File name: | 5706312183218176.zip |
Full analysis: | https://app.any.run/tasks/f4295a79-7fff-46bd-ad0b-176c9f9919e7 |
Verdict: | Malicious activity |
Threats: | Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns. |
Analysis date: | July 12, 2020, 19:11:38 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 7C9D4682359DAE81951AB04BCE3F9596 |
SHA1: | F64F09A9E9564D93E56998F6480E18B5CF6E44BD |
SHA256: | 69A0EADDB10FC5A99DD0BF9B9963CB16628A07EBE9BEECDF13FD1C2A09C229A4 |
SSDEEP: | 1536:1af2mBEccMQpe6oL19XbLDGRR9wrTfIYVgFHRtkt/RR2n0D9v/tSp6Qn:0uM+py19XbL6eXjVgFx8nLtSpP |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | 0x0009 |
ZipCompression: | Deflated |
ZipModifyDate: | 1980:00:00 00:00:00 |
ZipCRC: | 0x376597f0 |
ZipCompressedSize: | 82942 |
ZipUncompressedSize: | 190464 |
ZipFileName: | 4e9a5ac654a90c748c812af4affe711dc522b77bffbd0ccb666ae3eef1477ec0 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1140 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\5706312183218176.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2284 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Version: 14.0.6024.1000 | ||||
2244 | "C:\Windows\system32\reg.exe" EXPORT HKCU\Software\Microsoft\Office\14.0\Excel\Security C:\Users\Public\LoArB2I.reg /y | C:\Windows\system32\reg.exe | — | EXCEL.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Registry Console Tool Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2284 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVRDC29.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2284 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF0130D51C25EF1F05.TMP | — | |
MD5:— | SHA256:— | |||
2284 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF3162FF8A585AEAA7.TMP | — | |
MD5:— | SHA256:— | |||
2284 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF69FE1A8C8E7FCC86.TMP | — | |
MD5:— | SHA256:— | |||
2284 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF5ECC753BCFA482AD.TMP | — | |
MD5:— | SHA256:— | |||
2284 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DFD09BA87DF229B3DE.TMP | — | |
MD5:— | SHA256:— | |||
2284 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DFB46739FA793DB624.TMP | — | |
MD5:— | SHA256:— | |||
2244 | reg.exe | C:\Users\admin\AppData\Local\Temp\REGE32E.tmp | — | |
MD5:— | SHA256:— | |||
2284 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DFB10849937083F5F0.TMP | — | |
MD5:— | SHA256:— | |||
2284 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF57CA28852D7DECD2.TMP | — | |
MD5:— | SHA256:— |