File name: | BUROFAX_SOSPECHOSO_045796_FLQ.zip |
Full analysis: | https://app.any.run/tasks/176a4519-2f3e-4369-bb03-27cf2d5b3f84 |
Verdict: | Malicious activity |
Analysis date: | October 20, 2020, 07:22:31 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | F673AFDDDE2BC63D9F536AFD3AAAA2D4 |
SHA1: | F952BA791B8B441B62623550005F967971EEE525 |
SHA256: | 1C8E004C06EF51BAA7B579E591361E4CAAEFB009BF54C4FEA18993E1658260B3 |
SSDEEP: | 12288:E50P71GT9fabBCkCg6c3sstqoPzIyLVmph:E50jQBfUEBg0stLVmn |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | Deflated |
ZipModifyDate: | 2020:10:19 22:51:04 |
ZipCRC: | 0xca7d79f9 |
ZipCompressedSize: | 503846 |
ZipUncompressedSize: | 1053696 |
ZipFileName: | 045796_FLQ.msi |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2616 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\BUROFAX_SOSPECHOSO_045796_FLQ.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2472 | "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\admin\AppData\Local\Temp\Rar$DIa2616.40475\icone_6964611.gif | C:\Program Files\Internet Explorer\iexplore.exe | WinRAR.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3708 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2472 CREDAT:144385 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
1896 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2472 CREDAT:333057 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
752 | "C:\Windows\System32\msiexec.exe" /i "C:\Users\admin\AppData\Local\Temp\Rar$EXa2616.44884\045796_FLQ.msi" | C:\Windows\System32\msiexec.exe | — | WinRAR.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 1603 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
1652 | C:\Windows\system32\msiexec.exe /V | C:\Windows\system32\msiexec.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
584 | C:\Windows\system32\MsiExec.exe -Embedding 9FADE16A12C1C9CF47243ADCDCA82251 | C:\Windows\system32\MsiExec.exe | msiexec.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 0 Version: 5.0.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2472 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2472 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\CabE544.tmp | — | |
MD5:— | SHA256:— | |||
2472 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\TarE555.tmp | — | |
MD5:— | SHA256:— | |||
2472 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verE585.tmp | — | |
MD5:— | SHA256:— | |||
1652 | msiexec.exe | C:\Windows\Installer\MSI159C.tmp | — | |
MD5:— | SHA256:— | |||
1652 | msiexec.exe | C:\Windows\Installer\MSI15CC.tmp | — | |
MD5:— | SHA256:— | |||
1652 | msiexec.exe | C:\Users\admin\AppData\Local\Temp\~DFBBD258BFBBA0D06A.TMP | — | |
MD5:— | SHA256:— | |||
1652 | msiexec.exe | C:\Windows\Installer\MSI167A.tmp | — | |
MD5:— | SHA256:— | |||
2472 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\BUCKCQXG.txt | — | |
MD5:— | SHA256:— | |||
2472 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\P627D3OT.txt | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2472 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
2472 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
2472 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8sEMlbBsCTf7jUSfg%2BhWk%3D | US | der | 1.47 Kb | whitelisted |
584 | MsiExec.exe | GET | — | 52.152.133.113:80 | http://sorprenderse.eastus.cloudapp.azure.com/32bits.php | US | — | — | malicious |
2472 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3708 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2472 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2472 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
584 | MsiExec.exe | 52.152.133.113:80 | sorprenderse.eastus.cloudapp.azure.com | Microsoft Corporation | US | malicious |
2472 | iexplore.exe | 152.199.19.161:443 | iecvlist.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2472 | iexplore.exe | 204.79.197.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
sorprenderse.eastus.cloudapp.azure.com |
| malicious |
ieonline.microsoft.com |
| whitelisted |