File name: | SoftAnalisis.zip |
Full analysis: | https://app.any.run/tasks/0c45224c-f384-44c3-8f1a-d5c398e97399 |
Verdict: | Malicious activity |
Analysis date: | October 04, 2022, 20:46:48 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 50ACFB00ADC3C10AEE8A32B513D7ABE8 |
SHA1: | ECB67A5D0A9EC5CAD64A3FF54CE5C7D89393F5A5 |
SHA256: | ED8EA86A2023FD79B817CBACC14DE71E38FAC1063EAD66FDCFF19232F96B9AF3 |
SSDEEP: | 196608:eVeIq39QG8NOlOdsWNJQ1x1ubA3ENnW00dWAiEBjpF:QwQG8v/MXoAdjbiapF |
.zip | | | ZIP compressed archive (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3472 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\SoftAnalisis.zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.91.0 | ||||
1596 | "rundll32.exe" dfshim.dll,ShOpenVerbApplication C:\Users\admin\AppData\Local\Temp\Rar$DIa3472.8363\SEG_ApplicationLayer.application | C:\Windows\system32\rundll32.exe | — | WinRAR.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3784 | "C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe | rundll32.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: ClickOnce Version: 4.0.30319.34209 built by: FX452RTMGDR | ||||
1880 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3472.11908\SoftAnalisis\setup.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3472.11908\SoftAnalisis\setup.exe | — | WinRAR.exe |
User: admin Integrity Level: MEDIUM Description: Setup Exit code: 0 Version: 16.0.31206.173 built by: D16.10 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3472 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3472.11908\SoftAnalisis\Application Files\SEG_ApplicationLayer_1_0_0_2\C1.Win.C1FlexGrid.4.dll.deploy | executable | |
MD5:895DF8EB310F9D46964D4391290774CD | SHA256:9F7A914859C67A6A34145020238F4161DD07E5A5837DB02C7C344368405F90FD | |||
3472 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3472.11908\SoftAnalisis\Application Files\SEG_ApplicationLayer_1_0_0_2\C1.Win.C1InputPanel.4.dll.deploy | executable | |
MD5:6161AE9A14F7EEC828643F03A940362D | SHA256:E01A7735F8EF4A4DA3C3E20BE6B86004ED5425C4686E75FC805D57411FF22B84 | |||
3472 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3472.11908\SoftAnalisis\Application Files\SEG_ApplicationLayer_1_0_0_2\C1.C1Excel.4.dll.deploy | executable | |
MD5:61B27A959E979EA10FA3A97750438BD1 | SHA256:D1280087DE8BB8731864C8AC86BF10F5296024D18ED717BE677D3B0F308D1320 | |||
3472 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3472.11908\SoftAnalisis\Application Files\SEG_ApplicationLayer_1_0_0_2\CommonApplication.dll.deploy | executable | |
MD5:C8DF57832FD5422534A69FD82E4BDA8C | SHA256:9756AD0A34004A627DD4101D3F45021F06FB0D5928C7BA2FAF9050B72CEBBD5E | |||
3472 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3472.11908\SoftAnalisis\Application Files\SEG_ApplicationLayer_1_0_0_2\C1.Win.C1Chart.4.dll.deploy | executable | |
MD5:D24645C631DE441E51E51211C4DF4269 | SHA256:A347966760955CDB368EEF9122E979949F6D66BF1C36A159AA6C3F744843F76D | |||
3784 | dfsvc.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PO2HN1X2\6DLW9JGQ.log | text | |
MD5:65234269F3AAAA3F19E9900060C98D04 | SHA256:0A88FD6BC3B64C2EF67C1F551166A8D6BF743F000AF9FB26E13ADFBAF3A1724D | |||
3472 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3472.11908\SoftAnalisis\Application Files\SEG_ApplicationLayer_1_0_0_2\C1.Win.C1Input.4.dll.deploy | executable | |
MD5:254B7A48B05675961F63008CF028438E | SHA256:1F5C6FE80B9CFE0C990095DD77171C386D04BDDB07E88399CD41B81C14E68B55 | |||
3472 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3472.11908\SoftAnalisis\Application Files\SEG_ApplicationLayer_1_0_0_2\C1.Win.C1Sizer.4.dll.deploy | executable | |
MD5:00E0F11EA946B7BACE40740C2779AC22 | SHA256:3813BB937A91CA24EF3FA28579B2852F9E8ACC6C2C9F97EF7EF576BC7C1E69D6 | |||
3784 | dfsvc.exe | C:\Users\admin\AppData\Local\Temp\Deployment\Q30PHD1Z.RJG\5LGYP4M5.XH8.application | xml | |
MD5:A69578C0A99D5628030A2BDAC72C3B0C | SHA256:828343C09014978D8DBC228602A94471270D94618AE14BEE813A8901FB1A3597 | |||
3472 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3472.11908\SoftAnalisis\Application Files\SEG_ApplicationLayer_1_0_0_2\CommonDataLayer.dll.deploy | executable | |
MD5:3445E6B09828E2CDFD95A49C84DC29C2 | SHA256:417C1AC4EAEBB7BA0BFB5F954F048EED4A42E33D3CD9CA6869F767FB79C550B8 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3784 | dfsvc.exe | 20.81.178.30:80 | apps.x-pertec.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | unknown |
Domain | IP | Reputation |
---|---|---|
apps.x-pertec.com |
| unknown |
dns.msftncsi.com |
| shared |
Process | Message |
---|---|
dfsvc.exe |
*** Status originated: -1073741811
*** Source File: d:\iso_whid\x86fre\base\isolation\hier_hierarchy.cpp, line 230
|
dfsvc.exe |
*** Status originated: -1073741811
*** Source File: d:\iso_whid\x86fre\base\isolation\hier_hierarchy.cpp, line 230
|
dfsvc.exe |
*** Status originated: -1073741811
*** Source File: d:\iso_whid\x86fre\base\isolation\hier_hierarchy.cpp, line 230
|