File name: | Website-Watcher 11.3 Incl Key.rar |
Full analysis: | https://app.any.run/tasks/11804a75-2ad0-41cf-956f-442af775001a |
Verdict: | Malicious activity |
Threats: | Ransomware is a type of malicious software that locks users out of their system or data using different methods to force them to pay a ransom. Most often, such programs encrypt files on an infected machine and demand a fee to be paid in exchange for the decryption key. Additionally, such programs can be used to steal sensitive information from the compromised computer and even conduct DDoS attacks against affected organizations to pressure them into paying. |
Analysis date: | June 02, 2019, 09:42:59 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v4, os: Win32 |
MD5: | F49B6D5C40EF5D4396F2CF6C4388C805 |
SHA1: | 02239BD15F4DCC06CCA6A0610A1E1C0162FE585E |
SHA256: | 6B88D565D987EB317865C5896FB72C1BA7BFE8C96B159A89B627052CC91D1648 |
SSDEEP: | 196608:3Ro2F53lylDsynxGjGvU1a8vku1BPd55Xz5KCYt92HOO0fv:3RLFT0bxWGvua831BH5j5DY32HOOA |
.rar | | | RAR compressed archive (v-4.x) (58.3) |
---|---|---|
.rar | | | RAR compressed archive (gen) (41.6) |
ArchivedFileName: | wswsetup.exe |
---|---|
PackingMethod: | Fastest |
ModifyDate: | 2011:06:21 07:04:02 |
OperatingSystem: | Win32 |
UncompressedSize: | 8821760 |
CompressedSize: | 8810786 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2132 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Website-Watcher 11.3 Incl Key.rar" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
1680 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\jpav.txt | C:\Windows\system32\NOTEPAD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2036 | "C:\Windows\system32\NOTEPAD.EXE" C:\Users\admin\Desktop\serial.txt | C:\Windows\system32\NOTEPAD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Notepad Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1760 | "C:\Users\admin\Desktop\wswsetup.exe" | C:\Users\admin\Desktop\wswsetup.exe | explorer.exe | |
User: admin Company: www.aignes.com Integrity Level: MEDIUM Description: WebSite-Watcher Setup Exit code: 0 Version: | ||||
2656 | "C:\Users\admin\AppData\Local\Temp\is-FV79A.tmp\wswsetup.tmp" /SL5="$500E8,8540635,54272,C:\Users\admin\Desktop\wswsetup.exe" | C:\Users\admin\AppData\Local\Temp\is-FV79A.tmp\wswsetup.tmp | — | wswsetup.exe |
User: admin Integrity Level: MEDIUM Description: Setup/Uninstall Exit code: 0 Version: 51.52.0.0 | ||||
3708 | "C:\Users\admin\Desktop\wswsetup.exe" /SPAWNWND=$60122 /NOTIFYWND=$500E8 | C:\Users\admin\Desktop\wswsetup.exe | wswsetup.tmp | |
User: admin Company: www.aignes.com Integrity Level: HIGH Description: WebSite-Watcher Setup Exit code: 0 Version: | ||||
1684 | "C:\Users\admin\AppData\Local\Temp\is-D298O.tmp\wswsetup.tmp" /SL5="$7012A,8540635,54272,C:\Users\admin\Desktop\wswsetup.exe" /SPAWNWND=$60122 /NOTIFYWND=$500E8 | C:\Users\admin\AppData\Local\Temp\is-D298O.tmp\wswsetup.tmp | wswsetup.exe | |
User: admin Integrity Level: HIGH Description: Setup/Uninstall Exit code: 0 Version: 51.52.0.0 | ||||
1784 | "C:\Program Files\WebSite-Watcher\wswatch.exe" | C:\Program Files\WebSite-Watcher\wswatch.exe | — | wswsetup.tmp |
User: admin Company: Aignesberger Software GmbH Integrity Level: MEDIUM Description: WebSite-Watcher Exit code: 0 Version: 11.3.0.100 | ||||
832 | "C:\Program Files\WebSite-Watcher\wswatch.exe" | C:\Program Files\WebSite-Watcher\wswatch.exe | — | explorer.exe |
User: admin Company: Aignesberger Software GmbH Integrity Level: MEDIUM Description: WebSite-Watcher Exit code: 0 Version: 11.3.0.100 | ||||
2944 | "C:\Program Files\WebSite-Watcher\wswatch.exe" | C:\Program Files\WebSite-Watcher\wswatch.exe | — | explorer.exe |
User: admin Company: Aignesberger Software GmbH Integrity Level: MEDIUM Description: WebSite-Watcher Exit code: 0 Version: 11.3.0.100 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2132 | WinRAR.exe | C:\Users\admin\Desktop\rapidshare links TV Season Software MP3 Games Ebooks.url | text | |
MD5:88B428BC61E50D002E6283F136792DA2 | SHA256:99EFA1C8BC4FA1D1C34104C61B7F81E80E5ABCF842C92D129D4C77D81D7FF5CF | |||
2132 | WinRAR.exe | C:\Users\admin\Desktop\wswsetup.exe | executable | |
MD5:BCACF81D522F0A40B573C73F2E8F0DAF | SHA256:554C9A62F4AEBF557398A1A23C8CA0E7C85695C0AB2AB1DADF3E9F9B4DAEBB86 | |||
2132 | WinRAR.exe | C:\Users\admin\Desktop\Adult hardcore video list.txt | text | |
MD5:AE40AFDC5BC5351606D6F15FCB7F744C | SHA256:8D84B3E3306BE36E1DEDE633E0C0BF129A80AC9084CF000B82EB178BB14DE41D | |||
2132 | WinRAR.exe | C:\Users\admin\Desktop\italianfriendfinder.url | text | |
MD5:1F074305D9D091501C69381BE2A9111B | SHA256:3BA461526393663BC07550CE7E3B03BE8789B536E18BDF13A49CA0FE7D8754A3 | |||
2132 | WinRAR.exe | C:\Users\admin\Desktop\rapidshare Links games.url | text | |
MD5:206E677D508055AD58FA8ECA71EC2B63 | SHA256:97A86EA4C196A666C7F91E51480AB3D31F87AFE3FAC6E3C4F5061146B8F0825D | |||
2132 | WinRAR.exe | C:\Users\admin\Desktop\asiafriendfinder.url | text | |
MD5:BF2BD190FE666031B5841B903D3D2360 | SHA256:D90F7B8D25319604DDA197F647C746D7E4102D898851875A4A9151E45AE11468 | |||
2132 | WinRAR.exe | C:\Users\admin\Desktop\www.neobux.com.url | text | |
MD5:CFFD6FCA132A5FFC124F48BBC787EE62 | SHA256:B6D657AA6D70BEDC8C87692130D8DB8AF5DFB87B083DD35BDDCBE915B0E3DBD2 | |||
2132 | WinRAR.exe | C:\Users\admin\Desktop\readme.url | text | |
MD5:2FEF85F509F3280EC07DF17E73238FA6 | SHA256:B780C009B2FF0120983AEE223E1C9E409AA738A6BAA1509B6C06255FF01AF2C4 | |||
2132 | WinRAR.exe | C:\Users\admin\Desktop\germanfriendfinder.url | text | |
MD5:6ED76233A68AA416C54A68835D7F5FCB | SHA256:6110AA2FB111A2B52C78E1C5A2271972262EB46C3927EC5ED0066FFF36688090 | |||
1760 | wswsetup.exe | C:\Users\admin\AppData\Local\Temp\is-FV79A.tmp\wswsetup.tmp | executable | |
MD5:6E8D9DD74363F29EDE089ECF3B989C59 | SHA256:23B00B7D72A83ADAAAC640AEB82998294588EE2900B4D681C92DDBCA6D255FED |