File name: | 2.zip |
Full analysis: | https://app.any.run/tasks/d9fa6cb7-be3c-44c7-8990-e9afd2c4add0 |
Verdict: | Malicious activity |
Analysis date: | January 11, 2019, 07:30:13 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 48158C4908DDCB2411C9E3C1613E56FC |
SHA1: | 1B7376E407B3A84A0CC518B1CDF7EBDD87CD4479 |
SHA256: | F2963BA302BAAA602FEB4A66455607C6DCA15174C11264056898B24F3001D76A |
SSDEEP: | 49152:xkHckII3rcYuJapvRcATqJ8dBMmiAMBT432JHrFK6yrQ8tI9qq8KLUGfiEmgmb:xockN7pZBD88Uj9ok9qofiBtb |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | SpyAgent's 10 Step Guide to Total Stealth.url |
---|---|
ZipUncompressedSize: | 176 |
ZipCompressedSize: | 123 |
ZipCRC: | 0x8ea1cfb9 |
ZipModifyDate: | 2001:10:15 17:00:18 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2900 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\2.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2328 | "C:\Users\admin\Desktop\Setup(password=spytech).exe" | C:\Users\admin\Desktop\Setup(password=spytech).exe | explorer.exe | |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
2164 | "C:\PROGRA~1\SYSCON~1\driver-setup.exe" -s | C:\PROGRA~1\SYSCON~1\driver-setup.exe | Setup(password=spytech).exe | |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
1200 | "C:\Program Files\WinConfig\npf_mgm.exe" -r | C:\Program Files\WinConfig\npf_mgm.exe | — | driver-setup.exe |
User: admin Company: CACE Technologies Integrity Level: HIGH Description: npf_mgm Exit code: 0 Version: 3, 1, 0, 27 | ||||
3788 | "C:\Program Files\Internet Explorer\iexplore.exe" http://www.spytech-web.com/spyagent/stealthguide | C:\Program Files\Internet Explorer\iexplore.exe | Setup(password=spytech).exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3992 | "C:\Program Files\sysconfig\sysdiag.exe" | C:\Program Files\sysconfig\sysdiag.exe | Setup(password=spytech).exe | |
User: admin Integrity Level: HIGH | ||||
2388 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3788 CREDAT:79873 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
116 | C:\Windows\Explorer.EXE | C:\Windows\explorer.exe | — | — |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2900 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb2900.35436\Setup(password=spytech).exe | — | |
MD5:— | SHA256:— | |||
2328 | Setup(password=spytech).exe | C:\Users\admin\AppData\Local\Temp\~vis0000\miscdata.xyz | — | |
MD5:— | SHA256:— | |||
2328 | Setup(password=spytech).exe | C:\Users\admin\AppData\Local\Temp\~vis0000\sidesplash.bmp | image | |
MD5:C2B817930BFB31304C52DE7552767017 | SHA256:0C3EA61F357590CC4AF11A6780F2255EA376970F26512B698724512F9788CA90 | |||
2328 | Setup(password=spytech).exe | C:\Users\admin\AppData\Local\Temp\~vis0000\uninstal.log | text | |
MD5:6340F298B15A7AC60C4E9D3F8F68DC77 | SHA256:F6E574ACFD8449810E6D06E820859D44EC0A0C7128BF2C52970A9637914E8B77 | |||
2328 | Setup(password=spytech).exe | C:\Users\admin\AppData\Local\Temp\~vis0000\mainsplash.bmp | image | |
MD5:FC472B4B08065BBFCD14C51E9B1B62EE | SHA256:596EB1BBEBD7FCCFBF99D1C40E79E264493CBEF9BF10204C325722F7756EAAE3 | |||
2328 | Setup(password=spytech).exe | C:\Users\admin\AppData\Local\Temp\~vis0000\rollback.log | text | |
MD5:BD22C444351CA08A282D00841BDE7E64 | SHA256:4876AEB65CC35F6C079DFDDD77B313AF6E4806AEAF7DEB1CB60843C5F8D61CB2 | |||
116 | explorer.exe | C:\Users\admin\Desktop\Setup(password=spytech).exe | executable | |
MD5:16D51E066C3C6D00958586DE6F902395 | SHA256:00EF4B30031766EB014C90C995F37732850B1AD6BCC2F34D0BBA1CBBBEF81C83 | |||
2328 | Setup(password=spytech).exe | C:\Users\admin\AppData\Local\Temp\~vis0000\r0000000.000 | binary | |
MD5:3B0C38972C97F10AD92CBA030AB642A8 | SHA256:34FC3175F97293D3A2C3126ED216B099071624D0ABEAE5359381CC75A4374B3B | |||
2328 | Setup(password=spytech).exe | C:\Program Files\sysconfig\sysk32.dll | executable | |
MD5:7839E928C00E24EBB958A80E47426155 | SHA256:22B33B884E17FB6C872621DA6BB272F3C8EA271CA6F9C4E88EF1D6ACE25A7404 | |||
2328 | Setup(password=spytech).exe | C:\Users\admin\AppData\Local\Temp\~vis0000\rebootnt.exe | executable | |
MD5:C459E252866435ED8B928D1509C28DE2 | SHA256:4887FF02F8E45F5E03E351CB5156111659CC1B04FDCA9DAE3BD75CB99381DEDE |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2388 | iexplore.exe | GET | 301 | 184.154.69.210:80 | http://www.spytech-web.com/spyagent/stealthguide | US | html | 257 b | malicious |
3788 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3788 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
2388 | iexplore.exe | 184.154.69.210:80 | www.spytech-web.com | SingleHop, Inc. | US | malicious |
2388 | iexplore.exe | 184.154.69.210:443 | www.spytech-web.com | SingleHop, Inc. | US | malicious |
Domain | IP | Reputation |
---|---|---|
www.spytech-web.com |
| malicious |
www.bing.com |
| whitelisted |