File name: | Debug.rar |
Full analysis: | https://app.any.run/tasks/460aec41-edab-437b-bd26-8958925f4c8a |
Verdict: | Malicious activity |
Analysis date: | November 16, 2019, 13:16:30 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 78AE9CC8BE660A5555AF8F5DC01799AB |
SHA1: | C8103C2A69C25DC1591732B8144E1C0326EFB4B9 |
SHA256: | F9143EFB383F669D2D6012FA43194F229701A60F275C43EDE5A8BDC7F9ED0D51 |
SSDEEP: | 98304:Nm5qBP4fYidnn12HK/XYmTymOi4HLVxbAjBBM2z:Nuk4wEX/XYmJO1AjL |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1520 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Debug.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3464 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
2428 | "C:\Users\admin\Desktop\Debug\SMSiT POF2.exe" | C:\Users\admin\Desktop\Debug\SMSiT POF2.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Description: POF - CRACKER Exit code: 0 Version: 1.0.0.0 | ||||
776 | "C:\Users\admin\Desktop\Debug\SMSiT POF2.exe" | C:\Users\admin\Desktop\Debug\SMSiT POF2.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Description: POF - CRACKER Exit code: 0 Version: 1.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1520 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1520.21679\Debug\System.Windows.Forms.dll | — | |
MD5:— | SHA256:— | |||
1520 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1520.21679\Debug\xNet.dll | — | |
MD5:— | SHA256:— | |||
1520 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1520.21679\Debug\SMSiT POF.pdb | pdb | |
MD5:FB496878E758168F0D5289A7125B7DDD | SHA256:4EB0F34C2C6383DE42E67828E9F9E57AA72FED9375783D6FFBC6A7D4740ED9BA | |||
1520 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1520.21679\Debug\symbols.map | text | |
MD5:5375CFE14482C4D0CAACDCC0E9B418A1 | SHA256:B969970BDCAD2424B615CA0502669811FFECA0EBB5008D7C3BF7BC1F65D0D8E6 | |||
1520 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1520.21679\Debug\System.Drawing.dll | executable | |
MD5:6501CAEFB774E9F36DBCA541D99D8C9C | SHA256:0F84F4D9764B0EB7ECA237288671883F308B20CC3CED40923AF15E061B0E377B | |||
1520 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1520.21679\Debug\SuperEngine.dll | executable | |
MD5:1A747B12DC16AC54760AB52C06620EDF | SHA256:EA7F2057B2A5F65D2B25762AB2BC64C2A3AB106A3EF13B52E504A516A3C21418 | |||
1520 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1520.21679\Debug\SMSiT POF2.exe | executable | |
MD5:CF86A1D9F4D4E534EA82E36B92C39542 | SHA256:8C6F989FA4E95C0C81B515A1F940577B23B7B4066F966630037FA03E6D1C106A | |||
1520 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa1520.21679\Debug\System.dll | executable | |
MD5:E212D610EBBFE8FB77967BDBC1838006 | SHA256:D1411F108CA845B2F40B7483B261E643C0AE1EC8E6D529CC5B487EFECB99619B |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
776 | SMSiT POF2.exe | GET | 200 | 174.136.57.7:80 | http://pofhack.safensa.club/logout.php?u= | US | text | 5 b | suspicious |
2428 | SMSiT POF2.exe | GET | 200 | 174.136.57.7:80 | http://pofhack.safensa.club/logout.php?u= | US | text | 5 b | suspicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
776 | SMSiT POF2.exe | 174.136.57.7:80 | pofhack.safensa.club | Colo4, LLC | US | suspicious |
2428 | SMSiT POF2.exe | 174.136.57.7:80 | pofhack.safensa.club | Colo4, LLC | US | suspicious |
Domain | IP | Reputation |
---|---|---|
pofhack.safensa.club |
| suspicious |