download: | LBMLv1.0.5.0.zip |
Full analysis: | https://app.any.run/tasks/8c34464e-c86c-4e68-a213-ef12ed90efe8 |
Verdict: | Malicious activity |
Analysis date: | January 18, 2020, 12:48:29 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 6BAD8156568AE3F2E3450C360C4B22D4 |
SHA1: | ABD9C63A64C557E9ACEF9BC485AFE0747E8F6D07 |
SHA256: | F525700272B9587C519791C0D25F613BDDCF993D635B274BE7CEF2D148EAB832 |
SSDEEP: | 393216:nRrJ/F0glYrj7GCfmciD9DJj4ZfAEY8QAyWp6Qei1H:n1xF0g+n7GCe5D9cfVQe61ix |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | Deflated |
ZipModifyDate: | 2018:11:26 22:24:12 |
ZipCRC: | 0x32924ca6 |
ZipCompressedSize: | 78300 |
ZipUncompressedSize: | 158208 |
ZipFileName: | DirectXMap.dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3140 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\LBMLv1.0.5.0.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3476 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2344 | "C:\Windows\explorer.exe" | C:\Windows\explorer.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
352 | C:\Windows\Explorer.EXE | C:\Windows\explorer.exe | — | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3468 | "C:\Users\admin\Downloads\LBMLv1.0.5.0\LittleBigMiningLog.exe" | C:\Users\admin\Downloads\LBMLv1.0.5.0\LittleBigMiningLog.exe | explorer.exe | |
User: admin Company: Digital Envision - www.digital-envision.com Integrity Level: MEDIUM Description: LittleBigMiningLog Exit code: 3762507597 Version: 1.0.5.0 | ||||
520 | "C:\Users\admin\Downloads\LBMLv1.0.5.0\LbmlTessaServer.exe" 0 | C:\Users\admin\Downloads\LBMLv1.0.5.0\LbmlTessaServer.exe | — | LittleBigMiningLog.exe |
User: admin Company: Digital Envision - www.digital-envision.com Integrity Level: MEDIUM Description: LBML Tessa Server Exit code: 0 Version: 1.0.0.0 | ||||
2876 | "C:\Users\admin\Downloads\LBMLv1.0.5.0\LbmlTessaServer.exe" 1 | C:\Users\admin\Downloads\LBMLv1.0.5.0\LbmlTessaServer.exe | — | LittleBigMiningLog.exe |
User: admin Company: Digital Envision - www.digital-envision.com Integrity Level: MEDIUM Description: LBML Tessa Server Exit code: 0 Version: 1.0.0.0 | ||||
1268 | dw20.exe -x -s 1300 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe | — | LittleBigMiningLog.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft .NET Error Reporting Shim Exit code: 0 Version: 2.0.50727.4927 (NetFXspW7.050727-4900) | ||||
2252 | "C:\Users\admin\Downloads\LBMLv1.0.5.0\LbmlUpdater.exe" | C:\Users\admin\Downloads\LBMLv1.0.5.0\LbmlUpdater.exe | explorer.exe | |
User: admin Company: Digital Envision - www.digital-envision.com Integrity Level: MEDIUM Description: LBML Updater Exit code: 0 Version: 1.0.1.1 | ||||
3976 | "C:\Users\admin\Downloads\LBMLv1.0.5.0\updates\tmp_updater\LbmlUpdater_tmp.exe" | C:\Users\admin\Downloads\LBMLv1.0.5.0\updates\tmp_updater\LbmlUpdater_tmp.exe | LbmlUpdater.exe | |
User: admin Company: Digital Envision - www.digital-envision.com Integrity Level: MEDIUM Description: LBML Updater Exit code: 0 Version: 1.0.1.1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3140 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3140.26524\LittleBigMiningLog.exe | — | |
MD5:— | SHA256:— | |||
3140 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3140.26524\LittleBigMiningLog.exe.config | — | |
MD5:— | SHA256:— | |||
3140 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3140.26524\Microsoft.DirectX.Direct3D.dll | — | |
MD5:— | SHA256:— | |||
3140 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3140.26524\Microsoft.DirectX.Direct3DX.dll | — | |
MD5:— | SHA256:— | |||
3140 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3140.26524\Microsoft.DirectX.dll | — | |
MD5:— | SHA256:— | |||
3140 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3140.26524\RemoteObjects.dll | — | |
MD5:— | SHA256:— | |||
3140 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3140.26524\System.Data.SQLite.dll | — | |
MD5:— | SHA256:— | |||
3140 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3140.26524\tessnet2_32.dll | — | |
MD5:— | SHA256:— | |||
3140 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3140.26524\Maps\claim.dds | — | |
MD5:— | SHA256:— | |||
3140 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3140.26524\Maps\claiminfo2.dds | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3468 | LittleBigMiningLog.exe | GET | 200 | 132.148.61.1:80 | http://www.mininglog.com/downloads/version2.php | US | text | 242 b | suspicious |
2608 | LbmlUpdater_tmp.exe | GET | 200 | 132.148.61.1:80 | http://www.mininglog.com/downloads/client2/LBMLv1.0.5.2.zip | US | compressed | 3.19 Mb | suspicious |
2608 | LbmlUpdater_tmp.exe | GET | 200 | 132.148.61.1:80 | http://www.mininglog.com/downloads/version2.php | US | text | 242 b | suspicious |
3976 | LbmlUpdater_tmp.exe | GET | 200 | 132.148.61.1:80 | http://www.mininglog.com/downloads/version2.php | US | text | 242 b | suspicious |
3976 | LbmlUpdater_tmp.exe | GET | 200 | 132.148.61.1:80 | http://www.mininglog.com/downloads/client2/LBMLv1.0.5.1.zip | US | compressed | 3.27 Mb | suspicious |
2564 | LittleBigMiningLog.exe | GET | 200 | 132.148.61.1:80 | http://www.mininglog.com/downloads/version2.php | US | text | 242 b | suspicious |
2208 | LittleBigMiningLog.exe | GET | 200 | 132.148.61.1:80 | http://www.mininglog.com/downloads/version2.php | US | text | 242 b | suspicious |
2208 | LittleBigMiningLog.exe | POST | 200 | 132.148.61.1:80 | http://www.mininglog.com/toolcomm3.php | US | text | 361 b | suspicious |
2208 | LittleBigMiningLog.exe | GET | 200 | 132.148.61.1:80 | http://www.mininglog.com/getcertificate3.php | US | text | 1016 b | suspicious |
2564 | LittleBigMiningLog.exe | GET | 200 | 132.148.61.1:80 | http://www.mininglog.com/getcertificate3.php | US | text | 1016 b | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3468 | LittleBigMiningLog.exe | 132.148.61.1:80 | www.mininglog.com | GoDaddy.com, LLC | US | suspicious |
2608 | LbmlUpdater_tmp.exe | 132.148.61.1:80 | www.mininglog.com | GoDaddy.com, LLC | US | suspicious |
2208 | LittleBigMiningLog.exe | 132.148.61.1:80 | www.mininglog.com | GoDaddy.com, LLC | US | suspicious |
3976 | LbmlUpdater_tmp.exe | 132.148.61.1:80 | www.mininglog.com | GoDaddy.com, LLC | US | suspicious |
2564 | LittleBigMiningLog.exe | 132.148.61.1:80 | www.mininglog.com | GoDaddy.com, LLC | US | suspicious |
Domain | IP | Reputation |
---|---|---|
www.mininglog.com |
| suspicious |
PID | Process | Class | Message |
---|---|---|---|
2208 | LittleBigMiningLog.exe | Potential Corporate Privacy Violation | ET POLICY Unsupported/Fake Windows NT Version 5.0 |