File name: | 5648147193724928.zip |
Full analysis: | https://app.any.run/tasks/65fff154-597a-4252-b2fb-16899aa68548 |
Verdict: | Malicious activity |
Analysis date: | November 08, 2019, 15:25:56 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 9A7C55C2225143C94BC1051018DD33C1 |
SHA1: | A81400CF09069096FA34996EA2476F0FA84E3D23 |
SHA256: | 2F609229A949BFD7CD2965F07DDBEFC70F4F1AFC7F144AFEDC5B50CBD521F8CE |
SSDEEP: | 12288:a7sDqV7zz/6LKYJXmKiA+L3cGePTqtsWxfjbpyXCbjijZG:a4Dy22YF8n6LqlLWVjZG |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | ee0f4b68d75c92a8cdad7e84c41fc7a4698765e3fa1748cab2e9b58f183744e3 |
---|---|
ZipUncompressedSize: | 870912 |
ZipCompressedSize: | 536788 |
ZipCRC: | 0xaf32f047 |
ZipModifyDate: | 1980:00:00 00:00:00 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0009 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1576 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\5648147193724928.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
600 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\dd.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
600 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR5970.tmp.cvr | — | |
MD5:— | SHA256:— | |||
600 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~WRD0000.tmp | — | |
MD5:— | SHA256:— | |||
600 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~WRD0001.tmp | — | |
MD5:— | SHA256:— | |||
600 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd | tlb | |
MD5:B41E6594C23EEA8220D1A575ADAE18FD | SHA256:9875236DA88E1EEF9D1B5C3226D8C3E879731EF3E79FF59ED0D5250FC3266046 | |||
600 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:7C080C6410B8F583EECECFB562DB0F79 | SHA256:E2B92CEF4D01DC12D0E6DAF87B03C08659544BB4D63F73F11ECB208B19B725DF | |||
600 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.dat | text | |
MD5:50DBDF58597F67044B2177D557322C89 | SHA256:4865A7A9C6C34EF158B9F211FA2C77BFEC1395FFB0142E5CA541D4A63F9C9A63 | |||
600 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\main_tamplate.docx.zip | document | |
MD5:1BF99BA95EE70B43CEBB93542ABBEF8A | SHA256:3E33523535750E8836110C99A1AD935B8CC6C808F00B71B799AFE9D3E7C260AE | |||
600 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\oleObject1.bin | binary | |
MD5:77C649B09F948A3D1F9D2C347ACB0DFB | SHA256:BD90B570B8D9EBDD3ED945B53B10648F0FBAC3B32D1D4E907AA6C077EE04DDB5 | |||
600 | WINWORD.EXE | C:\Users\admin\Desktop\~$dd.doc | pgc | |
MD5:E7F9275D74669ED47EE3539ED11514B5 | SHA256:30772A6DD480BB793F5FACD9AF85B0A025B1B7DB5B13C2EAEC5F20B1A6CD45A1 | |||
600 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\D7BE567.emf | emf | |
MD5:F29F11F255B022C658FAB84C709BA598 | SHA256:2A802EDD7E8EC9BDA61E2AEF9E7459D4A0B8EDF9B4A81447F9DF57B9BF62CE96 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
600 | WINWORD.EXE | 185.176.221.45:443 | microsoft-live-us.com | — | LV | suspicious |
Domain | IP | Reputation |
---|---|---|
microsoft-live-us.com |
| suspicious |