| File name: | 5145777101275136.zip |
| Full analysis: | https://app.any.run/tasks/9448f565-3f17-4d86-be56-62667118f808 |
| Verdict: | Malicious activity |
| Analysis date: | August 13, 2019, 13:26:36 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | application/zip |
| File info: | Zip archive data, at least v2.0 to extract |
| MD5: | BF899379F8189F478E9B95040FC71595 |
| SHA1: | 6995BF3971738EC94A8277B8D34AFDAC0F5BAC3A |
| SHA256: | 32E05C82FA5C4300E0AFE366F3C96DF7B411A68E28B506A92760C55D3EADE876 |
| SSDEEP: | 384:LVFvP+TIW5SVm99cqQbZR/M9N/8e582/pPHQz6unAjZJdFDd0zzwXoo:Lbm99pQH/+8eb/pfQsjfd12o |
| .zip | | | ZIP compressed archive (100) |
|---|
| ZipRequiredVersion: | 20 |
|---|---|
| ZipBitFlag: | 0x0009 |
| ZipCompression: | Unknown (99) |
| ZipModifyDate: | 1980:00:00 00:00:00 |
| ZipCRC: | 0x00000000 |
| ZipCompressedSize: | 21414 |
| ZipUncompressedSize: | 232924 |
| ZipFileName: | e9c7aace13382d774fd38f906dfac10e2e91aaf953590895a7437117cb79ad54 |
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 1912 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\5145777101275136.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe | |||||||||||
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 Modules
| |||||||||||||||
| 3112 | C:\Users\admin\AppData\Roaming\svhost.exe | C:\Users\admin\AppData\Roaming\svhost.exe | WINWORD.EXE | ||||||||||||
User: admin Integrity Level: MEDIUM Exit code: 0 Modules
| |||||||||||||||
| 3732 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\e9c7aace13382d774fd38f906dfac10e2e91aaf953590895a7437117cb79ad54.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Exit code: 0 Version: 14.0.6024.1000 Modules
| |||||||||||||||
| (PID) Process: | (1912) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
| Operation: | write | Name: | ShellExtBMP |
Value: | |||
| (PID) Process: | (1912) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
| Operation: | write | Name: | ShellExtIcon |
Value: | |||
| (PID) Process: | (1912) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\72\52C64B7E |
| Operation: | write | Name: | LanguageList |
Value: en-US | |||
| (PID) Process: | (1912) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\5145777101275136.zip | |||
| (PID) Process: | (1912) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | name |
Value: 120 | |||
| (PID) Process: | (1912) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | size |
Value: 80 | |||
| (PID) Process: | (1912) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | type |
Value: 120 | |||
| (PID) Process: | (1912) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | mtime |
Value: 100 | |||
| (PID) Process: | (1912) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath |
| Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop | |||
| (PID) Process: | (1912) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface |
| Operation: | write | Name: | ShowPassword |
Value: 0 | |||
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 3732 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRE8CE.tmp.cvr | — | |
MD5:— | SHA256:— | |||
| 3732 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C73ED309.png | — | |
MD5:— | SHA256:— | |||
| 3732 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:— | SHA256:— | |||
| 3112 | svhost.exe | C:\Users\admin\AppData\Local\Temp\publisher\mtime\sserver\winforms03162004fig10.gif | image | |
MD5:— | SHA256:— | |||
| 3732 | WINWORD.EXE | C:\Users\admin\Desktop\~$c7aace13382d774fd38f906dfac10e2e91aaf953590895a7437117cb79ad54.doc | pgc | |
MD5:— | SHA256:— | |||
| 3732 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\jl[1].exe | executable | |
MD5:— | SHA256:— | |||
| 3732 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\Abctfhghghghghg.scT | binary | |
MD5:— | SHA256:— | |||
| 3112 | svhost.exe | C:\Users\admin\AppData\Roaming\bulk\prune\vnd.ms-cab-compressed.xml | xml | |
MD5:— | SHA256:— | |||
| 3112 | svhost.exe | C:\Users\admin\AppData\Local\Temp\publisher\mtime\sserver\test10finally.il | text | |
MD5:— | SHA256:— | |||
| 3112 | svhost.exe | C:\Users\admin\AppData\Local\Temp\comments\re\RedCircle42,8,8.gif | image | |
MD5:— | SHA256:— | |||
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
3732 | WINWORD.EXE | 191.6.204.108:443 | samanthazanco.com.br | IPV6 Internet Ltda | BR | unknown |
— | — | 191.6.204.108:443 | samanthazanco.com.br | IPV6 Internet Ltda | BR | unknown |
Domain | IP | Reputation |
|---|---|---|
samanthazanco.com.br |
| unknown |