File name: | ogfgalvanica.zip |
Full analysis: | https://app.any.run/tasks/424fb6cc-1c20-4a4d-9fd3-b5bb1e19e985 |
Verdict: | Malicious activity |
Analysis date: | December 06, 2019, 12:30:44 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | BAB3DF132BBB3E4FC101BB9DF2D9274D |
SHA1: | B8DCFB5CFDF51AB09668C16B332EAC859E00390C |
SHA256: | 4F75DA23060C1C2DBD3FA1295FD34A127836EB689ED93CBB786124BE8FCD4BBE |
SSDEEP: | 1536:7+0QIVUUsb3L8AwVy+Aucn810MBfgHVLnP/mcv:PUUsb1wPAu1HF+Lv |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | Request_12_03.doc |
---|---|
ZipUncompressedSize: | 66027 |
ZipCompressedSize: | 59179 |
ZipCRC: | 0xb61546f7 |
ZipModifyDate: | 2019:12:03 06:21:08 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0009 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2104 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\ogfgalvanica.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2760 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\Request_12_03.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Exit code: 0 Version: 14.0.6024.1000 | ||||
2232 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\Request_12_03.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Exit code: 0 Version: 14.0.6024.1000 | ||||
328 | wmic process list /format:"c:\windows\temp\atNyC.xsl" | C:\Windows\System32\Wbem\wmic.exe | — | WINWORD.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: WMI Commandline Utility Exit code: 2147614729 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3324 | wmic process list /format:"c:\windows\temp\atNyC.xsl" | C:\Windows\System32\Wbem\wmic.exe | — | WINWORD.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: WMI Commandline Utility Exit code: 2147614729 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2760 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR535.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2232 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR545.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2232 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1C840A4D.png | — | |
MD5:— | SHA256:— | |||
2232 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~DF90E09628A13FD87D.TMP | — | |
MD5:— | SHA256:— | |||
2232 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~DF7DA9CF0D580BC2D6.TMP | — | |
MD5:— | SHA256:— | |||
2232 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B4630B85-7A83-4375-8DD6-4B88071C9DD5}.tmp | — | |
MD5:— | SHA256:— | |||
2232 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRC0000.tmp | — | |
MD5:— | SHA256:— | |||
2232 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{86BF474D-4717-463C-AD5F-1AB1E1930771}.tmp | — | |
MD5:— | SHA256:— | |||
2232 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~DF92A670BF57B90E1A.TMP | — | |
MD5:— | SHA256:— | |||
2232 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{375A9222-B3BF-44AB-B713-D8A2CCFA2E02}.tmp | — | |
MD5:— | SHA256:— |
Domain | IP | Reputation |
---|---|---|
aheakeerep.com |
| malicious |