File name: | GABB.rar |
Full analysis: | https://app.any.run/tasks/494f1ab0-d33d-4c2d-8259-549e4ae49fec |
Verdict: | Malicious activity |
Analysis date: | August 08, 2020, 12:54:24 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 1A276B0117098EE94FADB1B1496D81DD |
SHA1: | CC9A7B76A5FF53950ACBE6E1AA27D579267305E1 |
SHA256: | FD1848088DCAF302B08C5CD95C225A3CE981332EB357E110BD1C95E19B4E8AEB |
SSDEEP: | 24576:4Kakz7ynLA37lPxV4y5N0OcyV2ceBL+kYtqQFy/FVNek0r19V:HakPynLAlv4y5JpJFqwx1n |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2288 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\GABB.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
468 | C:\Windows\Explorer.EXE | C:\Windows\explorer.exe | — | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2752 | "C:\Users\admin\Desktop\New folder\GABB Cleaned.exe" | C:\Users\admin\Desktop\New folder\GABB Cleaned.exe | explorer.exe | |
User: admin Integrity Level: MEDIUM Version: 1.0.0.0 | ||||
1248 | "C:\Users\admin\AppData\Local\Temp\GABB.exe" | C:\Users\admin\AppData\Local\Temp\GABB.exe | — | GABB Cleaned.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
3188 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\AppData\Local\Temp\GABB.ini | C:\Windows\system32\NOTEPAD.EXE | — | GABB Cleaned.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2288 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2288.11640\GABB Cleaned.exe | — | |
MD5:— | SHA256:— | |||
468 | explorer.exe | C:\Users\admin\Desktop\New folder\GABB Cleaned.exe | executable | |
MD5:4FA52E3B0FC5C828FA699BD385943192 | SHA256:C0B0A37BE2BF94355A82C680E929B55084EAB66040E2A7DAB6C6349C5D569245 | |||
2288 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2288.11640\GABB.ini | text | |
MD5:C4A166CFFF95A111FEA5474A95928F2C | SHA256:3B45F4BC47C7DEF7BDBE886DFECBBB5DBC8335998B4D925978A114DEFE8C8DC9 | |||
2752 | GABB Cleaned.exe | C:\Users\admin\AppData\Local\Temp\GABB.ini | text | |
MD5:78E850A5916CB4D96A41FE35D8007B7B | SHA256:81E4BBF799A67BCC0EC71BE5B4C34405D2982B25506685E6C40EB58B6709DF51 | |||
468 | explorer.exe | C:\Users\admin\Desktop\New folder\GABB.ini | text | |
MD5:C4A166CFFF95A111FEA5474A95928F2C | SHA256:3B45F4BC47C7DEF7BDBE886DFECBBB5DBC8335998B4D925978A114DEFE8C8DC9 | |||
468 | explorer.exe | C:\Users\admin\Desktop\GABB Cleaned.exe | executable | |
MD5:4FA52E3B0FC5C828FA699BD385943192 | SHA256:C0B0A37BE2BF94355A82C680E929B55084EAB66040E2A7DAB6C6349C5D569245 | |||
468 | explorer.exe | C:\Users\admin\Desktop\GABB.ini | text | |
MD5:C4A166CFFF95A111FEA5474A95928F2C | SHA256:3B45F4BC47C7DEF7BDBE886DFECBBB5DBC8335998B4D925978A114DEFE8C8DC9 | |||
468 | explorer.exe | C:\Users\admin\Desktop\GDLL.dll | executable | |
MD5:8A12CB004CDBAAA80114F3C183848EFD | SHA256:92C1C18666563DF90CCA6C49CDA917B569061AE23ECD1556148E231CD6420517 | |||
2752 | GABB Cleaned.exe | C:\Users\admin\AppData\Local\Temp\GABB.exe | executable | |
MD5:C38456546C2319303F3E40B0AB1FE9B6 | SHA256:621200CE896C664951FE89A0C04D282F6A633AE064B2D9D7E2C06F01FE743E00 | |||
1248 | GABB.exe | C:\Users\admin\Desktop\New folder\GABB.ini | text | |
MD5:B1B8FE3658ACFA008FC6B19C2CA7BCCB | SHA256:623E4356C58DFA235FB83EEBD1187D6C110000A66DE7CA9B30CD323C16D9BF11 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2752 | GABB Cleaned.exe | GET | 200 | 116.202.55.106:80 | http://icanhazip.com/ | IN | text | 14 b | shared |
2752 | GABB Cleaned.exe | GET | 200 | 116.202.55.106:80 | http://icanhazip.com/ | IN | text | 14 b | shared |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2752 | GABB Cleaned.exe | 116.202.55.106:80 | icanhazip.com | 334,Udyog Vihar | IN | malicious |
2752 | GABB Cleaned.exe | 104.27.143.46:443 | nusumu.wtf | Cloudflare Inc | US | malicious |
Domain | IP | Reputation |
---|---|---|
icanhazip.com |
| shared |
nusumu.wtf |
| unknown |
PID | Process | Class | Message |
---|---|---|---|
2752 | GABB Cleaned.exe | Attempted Information Leak | ET POLICY IP Check Domain (icanhazip. com in HTTP Host) |
2752 | GABB Cleaned.exe | Attempted Information Leak | ET POLICY IP Check Domain (icanhazip. com in HTTP Host) |