File name:

Office 2010 Activation and Conversion Kit 1.6.exe

Full analysis: https://app.any.run/tasks/3f3fb2e5-2996-4c5f-acf3-68c9b1c23e23
Verdict: Malicious activity
Analysis date: June 03, 2024, 09:45:39
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

C07C80EFD4A65B4EF8A9CE01A7183C36

SHA1:

761638F2A70F88A0DFA9CE5C668DAF8F853AB653

SHA256:

7EA175879ABF9B99279873AE1E0F50DB7F22E341D661CAFF8F197908B43A2341

SSDEEP:

98304:xU7Z0F8QoPRIsuJuiMKr/A4rjGqcrKutWMKhX/dLi3MQBLbzJSC0zcSSdqEPds2p:JWSq7F

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Office 2010 Activation and Conversion Kit 1.6.exe (PID: 4084)
      • Raz0r.exe (PID: 820)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • Office 2010 Activation and Conversion Kit 1.6.exe (PID: 4084)

    • Process drops legitimate windows executable

      • Office 2010 Activation and Conversion Kit 1.6.exe (PID: 4084)

    • Executable content was dropped or overwritten

      • Office 2010 Activation and Conversion Kit 1.6.exe (PID: 4084)
      • Raz0r.exe (PID: 820)

    • Reads security settings of Internet Explorer

      • Office 2010 Activation and Conversion Kit 1.6.exe (PID: 4084)

    • Reads the Internet Settings

      • Office 2010 Activation and Conversion Kit 1.6.exe (PID: 4084)

  • INFO

    • Create files in a temporary directory

      • Office 2010 Activation and Conversion Kit 1.6.exe (PID: 4084)
      • Raz0r.exe (PID: 820)

    • Checks supported languages

      • Raz0r.exe (PID: 820)
      • Office 2010 Activation and Conversion Kit 1.6.exe (PID: 4084)

    • Reads the computer name

      • Office 2010 Activation and Conversion Kit 1.6.exe (PID: 4084)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:09:14 01:13:07+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 78336
InitializedDataSize: 31232
UninitializedDataSize: -
EntryPoint: 0x12a92
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.6.1.0
ProductVersionNumber: 1.6.1.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Process default
CharacterSet: Unicode
CompanyName: Raz0r
FileDescription: Activation tool
LegalCopyright: Copyleft (C) Raz0r
ProductName: O2ACK
ProductVersion: 1.6.1.0
FileVersion: 1.6.1.0
CompiledBy: Compiled by SFXMaker
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start office 2010 activation and conversion kit 1.6.exe raz0r.exe office 2010 activation and conversion kit 1.6.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
820"C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Raz0r.exe" C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Raz0r.exe
Office 2010 Activation and Conversion Kit 1.6.exe
User:
admin
Company:
Raz0r
Integrity Level:
HIGH
Description:
AutoPlay Menu Loader
Version:
1.6.1.1
Modules
Images
c:\users\admin\appdata\local\temp\7zipsfx.000\raz0r.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3976"C:\Users\admin\AppData\Local\Temp\Office 2010 Activation and Conversion Kit 1.6.exe" C:\Users\admin\AppData\Local\Temp\Office 2010 Activation and Conversion Kit 1.6.exeexplorer.exe
User:
admin
Company:
Raz0r
Integrity Level:
MEDIUM
Description:
Activation tool
Exit code:
3221226540
Version:
1.6.1.0
Modules
Images
c:\users\admin\appdata\local\temp\office 2010 activation and conversion kit 1.6.exe
c:\windows\system32\ntdll.dll
4084"C:\Users\admin\AppData\Local\Temp\Office 2010 Activation and Conversion Kit 1.6.exe" C:\Users\admin\AppData\Local\Temp\Office 2010 Activation and Conversion Kit 1.6.exe
explorer.exe
User:
admin
Company:
Raz0r
Integrity Level:
HIGH
Description:
Activation tool
Version:
1.6.1.0
Modules
Images
c:\users\admin\appdata\local\temp\office 2010 activation and conversion kit 1.6.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
2 956
Read events
2 948
Write events
8
Delete events
0

Modification events

(PID) Process:(4084) Office 2010 Activation and Conversion Kit 1.6.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(4084) Office 2010 Activation and Conversion Kit 1.6.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(4084) Office 2010 Activation and Conversion Kit 1.6.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(4084) Office 2010 Activation and Conversion Kit 1.6.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
12
Suspicious files
1
Text files
214
Unknown types
0

Dropped files

PID
Process
Filename
Type
4084Office 2010 Activation and Conversion Kit 1.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\slerror.xmltext
MD5:DF1EF05879E06C5F09F3E1022F37B5CB
SHA256:D49ADF2DABBBF6AA43CE4E336AF4F768207DF75302EBF568A94A5350AAC988C5
4084Office 2010 Activation and Conversion Kit 1.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Pack\Licenses\VL\InfoPath\Registration32.regtext
MD5:2410AA09E68321360440D37A7783956F
SHA256:439BE1D7C1B08A9F11D57EB9A89113F257344231E21B9CC61025D49883B9545D
4084Office 2010 Activation and Conversion Kit 1.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Pack\Licenses\VL\Excel\Registration32.regtext
MD5:8503A608CD73C11FEA0201BC79A6C5B3
SHA256:4D82442A7277E8926AAB38C8F4366E4BBA68AC4FF44E01F0D531CE1558142A6B
4084Office 2010 Activation and Conversion Kit 1.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Pack\Licenses\VL\Groove\Registration32.regtext
MD5:FF46F82E73E2E6701E85B9E4E28B9794
SHA256:F978343B81D0A7DCADC4E525BCF396BC776DE718C6C43875F834AC1D62661752
4084Office 2010 Activation and Conversion Kit 1.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Pack\Licenses\VL\OneNote\Registration32.regtext
MD5:E81C53D6EC646DD825C0638EEBDA7DED
SHA256:69E72D9E13849457AA059DB8BCC673F5BA93ABA1845BAFB83489BC030AB33DA7
4084Office 2010 Activation and Conversion Kit 1.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Pack\Licenses\VL\Outlook\Registration32.regtext
MD5:3E74CD0368F0EB2B05FEA0BD49EE966E
SHA256:DE93A2F3A44D569581D21D188CAE18443B555710847D32BFA20D61888B867F6B
4084Office 2010 Activation and Conversion Kit 1.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Pack\Licenses\VL\Standard\Registration32.regtext
MD5:462F47EA2DA5823F4F4EE3B01CB72A4B
SHA256:BA7F51E07E4C7BA749F5982D5E4D552CF4C3B08AFBB63A6E328B9C6B17E5E159
4084Office 2010 Activation and Conversion Kit 1.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Pack\Licenses\VL\Publisher\Registration32.regtext
MD5:919331DF29F0BBADD428A3FF5D49435E
SHA256:45D0F9749A061C4F3ADC6EA577A570BEF37F769A105619C3D6F0F2446BDD4F26
4084Office 2010 Activation and Conversion Kit 1.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Pack\Licenses\VL\Visio\Registration32.regtext
MD5:81DE24390344EFFB4D28CFDFB98AA2CB
SHA256:069463FABFE8BE462649BD913398C8D5871A7F78A1D33F0C3B66324B8F91E9D5
4084Office 2010 Activation and Conversion Kit 1.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Pack\Licenses\VL\ProPlus\Registration32.regtext
MD5:87DE9E499A9FEDD98CEA895F1696CE83
SHA256:CB5E6E621317C94A784A1277E9FD9488EF63C8154B0F0D1E998F127A98790F15
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Office 2010 Activation and Conversion Kit 1.6.exe