File name: | f4119900c427b8db4429de992f650b4a833a31df5aa565bc2614f2d4e49d5b76.zip |
Full analysis: | https://app.any.run/tasks/159a8b5b-0029-4d72-b500-89136743d4d2 |
Verdict: | Malicious activity |
Analysis date: | July 12, 2020, 19:28:43 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 2448D32F7822C7E2568F98CF471ED4CC |
SHA1: | 26E131BDB54E83B44584982E328243DE0E1C9D99 |
SHA256: | 561EA5C9BA256F8A217B12DE76412EA35A6902D0919669649CED334E920C62A0 |
SSDEEP: | 12288:pWTL7So2EcqqkL0VHxd7KqJSiEs/CUkzF2CtVQpkE:pWX+XpqqRt7XJSDUkZdaj |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | f4119900c427b8db4429de992f650b4a833a31df5aa565bc2614f2d4e49d5b76 |
---|---|
ZipUncompressedSize: | 613888 |
ZipCompressedSize: | 485274 |
ZipCRC: | 0x886346a9 |
ZipModifyDate: | 2020:07:11 12:32:26 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0001 |
ZipRequiredVersion: | 788 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
184 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\f4119900c427b8db4429de992f650b4a833a31df5aa565bc2614f2d4e49d5b76.zip" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3644 | "C:\Users\admin\Desktop\f4119900c427b8db4429de992f650b4a833a31df5aa565bc2614f2d4e49d5b76.exe" | C:\Users\admin\Desktop\f4119900c427b8db4429de992f650b4a833a31df5aa565bc2614f2d4e49d5b76.exe | — | explorer.exe |
User: admin Company: Microsoft Integrity Level: MEDIUM Description: HotelManagementSystemRoom Exit code: 0 Version: 1.0.0.0 | ||||
2352 | "{path}" | C:\Users\admin\Desktop\f4119900c427b8db4429de992f650b4a833a31df5aa565bc2614f2d4e49d5b76.exe | f4119900c427b8db4429de992f650b4a833a31df5aa565bc2614f2d4e49d5b76.exe | |
User: admin Company: Microsoft Integrity Level: MEDIUM Description: HotelManagementSystemRoom Version: 1.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
184 | WinRAR.exe | C:\Users\admin\Desktop\f4119900c427b8db4429de992f650b4a833a31df5aa565bc2614f2d4e49d5b76 | executable | |
MD5:5989BAA4AB5E9DBD5B44A166385DA339 | SHA256:F4119900C427B8DB4429DE992F650B4A833A31DF5AA565BC2614F2D4E49D5B76 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2352 | f4119900c427b8db4429de992f650b4a833a31df5aa565bc2614f2d4e49d5b76.exe | 67.21.94.15:587 | mail.mehatinfo.com | Sharktech | US | suspicious |
Domain | IP | Reputation |
---|---|---|
mail.mehatinfo.com |
| suspicious |
PID | Process | Class | Message |
---|---|---|---|
2352 | f4119900c427b8db4429de992f650b4a833a31df5aa565bc2614f2d4e49d5b76.exe | Generic Protocol Command Decode | SURICATA Applayer Detect protocol only one direction |