File name: | SoftAnalisis.zip |
Full analysis: | https://app.any.run/tasks/5614e3ad-f0cc-45c4-b397-792de40d11de |
Verdict: | Malicious activity |
Analysis date: | October 04, 2022, 20:29:11 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 50ACFB00ADC3C10AEE8A32B513D7ABE8 |
SHA1: | ECB67A5D0A9EC5CAD64A3FF54CE5C7D89393F5A5 |
SHA256: | ED8EA86A2023FD79B817CBACC14DE71E38FAC1063EAD66FDCFF19232F96B9AF3 |
SSDEEP: | 196608:eVeIq39QG8NOlOdsWNJQ1x1ubA3ENnW00dWAiEBjpF:QwQG8v/MXoAdjbiapF |
.zip | | | ZIP compressed archive (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3264 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\SoftAnalisis.zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.91.0 | ||||
3700 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3264.3177\SoftAnalisis\setup.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3264.3177\SoftAnalisis\setup.exe | — | WinRAR.exe |
User: admin Integrity Level: MEDIUM Description: Setup Exit code: 0 Version: 16.0.31206.173 built by: D16.10 | ||||
1748 | "C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe" | C:\Windows\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe | setup.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: ClickOnce Version: 4.0.30319.34209 built by: FX452RTMGDR | ||||
2612 | "rundll32.exe" dfshim.dll,ShOpenVerbApplication C:\Users\admin\AppData\Local\Temp\Rar$DIa3264.4277\SEG_ApplicationLayer.application | C:\Windows\system32\rundll32.exe | — | WinRAR.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2912 | "rundll32.exe" dfshim.dll,ShOpenVerbApplication C:\Users\admin\AppData\Local\Temp\Rar$DIa3264.4775\SEG_ApplicationLayer.application | C:\Windows\system32\rundll32.exe | — | WinRAR.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3264 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3264.3177\SoftAnalisis\Application Files\SEG_ApplicationLayer_1_0_0_2\C1.C1Excel.4.dll.deploy | executable | |
MD5:61B27A959E979EA10FA3A97750438BD1 | SHA256:D1280087DE8BB8731864C8AC86BF10F5296024D18ED717BE677D3B0F308D1320 | |||
3264 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3264.3177\SoftAnalisis\Application Files\SEG_ApplicationLayer_1_0_0_2\C1.Win.C1Command.4.dll.deploy | executable | |
MD5:7AFBEAE74D48A698FE615AAB231A590E | SHA256:60D9770DF7CB1966D9F2013F93F68DC7AA63EB5EBC1916F4AA543E1D943A9EA2 | |||
3264 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3264.3177\SoftAnalisis\Application Files\SEG_ApplicationLayer_1_0_0_2\CommonDataLayer.dll.deploy | executable | |
MD5:3445E6B09828E2CDFD95A49C84DC29C2 | SHA256:417C1AC4EAEBB7BA0BFB5F954F048EED4A42E33D3CD9CA6869F767FB79C550B8 | |||
3264 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3264.3177\SoftAnalisis\Application Files\SEG_ApplicationLayer_1_0_0_2\C1.Win.C1Schedule.4.dll.deploy | executable | |
MD5:4F7B631B0E046180D2CBC3CC2B37CBBB | SHA256:715EA72DFD8967EDA389523F422795A8F9DF388755131127715E1EA1802B07B5 | |||
3264 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3264.3177\SoftAnalisis\Application Files\SEG_ApplicationLayer_1_0_0_2\C1.Win.C1Sizer.4.dll.deploy | executable | |
MD5:00E0F11EA946B7BACE40740C2779AC22 | SHA256:3813BB937A91CA24EF3FA28579B2852F9E8ACC6C2C9F97EF7EF576BC7C1E69D6 | |||
3264 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3264.3177\SoftAnalisis\Application Files\SEG_ApplicationLayer_1_0_0_2\C1.Win.C1List.4.dll.deploy | executable | |
MD5:596806B394E776BF161EB0BD7FC93FB5 | SHA256:1B45C1A9F42990D1F46971DEE75C3A72D2E6BB2AE53EA8F201390E7343F59051 | |||
3264 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3264.3177\SoftAnalisis\Application Files\SEG_ApplicationLayer_1_0_0_2\C1.Win.C1InputPanel.4.dll.deploy | executable | |
MD5:6161AE9A14F7EEC828643F03A940362D | SHA256:E01A7735F8EF4A4DA3C3E20BE6B86004ED5425C4686E75FC805D57411FF22B84 | |||
3264 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3264.3177\SoftAnalisis\Application Files\SEG_ApplicationLayer_1_0_0_2\CON_DataLayer.dll.deploy | executable | |
MD5:111B1EC2AB9A7AD6D3298CADA6992457 | SHA256:7A651A8026A7EFC06CFB247C6591AB8580B76881F1CFCB47669FDCCFCA0C9F19 | |||
3264 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3264.3177\SoftAnalisis\Application Files\SEG_ApplicationLayer_1_0_0_2\C1.Win.C1Ribbon.4.dll.deploy | executable | |
MD5:C36E1F4970D5CC74E342D9FE172A904B | SHA256:BD4971C519A3E5A375F16F1256F80F5A61452E22C2F3C15767B2DE301E55FEAD | |||
3264 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3264.3177\SoftAnalisis\Application Files\SEG_ApplicationLayer_1_0_0_2\C1.Win.C1Input.4.dll.deploy | executable | |
MD5:254B7A48B05675961F63008CF028438E | SHA256:1F5C6FE80B9CFE0C990095DD77171C386D04BDDB07E88399CD41B81C14E68B55 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1748 | dfsvc.exe | GET | — | 20.81.178.30:80 | http://apps.x-pertec.com/SoftAnalisis/Application%20Files/SEG_ApplicationLayer_1_0_0_1/SEG_ApplicationLayer.exe.manifest | US | — | — | unknown |
1748 | dfsvc.exe | GET | 200 | 20.81.178.30:80 | http://apps.x-pertec.com/SoftAnalisis/SEG_ApplicationLayer.application | US | xml | 2.18 Kb | unknown |
1748 | dfsvc.exe | GET | 200 | 20.81.178.30:80 | http://apps.x-pertec.com/SoftAnalisis/SEG_ApplicationLayer.application | US | xml | 2.18 Kb | unknown |
1748 | dfsvc.exe | GET | 200 | 20.81.178.30:80 | http://apps.x-pertec.com/SoftAnalisis/Application%20Files/SEG_ApplicationLayer_1_0_0_1/SEG_ApplicationLayer.exe.manifest | US | xml | 34.0 Kb | unknown |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1748 | dfsvc.exe | 20.81.178.30:80 | apps.x-pertec.com | MICROSOFT-CORP-MSN-AS-BLOCK | US | unknown |
Domain | IP | Reputation |
---|---|---|
apps.x-pertec.com |
| unknown |
Process | Message |
---|---|
dfsvc.exe |
*** Status originated: -1073741811
*** Source File: d:\iso_whid\x86fre\base\isolation\hier_hierarchy.cpp, line 230
|
dfsvc.exe |
*** Status originated: -1073741811
*** Source File: d:\iso_whid\x86fre\base\isolation\hier_hierarchy.cpp, line 230
|
dfsvc.exe |
*** Status originated: -1073741811
*** Source File: d:\iso_whid\x86fre\base\isolation\hier_hierarchy.cpp, line 230
|
dfsvc.exe |
*** Status originated: -1073741811
*** Source File: d:\iso_whid\x86fre\base\isolation\hier_hierarchy.cpp, line 230
|
dfsvc.exe |
*** Status originated: -1073741811
*** Source File: d:\iso_whid\x86fre\base\isolation\hier_hierarchy.cpp, line 230
|
dfsvc.exe |
*** Status originated: -1073741811
*** Source File: d:\iso_whid\x86fre\base\isolation\hier_hierarchy.cpp, line 230
|