File name: | 5145777101275136.zip |
Full analysis: | https://app.any.run/tasks/9448f565-3f17-4d86-be56-62667118f808 |
Verdict: | Malicious activity |
Analysis date: | August 13, 2019, 13:26:36 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | BF899379F8189F478E9B95040FC71595 |
SHA1: | 6995BF3971738EC94A8277B8D34AFDAC0F5BAC3A |
SHA256: | 32E05C82FA5C4300E0AFE366F3C96DF7B411A68E28B506A92760C55D3EADE876 |
SSDEEP: | 384:LVFvP+TIW5SVm99cqQbZR/M9N/8e582/pPHQz6unAjZJdFDd0zzwXoo:Lbm99pQH/+8eb/pfQsjfd12o |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | e9c7aace13382d774fd38f906dfac10e2e91aaf953590895a7437117cb79ad54 |
---|---|
ZipUncompressedSize: | 232924 |
ZipCompressedSize: | 21414 |
ZipCRC: | 0x00000000 |
ZipModifyDate: | 1980:00:00 00:00:00 |
ZipCompression: | Unknown (99) |
ZipBitFlag: | 0x0009 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1912 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\5145777101275136.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3732 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\e9c7aace13382d774fd38f906dfac10e2e91aaf953590895a7437117cb79ad54.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
3112 | C:\Users\admin\AppData\Roaming\svhost.exe | C:\Users\admin\AppData\Roaming\svhost.exe | WINWORD.EXE | |
User: admin Integrity Level: MEDIUM |
PID | Process | Filename | Type | |
---|---|---|---|---|
3732 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRE8CE.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3732 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C73ED309.png | — | |
MD5:— | SHA256:— | |||
3112 | svhost.exe | C:\Users\admin\AppData\Local\Temp\comments\re\doc-ditroff | text | |
MD5:4632F84DFB3602231A066B7667F1051A | SHA256:0D86EE343B4009F54D0C5EC32742960C44E1982DBE17D019698059A03F569902 | |||
1912 | WinRAR.exe | C:\Users\admin\Desktop\e9c7aace13382d774fd38f906dfac10e2e91aaf953590895a7437117cb79ad54 | text | |
MD5:922889CB82B99B9A3D6C660C5E205016 | SHA256:E9C7AACE13382D774FD38F906DFAC10E2E91AAF953590895A7437117CB79AD54 | |||
3732 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\jl[1].exe | executable | |
MD5:827156E633E18F8EABC3D7ADB7B94FEF | SHA256:C8267562616B9257CAD37631F513DC20C5549E2A69B427786F7976518E73F559 | |||
3112 | svhost.exe | C:\Users\admin\AppData\Local\Temp\comments\re\lvmsadc | text | |
MD5:EBA0B38F08261BB774B05A5E2819B0B2 | SHA256:92D3AC376E5375101861C26835838C4D0E336ADB62690C7D782D148216F4AEB6 | |||
3112 | svhost.exe | C:\Users\admin\AppData\Roaming\bulk\prune\devenv.exe | xml | |
MD5:46F256B3A362EE2122A8A89D6AF8A2D7 | SHA256:374C4BC0B4743621FDDB79A9C56B8B01C097119F1488148D6BEA946F6E1E3344 | |||
3732 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\Abctfhghghghghg.scT | binary | |
MD5:727E9D320415108DD8759BECB6DE65BE | SHA256:86FECBD0610AD00DE168619378972FD60C989FDF084FA0466CE1BA81D79D9F14 | |||
3112 | svhost.exe | C:\Users\admin\AppData\Local\Temp\comments\re\cups-common.list | text | |
MD5:8D2E7EFE7DB6932564870386044F5732 | SHA256:D7E9FA0F3A29A833C90D400A9EB687A5975EC4FE65D35ED8DA7D0807C8FC54FC | |||
3732 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\svhost.exe | executable | |
MD5:827156E633E18F8EABC3D7ADB7B94FEF | SHA256:C8267562616B9257CAD37631F513DC20C5549E2A69B427786F7976518E73F559 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3732 | WINWORD.EXE | 191.6.204.108:443 | samanthazanco.com.br | IPV6 Internet Ltda | BR | unknown |
— | — | 191.6.204.108:443 | samanthazanco.com.br | IPV6 Internet Ltda | BR | unknown |
Domain | IP | Reputation |
---|---|---|
samanthazanco.com.br |
| unknown |