File name: | 7.rar |
Full analysis: | https://app.any.run/tasks/5da91964-7498-4abb-975f-88b8d90d4933 |
Verdict: | Malicious activity |
Analysis date: | May 15, 2019, 17:26:21 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | FB553BD3A25E161048FC797BE53BA01B |
SHA1: | 7ACC8DE62C263875935176855D18979D9249A862 |
SHA256: | F1B2609A8073F9484501929ED8B83C82520E869F6EC4D678BD39F9F412693C30 |
SSDEEP: | 6144:nPIxTCdnmozY3MqstJ3zcGmDB0a+wqUYfisL3w2Ijfou2S6n:ng2qszgGmDBl+2Yzcdf30 |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2944 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\7.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
1880 | "C:\Users\admin\Desktop\browsercore32.exe" | C:\Users\admin\Desktop\browsercore32.exe | explorer.exe | |
User: admin Company: TeamDev Ltd Integrity Level: HIGH Description: BrowserCore Chromium Native Process Exit code: 3221225781 Version: 64.0.3282.24 | ||||
2288 | "C:\Users\admin\Desktop\var.exe" | C:\Users\admin\Desktop\var.exe | explorer.exe | |
User: admin Integrity Level: HIGH Exit code: 3221225477 | ||||
1360 | "C:\Users\admin\Desktop\var.exe" | C:\Users\admin\Desktop\var.exe | — | var.exe |
User: admin Integrity Level: HIGH |
(PID) Process: | (2944) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (2944) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (2944) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (2944) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\7.rar | |||
(PID) Process: | (2944) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (2944) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (2944) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (2944) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (2944) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\MainWin |
Operation: | write | Name: | Placement |
Value: 2C0000000200000003000000FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF42000000420000000204000037020000 | |||
(PID) Process: | (2944) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\General |
Operation: | write | Name: | LastFolder |
Value: C:\Users\admin\AppData\Local\Temp |
PID | Process | Filename | Type | |
---|---|---|---|---|
2944 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2944.21107\browsercore32.exe | executable | |
MD5:6764ED50217F55FE554E1371CBD49981 | SHA256:230C6410D62499D95E90F6EF9002258895C4ED53C05160A8937121120BB80604 | |||
2944 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2944.21107\var.exe | executable | |
MD5:F9687ACC2F4CB9B6D3E53DA73F1BAB65 | SHA256:1D9C8C3955A94816B92646041A690F2803874EB13B0841C4BDF8699643CA4C10 |