File name: | temp.zip |
Full analysis: | https://app.any.run/tasks/1b6edff5-f596-4f53-9473-93b59c938d5e |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 08:15:19 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 83195A6F21640194A50B43D652961D60 |
SHA1: | 12B8D616FCB65823F8FB8B1FEBAD5023CCC80E7E |
SHA256: | FCF98D06F11A92CF43621F9E0AE4F47706578E7F610B117F41E7D0221981700E |
SSDEEP: | 98304:ikbifE3IB9pzqu287kI0mjKzFfj0T3QXc15pbiA3s5AMosKQp:NmcYpwBj0T31PpbiI5Qp |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | tally.exe |
---|---|
ZipUncompressedSize: | 3985408 |
ZipCompressedSize: | 3874523 |
ZipCRC: | 0xae522c37 |
ZipModifyDate: | 2022:06:27 13:37:17 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0008 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2984 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\temp.zip" | C:\Program Files\WinRAR\WinRAR.exe | Explorer.EXE | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
2284 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\system32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Exit code: 0 Version: 7.00.7601.24542 (win7sp1_ldr_escrow.191209-2211) | ||||
2552 | "C:\Users\admin\Desktop\tally.exe" | C:\Users\admin\Desktop\tally.exe | Explorer.EXE | |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
1036 | "C:\Users\admin\Desktop\tally.exe" | C:\Users\admin\Desktop\tally.exe | Explorer.EXE | |
User: admin Integrity Level: HIGH |
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\16C\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\temp.zip | |||
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (2984) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2552 | tally.exe | C:\Users\admin\Desktop\tally_chk.tsf | binary | |
MD5:8214D1003F68A7D9B0356C0CBD7EEE1A | SHA256:E61C21CA716B3B1AEFB7D1198F83679C4CA4D596E5792275DD6203B49216237D | |||
2984 | WinRAR.exe | C:\Users\admin\Desktop\tally.exe | executable | |
MD5:D0C60FAE72EA3749F04B711B88230107 | SHA256:5FCF9C420BE4DB25D94B3159F2B1A03FED59A0BFC9BEA718D779DD9E69B6248E | |||
1036 | tally.exe | C:\Users\admin\Desktop\tally_chk.tsf | binary | |
MD5:8214D1003F68A7D9B0356C0CBD7EEE1A | SHA256:E61C21CA716B3B1AEFB7D1198F83679C4CA4D596E5792275DD6203B49216237D | |||
2984 | WinRAR.exe | C:\Users\admin\Desktop\tdlserver.dll | executable | |
MD5:B50F39B6BBA7BC7263061CB1C3BE2C07 | SHA256:E072B9A7882D18E2DCA4AB60BA2C2BC84007F949F77D90E7A2FBEB7FBA21DC66 | |||
2552 | tally.exe | C:\Users\admin\Desktop\tallycfg.tsf | binary | |
MD5:2EFE71418AAB7B75CA4770D19B10D29F | SHA256:0BA2D21F3D2411CA17713E653BB0D9CA7393553466B429F3DA28D8807D88516F | |||
2552 | tally.exe | C:\Users\admin\Desktop\tally.ini | text | |
MD5:01014940D28E9FB326822BD9FEBA26B1 | SHA256:3D26F80D84608C6ECB0A7769C06F8522C7972033A7483D580D9E9CA676DFC237 | |||
1036 | tally.exe | C:\Windows\system.ini | binary | |
MD5:03375244B38BF39ECEE5C747522946C2 | SHA256:75DBCE8DEC27DD350841A4161130BF0797CF5F9A1F405E17EBDB30F897A79192 | |||
2552 | tally.exe | C:\Users\admin\Desktop\tdlfunc.log | text | |
MD5:F3B25701FE362EC84616A93A45CE9998 | SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209 |
Process | Message |
---|---|
tally.exe |
%s------------------------------------------------
--- Themida Professional ---
--- (c)2007 Oreans Technologies ---
------------------------------------------------
|
tally.exe |
%s------------------------------------------------
--- Themida Professional ---
--- (c)2007 Oreans Technologies ---
------------------------------------------------
|