analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

payment slip.ace

Full analysis: https://app.any.run/tasks/f23afbb3-dd7e-405e-8c34-15e35125e584
Verdict: Malicious activity
Analysis date: September 11, 2019, 11:23:35
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/octet-stream
File info: ACE archive data version 20, from Win/32, version 20 to extract, contains AV-String (unregistered), solid
MD5:

C8A16B6D3D17CA26E07A4E68C11D5542

SHA1:

592EB751C836934179F4AF1AF3DC945600300EC1

SHA256:

04A73183FA56E4251B9E5DF429FD614A6752B3E092462566C65BD221F78ED006

SSDEEP:

6144:PjA5TEwXFh0vC2rCfpO9uoLqF59MqnnEF11uiqve8/UrzbH+NZMEScQ0Lqwru5su:PsFPFh8VrmMI593nEH1uiwzyzbUAf02D

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
  • MALICIOUS

    • Application was dropped or rewritten from another process

      • payment slip.scr (PID: 2304)
      • filename.scr (PID: 2904)
    • Changes the autorun value in the registry

      • WScript.exe (PID: 1792)
  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • payment slip.scr (PID: 2304)
      • WinRAR.exe (PID: 3540)
    • Starts application with an unusual extension

      • payment slip.scr (PID: 2304)
      • WinRAR.exe (PID: 3540)
    • Executes scripts

      • payment slip.scr (PID: 2304)
    • Starts itself from another location

      • payment slip.scr (PID: 2304)
  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.ace | ACE compressed archive (100)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
35
Monitored processes
4
Malicious processes
2
Suspicious processes
0

Behavior graph

Click at the process to see the details
drop and start start drop and start winrar.exe payment slip.scr wscript.exe filename.scr no specs

Process information

PID
CMD
Path
Indicators
Parent process
3540"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\payment slip.ace"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.60.0
2304"C:\Users\admin\AppData\Local\Temp\Rar$DIa3540.6103\payment slip.scr" /SC:\Users\admin\AppData\Local\Temp\Rar$DIa3540.6103\payment slip.scr
WinRAR.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
0
Version:
8.03.0004
1792"C:\Windows\System32\WScript.exe" "C:\Users\admin\subfolder\filename.vbs" C:\Windows\System32\WScript.exe
payment slip.scr
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft ® Windows Based Script Host
Exit code:
0
Version:
5.8.7600.16385
2904"C:\Users\admin\subfolder\filename.scr" /SC:\Users\admin\subfolder\filename.scrpayment slip.scr
User:
admin
Integrity Level:
MEDIUM
Version:
8.03.0004
Total events
837
Read events
791
Write events
0
Delete events
0

Modification events

No data
Executable files
2
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
3540WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DIa3540.6103\payment slip.screxecutable
MD5:37EC9097BEADB9BF75B901296809AE37
SHA256:BC8A58B7687BF17B3FCBDD0FBB8088CCB540D1B4B108B8949F833630CCC87F04
2304payment slip.scrC:\Users\admin\subfolder\filename.vbstext
MD5:1C14635BD19B8E1EDF8240A575B984C7
SHA256:38F48A660FDA0AD2A68EE6D80289B94F9766D65429363167A5A93FF3D84845DB
2304payment slip.scrC:\Users\admin\subfolder\filename.screxecutable
MD5:37EC9097BEADB9BF75B901296809AE37
SHA256:BC8A58B7687BF17B3FCBDD0FBB8088CCB540D1B4B108B8949F833630CCC87F04
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info