download: | LBMLv1.0.5.0.zip |
Full analysis: | https://app.any.run/tasks/eabbbf4c-f90b-4d59-98ca-6b601dc24819 |
Verdict: | Malicious activity |
Analysis date: | January 18, 2020, 12:56:20 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 6BAD8156568AE3F2E3450C360C4B22D4 |
SHA1: | ABD9C63A64C557E9ACEF9BC485AFE0747E8F6D07 |
SHA256: | F525700272B9587C519791C0D25F613BDDCF993D635B274BE7CEF2D148EAB832 |
SSDEEP: | 393216:nRrJ/F0glYrj7GCfmciD9DJj4ZfAEY8QAyWp6Qei1H:n1xF0g+n7GCe5D9cfVQe61ix |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | DirectXMap.dll |
---|---|
ZipUncompressedSize: | 158208 |
ZipCompressedSize: | 78300 |
ZipCRC: | 0x32924ca6 |
ZipModifyDate: | 2018:11:26 22:24:12 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2332 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\LBMLv1.0.5.0.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2176 | "C:\Windows\explorer.exe" | C:\Windows\explorer.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Exit code: 1 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3488 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
3176 | "C:\Users\admin\Downloads\LBMLv1.0.5.0\LittleBigMiningLog.exe" | C:\Users\admin\Downloads\LBMLv1.0.5.0\LittleBigMiningLog.exe | explorer.exe | |
User: admin Company: Digital Envision - www.digital-envision.com Integrity Level: MEDIUM Description: LittleBigMiningLog Exit code: 0 Version: 1.0.5.0 | ||||
2764 | "C:\Users\admin\Downloads\LBMLv1.0.5.0\LbmlTessaServer.exe" 0 | C:\Users\admin\Downloads\LBMLv1.0.5.0\LbmlTessaServer.exe | — | LittleBigMiningLog.exe |
User: admin Company: Digital Envision - www.digital-envision.com Integrity Level: MEDIUM Description: LBML Tessa Server Exit code: 0 Version: 1.0.0.0 | ||||
1560 | "C:\Users\admin\Downloads\LBMLv1.0.5.0\LbmlTessaServer.exe" 1 | C:\Users\admin\Downloads\LBMLv1.0.5.0\LbmlTessaServer.exe | — | LittleBigMiningLog.exe |
User: admin Company: Digital Envision - www.digital-envision.com Integrity Level: MEDIUM Description: LBML Tessa Server Exit code: 0 Version: 1.0.0.0 | ||||
2492 | dw20.exe -x -s 1296 | C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe | — | LittleBigMiningLog.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft .NET Error Reporting Shim Exit code: 0 Version: 2.0.50727.4927 (NetFXspW7.050727-4900) | ||||
4092 | "C:\Users\admin\Downloads\LBMLv1.0.5.0\LbmlUpdater.exe" | C:\Users\admin\Downloads\LBMLv1.0.5.0\LbmlUpdater.exe | LittleBigMiningLog.exe | |
User: admin Company: Digital Envision - www.digital-envision.com Integrity Level: MEDIUM Description: LBML Updater Exit code: 0 Version: 1.0.1.1 | ||||
2684 | "C:\Users\admin\Downloads\LBMLv1.0.5.0\updates\tmp_updater\LbmlUpdater_tmp.exe" | C:\Users\admin\Downloads\LBMLv1.0.5.0\updates\tmp_updater\LbmlUpdater_tmp.exe | LbmlUpdater.exe | |
User: admin Company: Digital Envision - www.digital-envision.com Integrity Level: MEDIUM Description: LBML Updater Exit code: 0 Version: 1.0.1.1 | ||||
1412 | "C:\Users\admin\Downloads\LBMLv1.0.5.0\LBMLUpdater.exe" | C:\Users\admin\Downloads\LBMLv1.0.5.0\LBMLUpdater.exe | LbmlUpdater_tmp.exe | |
User: admin Company: Digital Envision - www.digital-envision.com Integrity Level: MEDIUM Description: LBML Updater Exit code: 0 Version: 1.0.1.1 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2332 | WinRAR.exe | C:\Users\admin\Downloads\LBMLv1.0.5.0\Interop.SpeechLib.dll | executable | |
MD5:CE16ACC302A4735C901B242922D45943 | SHA256:3E286B391EAAA2EABC29B3A3C8FB784058A1F2B73459EB9060402D986C214A6F | |||
2332 | WinRAR.exe | C:\Users\admin\Downloads\LBMLv1.0.5.0\LbmlUpdater.exe | executable | |
MD5:D763573CC0D36D08BDCB03E6C92E27E2 | SHA256:2B804407685EFFF3DEC18FDF6C37D505377F748F9C51F74D48404F194442D171 | |||
2332 | WinRAR.exe | C:\Users\admin\Downloads\LBMLv1.0.5.0\LittleBigMiningLog.exe | executable | |
MD5:D1B251A6287F3E72F5D2362A3382406F | SHA256:93E5C2E17C9026C84214E85B1EC19261031D9AA779C673CC15EFBFBE7A00CB4D | |||
2332 | WinRAR.exe | C:\Users\admin\Downloads\LBMLv1.0.5.0\LbmlTessaServer.exe | executable | |
MD5:18F5D3F888FBCF8E60C25B71212BB37B | SHA256:CF558A7CF31EF435393C86E4FB9281C5E748594B565986B4FBB3802A72A8029C | |||
2332 | WinRAR.exe | C:\Users\admin\Downloads\LBMLv1.0.5.0\Maps\drop.dds | dds | |
MD5:96134963E2A6C1FAB9143DA57689D2BC | SHA256:3B81604D14A1E0B73ACFE40641068F01A8E587B4474E0A80288376984DF3D476 | |||
2332 | WinRAR.exe | C:\Users\admin\Downloads\LBMLv1.0.5.0\LittleBigMiningLog.exe.config | xml | |
MD5:9E1ABE8AEE5AB9E602928AAD14D2E96D | SHA256:413DF44234B39D16D98DBFBA3A217AA9C67A5C4522C68522BB9C39EBD486988F | |||
2332 | WinRAR.exe | C:\Users\admin\Downloads\LBMLv1.0.5.0\DirectXMap.dll | executable | |
MD5:7B203EA547DCF56DD1701DB64E8A2C42 | SHA256:FC9CA2D7767FB5B52057A88ADF5D93004919349259C5E1BDA23E542170E011BB | |||
2332 | WinRAR.exe | C:\Users\admin\Downloads\LBMLv1.0.5.0\Maps\map_ark_0.dds | dds | |
MD5:D9CD2B727C6F7E014D04052C332DC8A2 | SHA256:26E8941CF0934A9AA4CFB7C0B320ED7E1269CEAC19D2D520E60684D241D2CDA5 | |||
2332 | WinRAR.exe | C:\Users\admin\Downloads\LBMLv1.0.5.0\Maps\claim.dds | dds | |
MD5:8CD07FDB7E91C230B87F553DFD2F0B6D | SHA256:BEB566B76B030AAC96FFE2F78258EA02C1C9BECFAA1BE1DC2E2AF61124A7F5D8 | |||
2332 | WinRAR.exe | C:\Users\admin\Downloads\LBMLv1.0.5.0\filelist.dat | text | |
MD5:5795E1E28EE8E2AB0342100FB2DDCA5C | SHA256:C14DF4E60D095773347475302E5795447722B6F5B3EDFBC65DFA3BA2EC7FC99D |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
1160 | LittleBigMiningLog.exe | GET | 200 | 132.148.61.1:80 | http://www.mininglog.com/downloads/version2.php | US | text | 242 b | suspicious |
3176 | LittleBigMiningLog.exe | GET | 200 | 132.148.61.1:80 | http://www.mininglog.com/downloads/version2.php | US | text | 242 b | suspicious |
408 | LittleBigMiningLog.exe | GET | 200 | 132.148.61.1:80 | http://www.mininglog.com/getcertificate3.php | US | text | 1016 b | suspicious |
1820 | LbmlUpdater_tmp.exe | GET | 200 | 132.148.61.1:80 | http://www.mininglog.com/downloads/client2/LBMLv1.0.5.2.zip | US | compressed | 3.19 Mb | suspicious |
2684 | LbmlUpdater_tmp.exe | GET | 200 | 132.148.61.1:80 | http://www.mininglog.com/downloads/client2/LBMLv1.0.5.1.zip | US | compressed | 3.27 Mb | suspicious |
1160 | LittleBigMiningLog.exe | GET | 200 | 132.148.61.1:80 | http://www.mininglog.com/getcertificate3.php | US | text | 1016 b | suspicious |
408 | LittleBigMiningLog.exe | GET | 200 | 132.148.61.1:80 | http://www.mininglog.com/downloads/version2.php | US | text | 242 b | suspicious |
388 | iexplore.exe | GET | 200 | 132.148.61.1:80 | http://www.mininglog.com/account_create.php | US | html | 1.72 Kb | suspicious |
2684 | LbmlUpdater_tmp.exe | GET | 200 | 132.148.61.1:80 | http://www.mininglog.com/downloads/version2.php | US | text | 242 b | suspicious |
1820 | LbmlUpdater_tmp.exe | GET | 200 | 132.148.61.1:80 | http://www.mininglog.com/downloads/version2.php | US | text | 242 b | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2264 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3176 | LittleBigMiningLog.exe | 132.148.61.1:80 | www.mininglog.com | GoDaddy.com, LLC | US | suspicious |
408 | LittleBigMiningLog.exe | 132.148.61.1:80 | www.mininglog.com | GoDaddy.com, LLC | US | suspicious |
1820 | LbmlUpdater_tmp.exe | 132.148.61.1:80 | www.mininglog.com | GoDaddy.com, LLC | US | suspicious |
2684 | LbmlUpdater_tmp.exe | 132.148.61.1:80 | www.mininglog.com | GoDaddy.com, LLC | US | suspicious |
1160 | LittleBigMiningLog.exe | 132.148.61.1:80 | www.mininglog.com | GoDaddy.com, LLC | US | suspicious |
388 | iexplore.exe | 132.148.61.1:80 | www.mininglog.com | GoDaddy.com, LLC | US | suspicious |
2780 | LittleBigMiningLog.exe | 132.148.61.1:80 | www.mininglog.com | GoDaddy.com, LLC | US | suspicious |
388 | iexplore.exe | 172.217.16.206:80 | www.google-analytics.com | Google Inc. | US | whitelisted |
2264 | iexplore.exe | 132.148.61.1:80 | www.mininglog.com | GoDaddy.com, LLC | US | suspicious |
Domain | IP | Reputation |
---|---|---|
www.mininglog.com |
| suspicious |
www.bing.com |
| whitelisted |
www.google-analytics.com |
| whitelisted |
dns.msftncsi.com |
| shared |
PID | Process | Class | Message |
---|---|---|---|
2780 | LittleBigMiningLog.exe | Potential Corporate Privacy Violation | ET POLICY Unsupported/Fake Windows NT Version 5.0 |