analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
download:

PowerPoint.zip

Full analysis: https://app.any.run/tasks/b474c142-ddac-4bdd-84f7-668673aa254a
Verdict: Malicious activity
Threats:

Stealers are a group of malicious software that are intended for gaining unauthorized access to users’ information and transferring it to the attacker. The stealer malware category includes various types of programs that focus on their particular kind of data, including files, passwords, and cryptocurrency. Stealers are capable of spying on their targets by recording their keystrokes and taking screenshots. This type of malware is primarily distributed as part of phishing campaigns.

Analysis date: November 29, 2020, 08:32:10
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
stealer
Indicators:
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

196611C89B3B180D8A638D11D50926ED

SHA1:

AA98B312DC0E9D7E59BEF85B704AD87DC6C582D5

SHA256:

4C10D3DDEBA414775EBB5AF4DA5B7BB17AE52A92831FE09244F63C36B2C77F34

SSDEEP:

1536:bnTpZDj+PE7ixJWt6/RXHNrqCRRSc5si4YJ5lyf1FDwTqV:npt2E7ix9Fp1qcCZI7yfa2

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.zip | ZIP compressed archive (100)

EXIF

ZIP

ZipFileName: [email protected]
ZipUncompressedSize: 139264
ZipCompressedSize: 68227
ZipCRC: 0xaa4f9ea3
ZipModifyDate: 2011:09:07 22:33:06
ZipCompression: Deflated
ZipBitFlag: 0x0001
ZipRequiredVersion: 20
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
45
Monitored processes
4
Malicious processes
2
Suspicious processes
1

Behavior graph

Click at the process to see the details
start drop and start winrar.exe no specs [email protected] no specs [email protected] sys3.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2728"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\PowerPoint.zip"C:\Program Files\WinRAR\WinRAR.exeexplorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Exit code:
0
Version:
5.60.0
1868"C:\Users\admin\Desktop\[email protected]" C:\Users\admin\Desktop\[email protected]explorer.exe
User:
admin
Integrity Level:
MEDIUM
Exit code:
1073807364
3264"C:\Users\admin\Desktop\[email protected]" C:\Users\admin\Desktop\[email protected]
[email protected]
User:
admin
Integrity Level:
HIGH
Exit code:
0
3656C:\Users\admin\AppData\Local\Temp\\sys3.exeC:\Users\admin\AppData\Local\Temp\sys3.exe[email protected]
User:
admin
Integrity Level:
HIGH
Exit code:
0
Total events
471
Read events
447
Write events
0
Delete events
0

Modification events

No data
Executable files
1
Suspicious files
0
Text files
1
Unknown types
0

Dropped files

PID
Process
Filename
Type
2728WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$DRb2728.8462\[email protected]
MD5:
SHA256:
3264[email protected]C:\Users\admin\AppData\Local\Temp\systm.txttext
MD5:F119AB122F88D0FF8FD3CD486ED28A1C
SHA256:33C736F4667545B15006A7EEF3C585AA3DA2EEC72D40A7E6718FE38B16B2230F
3264[email protected]C:\Users\admin\AppData\Local\Temp\sys3.exeexecutable
MD5:70108103A53123201CEB2E921FCFE83C
SHA256:9C3F8DF80193C085912C9950C58051AE77C321975784CC069CEACD4F57D5861D
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info