File name: | MAERSK EXPRESS SCAN.ace |
Full analysis: | https://app.any.run/tasks/f4477620-5fbd-4565-8734-b67e93550f22 |
Verdict: | Malicious activity |
Analysis date: | March 21, 2019, 09:25:49 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/octet-stream |
File info: | ACE archive data version 20, from Win/32, version 20 to extract, contains AV-String (unregistered), solid |
MD5: | 4ACD180BF428437BB03ACDEF2C606D32 |
SHA1: | 1239667841D4AC66B22491D905BB9A62CA556F18 |
SHA256: | 6F963DAB80059DD0596D69796BAD3D1E7F0581406495BF1118567ED93A2B03FF |
SSDEEP: | 3072:oa8iyy4GRavgcY/nva47AIu0z4pOXHkhNG79XSSu1EqFvgwSIaFO5iCwJqTSKd6k:oa8iHSgdvvaUAiz4pOam9XbCNgw7aFmN |
.ace | | | ACE compressed archive (77.8) |
---|---|---|
.ini | | | Generic INI configuration (22.1) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1048 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\MAERSK EXPRESS SCAN.ace" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
1916 | "C:\Users\admin\AppData\Local\Temp\Rar$DIa1048.36801\MAERSK EXPRESS SCAN.scr" /S | C:\Users\admin\AppData\Local\Temp\Rar$DIa1048.36801\MAERSK EXPRESS SCAN.scr | WinRAR.exe | |
User: admin Company: lowmasted4 Integrity Level: MEDIUM Exit code: 0 Version: 1.06.0006 | ||||
2084 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\submittedred.rtf" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
1296 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Local\Temp\subfolder\filename.vbs" | C:\Windows\System32\WScript.exe | MAERSK EXPRESS SCAN.scr | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
2684 | "C:\Users\admin\AppData\Local\Temp\subfolder\filename.scr" /S | C:\Users\admin\AppData\Local\Temp\subfolder\filename.scr | — | MAERSK EXPRESS SCAN.scr |
User: admin Company: lowmasted4 Integrity Level: MEDIUM Version: 1.06.0006 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2084 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRE14E.tmp.cvr | — | |
MD5:— | SHA256:— | |||
1916 | MAERSK EXPRESS SCAN.scr | C:\Users\admin\AppData\Local\Temp\subfolder\filename.vbs | text | |
MD5:2D1AC61553299818EF0BC34B3C8E0F33 | SHA256:8D17CA415490AE95CD3472B4FCF221967F432EAED8B391473441A442A5286453 | |||
2084 | WINWORD.EXE | C:\Users\admin\Desktop\~$bmittedred.rtf | pgc | |
MD5:6FF8B7F1995B109476C27D50863E83C0 | SHA256:2F8EE6084661575FE1144802F2E57CB8B5FB016B274D92CD315E390C0C6A2267 | |||
1048 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa1048.36801\MAERSK EXPRESS SCAN.scr | executable | |
MD5:2D55649D67D45A8490BD3AA6D4256BC6 | SHA256:0130D134ED8EA5E5C1D2879FFA05D4D1BA5A30619AC9A26BD58276213A33EA96 | |||
2084 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.dat | text | |
MD5:211967F4A488FE880DDC5FC154C209C0 | SHA256:579BFF0EBCD903622EC815F8D1ABF461651FDE894E95BD1ECE1200FA5684509C | |||
1916 | MAERSK EXPRESS SCAN.scr | C:\Users\admin\AppData\Local\Temp\subfolder\filename.scr | executable | |
MD5:2D55649D67D45A8490BD3AA6D4256BC6 | SHA256:0130D134ED8EA5E5C1D2879FFA05D4D1BA5A30619AC9A26BD58276213A33EA96 | |||
2084 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\submittedred.rtf.LNK | lnk | |
MD5:938D395FC229963DC4D32BCE4EFC65DD | SHA256:3581AFA9E90C43CC2C82A44CBAEECC9C1D9438B3F66FD7CD6A30DBBFDEFD6B95 | |||
2084 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:D73518B4ED465461529CAE3D7F638C57 | SHA256:4890687B981207FBE68DBFF6285964191CD9A4D364BB728E65A3BFD0FCA849FC |