File name: | analyze.zip |
Full analysis: | https://app.any.run/tasks/61de7681-2dcb-441b-b763-f3f771ea63c5 |
Verdict: | Malicious activity |
Analysis date: | October 20, 2020, 02:40:09 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 653BC28B0A9A3AD56DCCDDAAE143CCE7 |
SHA1: | DE93859A6A3A6850CAB1EF11E3AA5491F3A18262 |
SHA256: | F8DBD4F75EB3BF74F091F0AC2F7312FD15A15DF193B749FD8E73D3482AC62CCC |
SSDEEP: | 98304:9meZpw3w9E/1YYz2HcXKQpovegI7A0EIcoFZunq9:9mew3w9EdYl8aQpNsvoFZuq |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | analyze/ArConfig.dat |
---|---|
ZipUncompressedSize: | 1594 |
ZipCompressedSize: | 722 |
ZipCRC: | 0x9217c55e |
ZipModifyDate: | 2016:03:24 17:57:07 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2740 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\analyze.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3660 | "C:\Users\admin\Desktop\analyze\Unzip.exe" | C:\Users\admin\Desktop\analyze\Unzip.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Exit code: 4294967295 | ||||
2792 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\analyze\MobileBrServ.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
316 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2792.49640\mbbServiceSetup.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2792.49640\mbbServiceSetup.exe | — | WinRAR.exe |
User: admin Integrity Level: MEDIUM Exit code: 3221226540 | ||||
3380 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2792.49640\mbbServiceSetup.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2792.49640\mbbServiceSetup.exe | WinRAR.exe | |
User: admin Integrity Level: HIGH Exit code: 2 | ||||
3708 | "C:\Users\admin\AppData\Local\Temp\MobileBrServ\preinstall.exe" -C:\Users\admin\AppData\Local\Temp\Rar$EXa2792.49640\mbbServiceSetup.exe | C:\Users\admin\AppData\Local\Temp\MobileBrServ\preinstall.exe | — | mbbServiceSetup.exe |
User: admin Integrity Level: HIGH Exit code: 1 | ||||
3396 | "C:\Users\admin\AppData\Local\Temp\MobileBrServ\CompareVersion.exe " -22.001.29.01.03, | C:\Users\admin\AppData\Local\Temp\MobileBrServ\CompareVersion.exe | — | mbbServiceSetup.exe |
User: admin Integrity Level: HIGH Exit code: 3 | ||||
3976 | "C:\Program Files\MobileBrServ\mbbService.exe" -install | C:\Program Files\MobileBrServ\mbbService.exe | — | mbbServiceSetup.exe |
User: admin Integrity Level: HIGH Exit code: 0 Version: 22.001.29.01.03 | ||||
1968 | "C:\Program Files\MobileBrServ\mbbservice.exe" -service | C:\Program Files\MobileBrServ\mbbservice.exe | — | services.exe |
User: SYSTEM Integrity Level: SYSTEM Exit code: 0 Version: 22.001.29.01.03 | ||||
4048 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\enoughlinux.rtf" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Exit code: 0 Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2740.46858\analyze\HiLink.app\Contents\MacOS\HiLink | binary | |
MD5:3B86F4ECEFE953FF2C6863D6B5BE8E32 | SHA256:B7BAEB9629932B1D8B76AEF8F82E6939B4258B37E6B8AC3944B8077C1D75D10F | |||
2740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2740.46858\analyze\HiLink.app\Contents\Resources\mbbserviceopen.app\Contents\MacOS\mbbserviceopen | binary | |
MD5:7C10A0C9795D87C9B96BF4FC2E62D40A | SHA256:413B36A1597829B6CC8FA75D8D4508CC596C1CB5AB725B183EEC8F0856AEEAC8 | |||
2740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2740.46858\analyze\HiLink.app\Contents\Resources\English.lproj\Logo.icns | image | |
MD5:2A3ED0988F82466587F957A85AF5190B | SHA256:473793F76B4C4A3346D2ED9F4855C0CA868A9F46B4D7BC2CF4DBD7D13F420898 | |||
2740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2740.46858\analyze\HiLink.app\Contents\Resources\mbbserviceopen.app\Contents\Resources\English.lproj\InfoPlist.strings | text | |
MD5:D72878BB656F235C73B049056CD30DBA | SHA256:F1DCFF1F7CCD3FC1F1D311228CD568CAB6B9CCA62B12F8EB6D23566A4362481D | |||
2740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2740.46858\analyze\AUTORUN.INF | ini | |
MD5:6F995E3270D48B340203BBD809E22125 | SHA256:663DA6AA17C250F0C1624C0E4B97FB63DDEAF152BEEAD253BF09D870A0A2D31D | |||
2740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2740.46858\analyze\HiLink.app\Contents\Resources\mbbserviceopen.app\Contents\Resources\Logo.icns | image | |
MD5:2A3ED0988F82466587F957A85AF5190B | SHA256:473793F76B4C4A3346D2ED9F4855C0CA868A9F46B4D7BC2CF4DBD7D13F420898 | |||
2740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2740.46858\analyze\ArConfig.dat | text | |
MD5:9EB7280524AA212D1DCA53EFE1C0501C | SHA256:340A386325A680C68F6CD30331061D6B233B29946AD136F62FE4B0D5B26A0D57 | |||
2740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2740.46858\analyze\HiLink.app\Contents\Resources\Installer.png | image | |
MD5:0E9E279C003E7B59192C4096808A80F6 | SHA256:F6ABB05685BD9C61FABF63905E37471262D0729A78FCE52CFFACC6F38DC57958 | |||
2740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2740.46858\analyze\HiLink.app\Contents\Resources\English.lproj\custom.strings | text | |
MD5:64FC9B3091DC6AC8070EE183583E0C54 | SHA256:51880423A36197B329673D2D9BABD05A0E359D920BB557DDE8DCCFD2CB96C69D | |||
2740 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2740.46858\analyze\HiLink.app\Contents\Resources\English.lproj\InfoPlist.strings | text | |
MD5:2A40FBCE57C2DA3866B559285BCAE22F | SHA256:BD90AAB5CBEC49B11FEBC3F8056563488227BC08BD5F020F72B362C0157A314C |