File name: | payment slip.ace |
Full analysis: | https://app.any.run/tasks/f23afbb3-dd7e-405e-8c34-15e35125e584 |
Verdict: | Malicious activity |
Analysis date: | September 11, 2019, 11:23:35 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/octet-stream |
File info: | ACE archive data version 20, from Win/32, version 20 to extract, contains AV-String (unregistered), solid |
MD5: | C8A16B6D3D17CA26E07A4E68C11D5542 |
SHA1: | 592EB751C836934179F4AF1AF3DC945600300EC1 |
SHA256: | 04A73183FA56E4251B9E5DF429FD614A6752B3E092462566C65BD221F78ED006 |
SSDEEP: | 6144:PjA5TEwXFh0vC2rCfpO9uoLqF59MqnnEF11uiqve8/UrzbH+NZMEScQ0Lqwru5su:PsFPFh8VrmMI593nEH1uiwzyzbUAf02D |
.ace | | | ACE compressed archive (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3540 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\payment slip.ace" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2304 | "C:\Users\admin\AppData\Local\Temp\Rar$DIa3540.6103\payment slip.scr" /S | C:\Users\admin\AppData\Local\Temp\Rar$DIa3540.6103\payment slip.scr | WinRAR.exe | |
User: admin Integrity Level: MEDIUM Exit code: 0 Version: 8.03.0004 | ||||
1792 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\subfolder\filename.vbs" | C:\Windows\System32\WScript.exe | payment slip.scr | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
2904 | "C:\Users\admin\subfolder\filename.scr" /S | C:\Users\admin\subfolder\filename.scr | — | payment slip.scr |
User: admin Integrity Level: MEDIUM Version: 8.03.0004 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3540 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa3540.6103\payment slip.scr | executable | |
MD5:37EC9097BEADB9BF75B901296809AE37 | SHA256:BC8A58B7687BF17B3FCBDD0FBB8088CCB540D1B4B108B8949F833630CCC87F04 | |||
2304 | payment slip.scr | C:\Users\admin\subfolder\filename.vbs | text | |
MD5:1C14635BD19B8E1EDF8240A575B984C7 | SHA256:38F48A660FDA0AD2A68EE6D80289B94F9766D65429363167A5A93FF3D84845DB | |||
2304 | payment slip.scr | C:\Users\admin\subfolder\filename.scr | executable | |
MD5:37EC9097BEADB9BF75B901296809AE37 | SHA256:BC8A58B7687BF17B3FCBDD0FBB8088CCB540D1B4B108B8949F833630CCC87F04 |