File name: | 勒索.zip |
Full analysis: | https://app.any.run/tasks/e298bd57-46d4-4ab7-b212-111a9dbd8cd8 |
Verdict: | Malicious activity |
Analysis date: | October 14, 2019, 09:42:49 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v1.0 to extract |
MD5: | 440CC9EB487B0086F79B3676D85A22DD |
SHA1: | AD277997D7DA19CC557708BD6B05EB4AB3E21AF1 |
SHA256: | F26B5521334C7A7B9E00C9E9B62C0DCF597282648A20CC8680A661440E0D2C1A |
SSDEEP: | 98304:S8m9V0BzQIGjmfuhz7v00lGssJdw8rndYMCfANPMcxGjzyWGje+f3+bh2uuCSOGm:RpszDbf8zny5INMSGjuWsf3wjiGR+vy |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | ????1234.zip |
---|---|
ZipUncompressedSize: | 3145380 |
ZipCompressedSize: | 3145380 |
ZipCRC: | 0x212d8019 |
ZipModifyDate: | 2019:10:08 17:44:04 |
ZipCompression: | None |
ZipBitFlag: | - |
ZipRequiredVersion: | 10 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3940 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\勒索.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2644 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3940.20237\1961176758.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa3940.20237\1961176758.exe | — | WinRAR.exe |
User: admin Company: Integrity Level: MEDIUM Description: Foma Setup Exit code: 0 Version: 5.6.5.5 | ||||
3032 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3940.20237\1961176758.exe" /RSF /ppn:VPluUxWrQDZtznaRkw /mnl | C:\Users\admin\AppData\Local\Temp\Rar$EXa3940.20237\1961176758.exe | 1961176758.exe | |
User: admin Company: Integrity Level: HIGH Description: Foma Setup Exit code: 4294967206 Version: 5.6.5.5 | ||||
2772 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa3940.20237\1961176758.exe" /RSF /ppn:VPluUxWrQDZtznaRkw /_ShowProgress /mnl | C:\Users\admin\AppData\Local\Temp\Rar$EXa3940.20237\1961176758.exe | — | 1961176758.exe |
User: admin Company: Integrity Level: HIGH Description: Foma Setup Exit code: 259 Version: 5.6.5.5 | ||||
1556 | "C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\Rar$DIa3940.22598\+_-d1234.zip | C:\Program Files\WinRAR\WinRAR.exe | — | WinRAR.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2832 | "C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Desktop\勒索.zip" C:\Users\admin\Desktop\勒索\ | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2576 | "C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Desktop\勒索\+_-d1234.zip" C:\Users\admin\Desktop\勒索\+_-d1234\ | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2260 | "C:\Users\admin\Desktop\勒索\1961176758.exe" | C:\Users\admin\Desktop\勒索\1961176758.exe | — | explorer.exe |
User: admin Company: Integrity Level: MEDIUM Description: Foma Setup Exit code: 0 Version: 5.6.5.5 | ||||
940 | "C:\Users\admin\Desktop\勒索\1961176758.exe" /RSF /ppn:YyhwYgxaFRAiP211FM5W /mnl | C:\Users\admin\Desktop\勒索\1961176758.exe | 1961176758.exe | |
User: admin Company: Integrity Level: HIGH Description: Foma Setup Exit code: 4294967206 Version: 5.6.5.5 | ||||
2752 | "C:\Users\admin\Desktop\勒索\1961176758.exe" /RSF /ppn:YyhwYgxaFRAiP211FM5W /_ShowProgress /mnl | C:\Users\admin\Desktop\勒索\1961176758.exe | — | 1961176758.exe |
User: admin Company: Integrity Level: HIGH Description: Foma Setup Exit code: 259 Version: 5.6.5.5 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3032 | 1961176758.exe | C:\Users\admin\AppData\Local\Temp\0039EB26.log | — | |
MD5:— | SHA256:— | |||
3940 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3940.20237\+_-d1234.zip | compressed | |
MD5:6BB792692D23E859662AE87D2B22125E | SHA256:11DD3BBAF201BA19DA81FC33C232AB0807DA613B991C75ECDC633963F99764C0 | |||
3940 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa3940.20237\1961176758.exe | executable | |
MD5:448967DE111055B1A2976E4861B4A892 | SHA256:3D28328E3C73D49356F80AEE27DBCA20C99ECB108A1F90E2B4E4372C4FC2F31E | |||
3032 | 1961176758.exe | C:\Users\admin\AppData\Local\Temp\inH379575015198\css\ie6_main.css | text | |
MD5:AD234E6A62580F62019C78B2A718DE00 | SHA256:C4F2684F16C8E4553CC29C604A2F505399039638A34E652A7A1ACDEB157A0861 | |||
3032 | 1961176758.exe | C:\Users\admin\AppData\Local\Temp\inH379575015198\csshover3.htc | html | |
MD5:52FA0DA50BF4B27EE625C80D36C67941 | SHA256:E37E99DDFC73AC7BA774E23736B2EF429D9A0CB8C906453C75B14C029BDD5493 | |||
3032 | 1961176758.exe | C:\Users\admin\AppData\Local\Temp\inH379575015198\css\_functions.scss | text | |
MD5:8F7259DE64F6DDF352BF461F44D34A81 | SHA256:80EDC9D67172BC830D68D33F4547735FB072CADF3EF25AAB37A10B50DB87A069 | |||
3032 | 1961176758.exe | C:\Users\admin\AppData\Local\Temp\inH379575015198\css\ie6_main.scss | text | |
MD5:D10348D17ADF8A90670696728F54562D | SHA256:E8A3D15CF32009B01B9145B6E62FF6CAA9C2981F81CE063578C73C7ADFF08DFC | |||
3032 | 1961176758.exe | C:\Users\admin\AppData\Local\Temp\inH379575015198\css\swAgent.css | text | |
MD5:2543E3AF757C7D7C8A26C7CF57795F60 | SHA256:C38892A06C8F50C6386ED794AF4F1EA3E1897AD5F0C7E19594D9EA7B20CFB3F1 | |||
3032 | 1961176758.exe | C:\Users\admin\AppData\Local\Temp\inH379575015198\css\helpers\_colors.scss | text | |
MD5:2DA278FBB61E370E0CC9F548E8154E1C | SHA256:857A73FC1DA7CF54525048AA60EC9E2F07328EE1D718A66E3B17186170BB5B5B | |||
3032 | 1961176758.exe | C:\Users\admin\AppData\Local\Temp\inH379575015198\css\helpers\_border.scss | text | |
MD5:681FB7EB197E8E7EBD89F828D1181FD6 | SHA256:51E8AFA69ED6D92EB82F71939B0B8FD34EF23FAECEE457698238E5A4F28DF984 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3032 | 1961176758.exe | POST | 200 | 52.214.73.247:80 | http://dev.tosonamlasey.com/ | IE | — | — | malicious |
940 | 1961176758.exe | POST | 200 | 52.214.73.247:80 | http://dev.tosonamlasey.com/ | IE | — | — | malicious |
940 | 1961176758.exe | POST | 200 | 52.214.73.247:80 | http://dev.tosonamlasey.com/ | IE | — | — | malicious |
3032 | 1961176758.exe | POST | 200 | 52.214.73.247:80 | http://dev.tosonamlasey.com/ | IE | — | — | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3032 | 1961176758.exe | 52.214.73.247:80 | dev.tosonamlasey.com | Amazon.com, Inc. | IE | malicious |
940 | 1961176758.exe | 52.214.73.247:80 | dev.tosonamlasey.com | Amazon.com, Inc. | IE | malicious |
Domain | IP | Reputation |
---|---|---|
dev.tosonamlasey.com |
| malicious |
PID | Process | Class | Message |
---|---|---|---|
3032 | 1961176758.exe | Misc activity | ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M2 |
3032 | 1961176758.exe | Misc activity | ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M1 |
940 | 1961176758.exe | Misc activity | ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M2 |
940 | 1961176758.exe | Misc activity | ADWARE [PTsecurity] PUP.Optional.InstallCore Artifact M1 |