\Users\admin\Desktop\vcredist_x64.exe | explorer.exe | |
User: admin Company: Корпорация Майкрософт Integrity Level: MEDIUM Description: Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 Exit code: 1 Version: 12.0.30501.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3636 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3636.21911\Fatality.win.exe | executable | |
MD5:0DF0C02978814947FBF3EB463F587967 | SHA256:A83B0388C3F35D8A9498C098DE12D20D2D7528F66237BD91C3AB15F9E65088CF | |||
3636 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3636.21911\КАК ЗАПУСТИТЬ.txt | text | |
MD5:A3BF54C16C35A145CEF00470467B29FF | SHA256:08A66D32A68453AAD5FFB0283BA14DB0E28B20A96D62E282A99E874FFA28BB79 | |||
3800 | vcredist_x64.exe | C:\Users\admin\AppData\Local\Temp\dd_vcredist_amd64_20190918214043.log | text | |
MD5:D90955BFBB47C68ADD1E0EC2AC400DDB | SHA256:7CFEA28C29FF65FB38B47D86BC84377C4DDD10DA3694D8E012E7501FD8A91DD9 | |||
3636 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3636.21911\Rage.cfg | text | |
MD5:D63289C2EB7D39B5CA7B9AE12628AFA5 | SHA256:D145BB21FA8571DE7571F2303FB36A141FAD1C48288D0702B6D25772F41CDB7D | |||
3636 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb3636.21911\vcredist_x64.exe | executable | |
MD5:E74F5AC8F39FF69DDDCE07C8E1F7F943 | SHA256:4542BF0E828D4428260B2BC975DA5BC25D69C060E54176DAC1D14B5567EA67D1 | |||
3800 | vcredist_x64.exe | C:\Users\admin\AppData\Local\Temp\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}\.ba1\logo.png | image | |
MD5:D6BD210F227442B3362493D046CEA233 | SHA256:335A256D4779EC5DCF283D007FB56FD8211BBCAF47DCD70FE60DED6A112744EF | |||
3800 | vcredist_x64.exe | C:\Users\admin\AppData\Local\Temp\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}\.ba1\thm.xml | xml | |
MD5:0056F10A42638EA8B4BEFC614741DDD6 | SHA256:6B1BA0DEA830E556A58C883290FAA5D49C064E546CBFCD0451596A10CC693F87 | |||
3800 | vcredist_x64.exe | C:\Users\admin\AppData\Local\Temp\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}\.ba1\BootstrapperApplicationData.xml | xml | |
MD5:9E027E4B6BEBCDAC32A3DD91EBC8DDD3 | SHA256:A1B31D4316A6E6AF59ADABFB676F8BE0366E8305D9F856A30F85A2D337B73B89 | |||
3800 | vcredist_x64.exe | C:\Users\admin\AppData\Local\Temp\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}\.ba1\wixstdba.dll | executable | |
MD5:A52E5220EFB60813B31A82D101A97DCB | SHA256:E7C8E7EDD9112137895820E789BAAAECA41626B01FB99FEDE82968DDB66D02CF | |||
3800 | vcredist_x64.exe | C:\Users\admin\AppData\Local\Temp\{1a63c099-febd-4eaf-83ad-a82ea4fdac49}\.ba1\license.rtf | text | |
MD5:4AF54CC1ED7D168E4E6CC2DC6EB879A0 | SHA256:995F48F73BCC7605BD6943187F8E27DED78772B66046D8175931028FFCA3FACC |