File name: | 8420e_Original Shipping Documents____.gh.docx |
Full analysis: | https://app.any.run/tasks/eb5bdb8b-9437-4251-87e6-e6946a0235ac |
Verdict: | Malicious activity |
Analysis date: | March 31, 2020, 08:28:59 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 8420E267FA21BD712944BF6BBC21141C |
SHA1: | 36452B27E226A23858C805AD40ED8D0304CEF0FC |
SHA256: | 2AC0CBCDB11FE8F2D6D8B24CEB739EA67E79F97445746AC4824A713E8CBF09E9 |
SSDEEP: | 12288:3rUJ6QsaBEW4cvdydRTXNiJ5N/mnHdXd78qcePLmqwMVEuwUA+B7n3:bBF6EW7vcYp/mnHdd7kGRzBA+l |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | Original Shipping Documents.exe |
---|---|
ZipUncompressedSize: | 993280 |
ZipCompressedSize: | 587829 |
ZipCRC: | 0xdd45a4cf |
ZipModifyDate: | 2020:03:30 19:31:22 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2896 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\8420e_Original Shipping Documents____.gh.docx.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3580 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2896.20275\Original Shipping Documents.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2896.20275\Original Shipping Documents.exe | — | WinRAR.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
1544 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2896.20275\Original Shipping Documents.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXa2896.20275\Original Shipping Documents.exe | Original Shipping Documents.exe | |
User: admin Integrity Level: MEDIUM | ||||
660 | "C:\Users\admin\AppData\Local\Temp\Rar$EXa2896.20275\Original Shipping Documents.exe" 2 1544 10922781 | C:\Users\admin\AppData\Local\Temp\Rar$EXa2896.20275\Original Shipping Documents.exe | — | Original Shipping Documents.exe |
User: admin Integrity Level: MEDIUM Exit code: 4294967295 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2896 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXa2896.20275\Original Shipping Documents.exe | executable | |
MD5:53CCC490B4266F593881C077F5286733 | SHA256:62C31F957A8E7358D7E63791C17ED333C9E7863341AAB98EBF82CAB1545344E7 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1544 | Original Shipping Documents.exe | 77.88.21.158:587 | smtp.yandex.com | YANDEX LLC | RU | whitelisted |
Domain | IP | Reputation |
---|---|---|
smtp.yandex.com |
| shared |
PID | Process | Class | Message |
---|---|---|---|
1544 | Original Shipping Documents.exe | Generic Protocol Command Decode | SURICATA Applayer Detect protocol only one direction |