File name: | 893f233ae06cf17b20b2dca9bf3c7dd3-sample.zip |
Full analysis: | https://app.any.run/tasks/fcffd34c-cf5f-4ad0-a874-a20456868f6f |
Verdict: | Malicious activity |
Analysis date: | April 15, 2019, 03:03:23 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | D57F40325EEF4014DAD5DC12709DA284 |
SHA1: | E4338ADF8376373C3DF2F74FA75C45AF5C5B52C1 |
SHA256: | FE6D8C293D4E6729B493EDBE1ABA63CA0AD6535C0CA8B2E87C8EE7BB5A13A247 |
SSDEEP: | 3072:/UA5Eq2IywVN3hs/Fh9JU2flt/POnLbogbVwzxbmehvEA30NOGaYo3a8vI32o:/Eq2IyU3hs/T9jdtO7wJmehvEA30eZ3m |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | 53559c1ecf0788f93bf1a99ad234b8d70ed8e35fec257d5d717af6ee02993c90.exe |
---|---|
ZipUncompressedSize: | 295210 |
ZipCompressedSize: | 154418 |
ZipCRC: | 0x31680c49 |
ZipModifyDate: | 2019:04:15 03:02:17 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0009 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2664 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\893f233ae06cf17b20b2dca9bf3c7dd3-sample.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3308 | "C:\Users\admin\AppData\Local\Temp\Rar$EXb2664.42314\53559c1ecf0788f93bf1a99ad234b8d70ed8e35fec257d5d717af6ee02993c90.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXb2664.42314\53559c1ecf0788f93bf1a99ad234b8d70ed8e35fec257d5d717af6ee02993c90.exe | WinRAR.exe | |
User: admin Integrity Level: MEDIUM |
(PID) Process: | (2664) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (2664) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (2664) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\62\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (2664) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\893f233ae06cf17b20b2dca9bf3c7dd3-sample.zip | |||
(PID) Process: | (2664) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (2664) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (2664) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (2664) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (2664) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface |
Operation: | write | Name: | ShowPassword |
Value: 0 | |||
(PID) Process: | (2664) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
Operation: | write | Name: | UNCAsIntranet |
Value: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3308 | 53559c1ecf0788f93bf1a99ad234b8d70ed8e35fec257d5d717af6ee02993c90.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\LeiaMe.htm | executable | |
MD5:1620544749DE4E313CF02481DDA249B4 | SHA256:B09B7D37EA702FE0D0B10C636C4315CD44F0DA7D47F45DC36871493F5B0DDBB7 | |||
3308 | 53559c1ecf0788f93bf1a99ad234b8d70ed8e35fec257d5d717af6ee02993c90.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Leame.htm | executable | |
MD5:9C21C025AB653F7B161C24F62C17FD2D | SHA256:12FBBC5D4FE624989D389924A507B735923515E3A6435F98EC4CA22DC6A8B857 | |||
3308 | 53559c1ecf0788f93bf1a99ad234b8d70ed8e35fec257d5d717af6ee02993c90.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Benioku.htm | executable | |
MD5:3A1B86BE85A45651D23D6D5E91792FB7 | SHA256:5F134606A0FBA2828548088FD309AE7A265422377AB30E1E0F6BB545D8A253FA | |||
3308 | 53559c1ecf0788f93bf1a99ad234b8d70ed8e35fec257d5d717af6ee02993c90.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\IrakHau.htm | executable | |
MD5:B6DAB2502EC3308AA70E7BFD1D1937C9 | SHA256:5CC09B31451F502CC047ED41D009D87104F8F459FD643A03BFD8E39F8BC744B2 | |||
3308 | 53559c1ecf0788f93bf1a99ad234b8d70ed8e35fec257d5d717af6ee02993c90.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Leggimi.htm | executable | |
MD5:3E24AC9FDB38338E54857B9DE736DD37 | SHA256:48AB5A26E2F4DEF22DCE17B95CFCAA7B8AEF8DD44AEE05DF153F5C38AB9D73CE | |||
3308 | 53559c1ecf0788f93bf1a99ad234b8d70ed8e35fec257d5d717af6ee02993c90.exe | C:\$Recycle.Bin\S-1-5-21-1302019708-1500728564-335382590-1000\desktop.ini | executable | |
MD5:D0350ECE0FBDB94D85A87B8CC599D5FA | SHA256:A7AB66AAD883DAB5EF6E4843D92722D31AD76C16D47F413890766261B5D9F350 | |||
2664 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb2664.42314\53559c1ecf0788f93bf1a99ad234b8d70ed8e35fec257d5d717af6ee02993c90.exe | executable | |
MD5:4C320E563C8A2209546D3F03F0BE1EE0 | SHA256:53559C1ECF0788F93BF1A99AD234B8D70ED8E35FEC257D5D717AF6EE02993C90 | |||
3308 | 53559c1ecf0788f93bf1a99ad234b8d70ed8e35fec257d5d717af6ee02993c90.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Reader\AcroApp\CAT\AppCenter_R.aapp | executable | |
MD5:46DD37DF40A4B2AEE9DC5240D1C0BE2E | SHA256:DD8A8B880FDC0BD8AE0E9E173F08A25CC6E6C9615C30AD6DCC19C3EDAE5CA733 | |||
3308 | 53559c1ecf0788f93bf1a99ad234b8d70ed8e35fec257d5d717af6ee02993c90.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\LueMinut.htm | executable | |
MD5:AA6D53B082DF5B5C7656E62B23821D59 | SHA256:C58C631FBCC15DD9BE57A5B4A6DD3E0CAFB4AE74A5CC02ED892660CA24FA6959 | |||
3308 | 53559c1ecf0788f93bf1a99ad234b8d70ed8e35fec257d5d717af6ee02993c90.exe | C:\Users\admin\AppData\Local\VirtualStore\Program Files\Adobe\Acrobat Reader DC\Llegiu-me.htm | executable | |
MD5:33E91A390CC5E5AA6871062EE7574B55 | SHA256:1837FE17A6E09C720C2F0D2E0A44BB100F159D8A7F80592D543BCC31A48F7DAB |