File name: | Godzilla_loader_bulder.rar |
Full analysis: | https://app.any.run/tasks/a6b2e75b-3b14-47f6-9291-ab618e15e1f8 |
Verdict: | Malicious activity |
Analysis date: | March 21, 2019, 08:06:13 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32 |
MD5: | CF9B8442C30BA42717224A8C0B040710 |
SHA1: | 014618F7780AA06A4ADED1082CE4F739341CD2C0 |
SHA256: | F9331B3B4C5F4FA95CCF776C575F674D08D982CA7C8335AB473FDA9EC1F9574F |
SSDEEP: | 384:df4bDd6BK9g62lOUw+NXk8NFwd86fKDABnzcEGszhPByD:tCDdmKW6y7NVNud8SKMZzm6hPByD |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
CompressedSize: | 10892 |
---|---|
UncompressedSize: | 24576 |
OperatingSystem: | Win32 |
ModifyDate: | 2017:08:04 21:37:02 |
PackingMethod: | Normal |
ArchivedFileName: | builder.exe |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2924 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\Godzilla_loader_bulder.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
4044 | "C:\Users\admin\Desktop\builder.exe" | C:\Users\admin\Desktop\builder.exe | — | explorer.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
3104 | "C:\Users\admin\Desktop\cracked.exe" | C:\Users\admin\Desktop\cracked.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Exit code: 3221225547 | ||||
3520 | "C:\Windows\system32\cmd.exe" /c del C:\Users\admin\Desktop\cracked.exe >> NUL | C:\Windows\system32\cmd.exe | — | cracked.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3104 | cracked.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\ErrorPageTemplate[1] | — | |
MD5:— | SHA256:— | |||
3104 | cracked.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\errorPageStrings[1] | — | |
MD5:— | SHA256:— | |||
3104 | cracked.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\httpErrorPagesScripts[1] | text | |
MD5:E7CA76A3C9EE0564471671D500E3F0F3 | SHA256:58268CA71A28973B756A48BBD7C9DC2F6B87B62AE343E582CE067C725275B63C | |||
3104 | cracked.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\dnserrordiagoff_webOC[1] | html | |
MD5:3948EF3D9F9FB9FD68BFBBCDBDCFC605 | SHA256:1D5E9DC7114347EF6C6E7A89EBE73CAB3FA45CC9728943A5FFB3CB91ADF6E8FE | |||
3104 | cracked.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\errorPageStrings[1] | text | |
MD5:1A0563F7FB85A678771450B131ED66FD | SHA256:EB5678DE9D8F29CA6893D4E6CA79BD5AB4F312813820FE4997B009A2B1A1654C | |||
3104 | cracked.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\errorPageStrings[1] | text | |
MD5:1A0563F7FB85A678771450B131ED66FD | SHA256:EB5678DE9D8F29CA6893D4E6CA79BD5AB4F312813820FE4997B009A2B1A1654C | |||
3104 | cracked.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\down[1] | image | |
MD5:555E83CE7F5D280D7454AF334571FB25 | SHA256:70F316A5492848BB8242D49539468830B353DDAA850964DB4E60A6D2D7DB4880 | |||
2924 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2924.10138\cracked.exe | executable | |
MD5:6B553D6D754366C808F4E03176CD88BE | SHA256:3A964036206A3FBA6D8DC120B9F36EE9D4774E5162CF5A412A1597C1CBB75281 | |||
3104 | cracked.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H6QNMHE9\dnserrordiagoff_webOC[2] | html | |
MD5:3948EF3D9F9FB9FD68BFBBCDBDCFC605 | SHA256:1D5E9DC7114347EF6C6E7A89EBE73CAB3FA45CC9728943A5FFB3CB91ADF6E8FE | |||
3104 | cracked.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\I0488CJO\httpErrorPagesScripts[1] | text | |
MD5:E7CA76A3C9EE0564471671D500E3F0F3 | SHA256:58268CA71A28973B756A48BBD7C9DC2F6B87B62AE343E582CE067C725275B63C |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3104 | cracked.exe | GET | — | 198.54.117.212:80 | http://www.lll14042016.xyz/gate.php?from=@ | US | — | — | malicious |
3104 | cracked.exe | GET | — | 198.54.117.212:80 | http://www.lll14042016.xyz/gate.php?from=@ | US | — | — | malicious |
3104 | cracked.exe | GET | 302 | 192.64.119.78:80 | http://lll14042016.xyz/gate.php | US | html | 65 b | malicious |
3104 | cracked.exe | GET | 302 | 192.64.119.78:80 | http://lll14042016.xyz/gate.php | US | html | 65 b | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3104 | cracked.exe | 198.54.117.212:80 | www.lll14042016.xyz | Namecheap, Inc. | US | malicious |
3104 | cracked.exe | 192.64.119.78:80 | lll14042016.xyz | Namecheap, Inc. | US | suspicious |
Domain | IP | Reputation |
---|---|---|
shell.view |
| unknown |
lll14042016.xyz |
| malicious |
www.lll14042016.xyz |
| malicious |