File name: | Cotizacion_GTRC6VOOQ.zip |
Full analysis: | https://app.any.run/tasks/e2801fa2-ca42-4fd2-9dea-a99b32e89145 |
Verdict: | Malicious activity |
Analysis date: | March 14, 2019, 14:57:02 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 7CD74F64ED881BD4A6C80B7B5307DB69 |
SHA1: | EE12216CD9CDBEB070870434820153147AA6AF31 |
SHA256: | 1D260765331499F53A40B5A839AC446D9A7FC33F872CBA31B43B32B3BDBD506F |
SSDEEP: | 768:5G1BIcUWw5nDU2dD6kGQZRdF8ZiUwL7BZcvkKFk:5G1BCWw5nDU+xZmDW7Bo4 |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | Cotizacion_GTRC6VOOQ.zip |
---|---|
ZipUncompressedSize: | 31996 |
ZipCompressedSize: | 31975 |
ZipCRC: | 0x1f389acd |
ZipModifyDate: | 2019:03:13 11:31:05 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2960 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Cotizacion_GTRC6VOOQ.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2484 | "C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\Rar$DIa2960.44591\Cotizacion_GTRC6VOOQ.zip | C:\Program Files\WinRAR\WinRAR.exe | — | WinRAR.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3112 | "C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\Rar$DIa2960.44970\Cotizacion_GTRC6VOOQ.zip | C:\Program Files\WinRAR\WinRAR.exe | — | WinRAR.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3812 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\Rar$DIa2484.45287\Cotizacion_AAM91D3RX.vbs" | C:\Windows\System32\WScript.exe | WinRAR.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Version: 5.8.7600.16385 | ||||
3708 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\Rar$DIa3112.45941\Cotizacion_AAM91D3RX.vbs" | C:\Windows\System32\WScript.exe | — | WinRAR.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
3980 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\Rar$DIa3112.46951\Cotizacion_AAM91D3RX.vbs" | C:\Windows\System32\WScript.exe | — | WinRAR.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
4020 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\Rar$DIa3112.48809\Cotizacion_AAM91D3RX.vbs" | C:\Windows\System32\WScript.exe | — | WinRAR.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
3772 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\Rar$DIa3112.49548\Cotizacion_AAM91D3RX.vbs" | C:\Windows\System32\WScript.exe | — | WinRAR.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
2584 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\Rar$DIa3112.49591\Cotizacion_AAM91D3RX.vbs" | C:\Windows\System32\WScript.exe | — | WinRAR.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Version: 5.8.7600.16385 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3112 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa3112.45941\Cotizacion_AAM91D3RX.vbs | txt | |
MD5:8EC61A489E566B23BFE4D3A119C866CC | SHA256:71D39946FCAF369F18484FD802127933A3351B67E037FBD1056068D1986B5275 | |||
3112 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa3112.49548\Cotizacion_AAM91D3RX.vbs | txt | |
MD5:8EC61A489E566B23BFE4D3A119C866CC | SHA256:71D39946FCAF369F18484FD802127933A3351B67E037FBD1056068D1986B5275 | |||
3812 | WScript.exe | C:\Users\admin\AppData\Roaming\7UKCIYI4JWPG.zip | html | |
MD5:391ECD735D87CACD3AB33C0363CFB2AE | SHA256:DF88515FCE5D26A54F0A88A1BF3AD441D517B2EFAB5402B1913DAFEAEBD8E339 | |||
2484 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa2484.45287\Cotizacion_AAM91D3RX.vbs | txt | |
MD5:8EC61A489E566B23BFE4D3A119C866CC | SHA256:71D39946FCAF369F18484FD802127933A3351B67E037FBD1056068D1986B5275 | |||
2960 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa2960.44970\Cotizacion_GTRC6VOOQ.zip | compressed | |
MD5:37C03DCC2A5FB93EE375E81F09EA6D7C | SHA256:7EA4E0C611CE7EDE5D3CD2FCB6AB781694FF924BF8CE1BCDDBC765190D5AE887 | |||
3112 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa3112.46951\Cotizacion_AAM91D3RX.vbs | txt | |
MD5:8EC61A489E566B23BFE4D3A119C866CC | SHA256:71D39946FCAF369F18484FD802127933A3351B67E037FBD1056068D1986B5275 | |||
3112 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa3112.49591\Cotizacion_AAM91D3RX.vbs | txt | |
MD5:8EC61A489E566B23BFE4D3A119C866CC | SHA256:71D39946FCAF369F18484FD802127933A3351B67E037FBD1056068D1986B5275 | |||
2960 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa2960.44591\Cotizacion_GTRC6VOOQ.zip | compressed | |
MD5:37C03DCC2A5FB93EE375E81F09EA6D7C | SHA256:7EA4E0C611CE7EDE5D3CD2FCB6AB781694FF924BF8CE1BCDDBC765190D5AE887 | |||
3112 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa3112.48809\Cotizacion_AAM91D3RX.vbs | txt | |
MD5:8EC61A489E566B23BFE4D3A119C866CC | SHA256:71D39946FCAF369F18484FD802127933A3351B67E037FBD1056068D1986B5275 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3812 | WScript.exe | 185.35.137.87:443 | downloadfilecenter.com | Zyztm Research Division 10 B.V. | NL | suspicious |
Domain | IP | Reputation |
---|---|---|
downloadfilecenter.com |
| malicious |