File name: | CyanideRaider.7z |
Full analysis: | https://app.any.run/tasks/8cd66971-7b15-434d-8419-cde5f91b0144 |
Verdict: | Malicious activity |
Analysis date: | May 20, 2022, 23:51:26 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-7z-compressed |
File info: | 7-zip archive data, version 0.4 |
MD5: | 3B08B9628547AB447E02D9A85E02071C |
SHA1: | CFC9303EEB5724DDC51F5BAB5DF32601EAA7E153 |
SHA256: | F50C5DCE7AB0765E2DA42245544D1D59B2DC4C4D42CDB6F30197CEB6016EE716 |
SSDEEP: | 49152:+Ru7GtlbErvgqHc/f8rqPUfOkus3STHV3y2JXTV5FD:P7u2j88CCW5yWXzh |
.7z | | | 7-Zip compressed archive (v0.4) (57.1) |
---|---|---|
.7z | | | 7-Zip compressed archive (gen) (42.8) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
568 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\CyanideRaider.7z" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
2932 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\system32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211) | ||||
3860 | "C:\Users\admin\Desktop\CyanideRaider\CyanideRaider.exe" | C:\Users\admin\Desktop\CyanideRaider\CyanideRaider.exe | Explorer.EXE | |
User: admin Integrity Level: MEDIUM | ||||
2628 | "C:\Windows\system32\taskmgr.exe" /4 | C:\Windows\system32\taskmgr.exe | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Task Manager Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
568 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa568.35663\CyanideRaider\CryptoPrivacy.dll | executable | |
MD5:37E18DF2A89FA43E722D8BDE4CD7144D | SHA256:EEA5A53ED9B009E0EF779C2802DEAE522275620CD5263E131BB6BDB1C7D6CBB0 | |||
3860 | CyanideRaider.exe | C:\Users\admin\AppData\Local\Minecraft\Gravity.exe | executable | |
MD5:696AE380C0C0EB1BA2F8B2F498328DB4 | SHA256:2D3A6593E7634314D64BCE21F0385FB8F2EC0080583EC3AF9B85F9ADE3B2FA7A | |||
568 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa568.35663\CyanideRaider\CyanideRaider.exe | executable | |
MD5:696AE380C0C0EB1BA2F8B2F498328DB4 | SHA256:2D3A6593E7634314D64BCE21F0385FB8F2EC0080583EC3AF9B85F9ADE3B2FA7A | |||
568 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa568.35663\CyanideRaider\TokenList.dll | executable | |
MD5:DE0069C4097C987BD30EBE8155A8AF35 | SHA256:83445595D38A8E33513B33DFC201983AF4746E5327C9BED470A6282D91D539B6 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 67.6.43.147:88 | zero-gravity.ddns.net | Qwest Communications Company, LLC | US | unknown |
3860 | CyanideRaider.exe | 67.6.43.147:88 | zero-gravity.ddns.net | Qwest Communications Company, LLC | US | unknown |
Domain | IP | Reputation |
---|---|---|
zero-gravity.ddns.net |
| unknown |
dns.msftncsi.com |
| shared |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET POLICY DNS Query to DynDNS Domain *.ddns .net |
— | — | Potentially Bad Traffic | ET POLICY DNS Query to DynDNS Domain *.ddns .net |
— | — | Potentially Bad Traffic | ET POLICY DNS Query to DynDNS Domain *.ddns .net |
— | — | Potentially Bad Traffic | ET POLICY DNS Query to DynDNS Domain *.ddns .net |
— | — | Potentially Bad Traffic | ET POLICY DNS Query to DynDNS Domain *.ddns .net |