File name:

Office 2010 Activation and Conversion Kit 1.6.exe

Full analysis: https://app.any.run/tasks/3f3fb2e5-2996-4c5f-acf3-68c9b1c23e23
Verdict: Malicious activity
Analysis date: June 03, 2024, 09:45:39
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

C07C80EFD4A65B4EF8A9CE01A7183C36

SHA1:

761638F2A70F88A0DFA9CE5C668DAF8F853AB653

SHA256:

7EA175879ABF9B99279873AE1E0F50DB7F22E341D661CAFF8F197908B43A2341

SSDEEP:

98304:xU7Z0F8QoPRIsuJuiMKr/A4rjGqcrKutWMKhX/dLi3MQBLbzJSC0zcSSdqEPds2p:JWSq7F

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • Office 2010 Activation and Conversion Kit 1.6.exe (PID: 4084)
      • Raz0r.exe (PID: 820)

  • SUSPICIOUS

    • The process creates files with name similar to system file names

      • Office 2010 Activation and Conversion Kit 1.6.exe (PID: 4084)

    • Process drops legitimate windows executable

      • Office 2010 Activation and Conversion Kit 1.6.exe (PID: 4084)

    • Executable content was dropped or overwritten

      • Office 2010 Activation and Conversion Kit 1.6.exe (PID: 4084)
      • Raz0r.exe (PID: 820)

    • Reads the Internet Settings

      • Office 2010 Activation and Conversion Kit 1.6.exe (PID: 4084)

    • Reads security settings of Internet Explorer

      • Office 2010 Activation and Conversion Kit 1.6.exe (PID: 4084)

  • INFO

    • Checks supported languages

      • Office 2010 Activation and Conversion Kit 1.6.exe (PID: 4084)
      • Raz0r.exe (PID: 820)

    • Reads the computer name

      • Office 2010 Activation and Conversion Kit 1.6.exe (PID: 4084)

    • Create files in a temporary directory

      • Office 2010 Activation and Conversion Kit 1.6.exe (PID: 4084)
      • Raz0r.exe (PID: 820)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Generic Win/DOS Executable (50)
.exe | DOS Executable Generic (49.9)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2009:09:14 01:13:07+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 78336
InitializedDataSize: 31232
UninitializedDataSize: -
EntryPoint: 0x12a92
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.6.1.0
ProductVersionNumber: 1.6.1.0
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Unknown
FileSubtype: -
LanguageCode: Process default
CharacterSet: Unicode
CompanyName: Raz0r
FileDescription: Activation tool
LegalCopyright: Copyleft (C) Raz0r
ProductName: O2ACK
ProductVersion: 1.6.1.0
FileVersion: 1.6.1.0
CompiledBy: Compiled by SFXMaker
No data.
screenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
37
Monitored processes
3
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start office 2010 activation and conversion kit 1.6.exe raz0r.exe office 2010 activation and conversion kit 1.6.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
820"C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Raz0r.exe" C:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Raz0r.exe
Office 2010 Activation and Conversion Kit 1.6.exe
User:
admin
Company:
Raz0r
Integrity Level:
HIGH
Description:
AutoPlay Menu Loader
Version:
1.6.1.1
Modules
Images
c:\users\admin\appdata\local\temp\7zipsfx.000\raz0r.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
3976"C:\Users\admin\AppData\Local\Temp\Office 2010 Activation and Conversion Kit 1.6.exe" C:\Users\admin\AppData\Local\Temp\Office 2010 Activation and Conversion Kit 1.6.exeexplorer.exe
User:
admin
Company:
Raz0r
Integrity Level:
MEDIUM
Description:
Activation tool
Exit code:
3221226540
Version:
1.6.1.0
Modules
Images
c:\users\admin\appdata\local\temp\office 2010 activation and conversion kit 1.6.exe
c:\windows\system32\ntdll.dll
4084"C:\Users\admin\AppData\Local\Temp\Office 2010 Activation and Conversion Kit 1.6.exe" C:\Users\admin\AppData\Local\Temp\Office 2010 Activation and Conversion Kit 1.6.exe
explorer.exe
User:
admin
Company:
Raz0r
Integrity Level:
HIGH
Description:
Activation tool
Version:
1.6.1.0
Modules
Images
c:\users\admin\appdata\local\temp\office 2010 activation and conversion kit 1.6.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
Total events
2 956
Read events
2 948
Write events
8
Delete events
0

Modification events

(PID) Process:(4084) Office 2010 Activation and Conversion Kit 1.6.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
(PID) Process:(4084) Office 2010 Activation and Conversion Kit 1.6.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:IntranetName
Value:
1
(PID) Process:(4084) Office 2010 Activation and Conversion Kit 1.6.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:UNCAsIntranet
Value:
1
(PID) Process:(4084) Office 2010 Activation and Conversion Kit 1.6.exeKey:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:AutoDetect
Value:
0
Executable files
12
Suspicious files
1
Text files
214
Unknown types
0

Dropped files

PID
Process
Filename
Type
4084Office 2010 Activation and Conversion Kit 1.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Pack\Licenses\VL\InfoPath\Registration32.regtext
MD5:2410AA09E68321360440D37A7783956F
SHA256:439BE1D7C1B08A9F11D57EB9A89113F257344231E21B9CC61025D49883B9545D
4084Office 2010 Activation and Conversion Kit 1.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\slerror.xmltext
MD5:DF1EF05879E06C5F09F3E1022F37B5CB
SHA256:D49ADF2DABBBF6AA43CE4E336AF4F768207DF75302EBF568A94A5350AAC988C5
4084Office 2010 Activation and Conversion Kit 1.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Pack\Licenses\VL\Excel\Registration32.regtext
MD5:8503A608CD73C11FEA0201BC79A6C5B3
SHA256:4D82442A7277E8926AAB38C8F4366E4BBA68AC4FF44E01F0D531CE1558142A6B
4084Office 2010 Activation and Conversion Kit 1.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Pack\Licenses\VL\Access\Registration32.regtext
MD5:AEF997F365223B18DA07FD6EAE9AC7A9
SHA256:2B260DBFF79A53841A57E41DD6F8832FF0219D6BC75598E2B00D0F221E2A24E9
4084Office 2010 Activation and Conversion Kit 1.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Pack\Licenses\VL\ProjectStd\Registration32.regtext
MD5:2ED893BCEF4B1D95F05D51176C36661C
SHA256:AABAD2C7EF0FC690FD993A64B8378B176239A1C9409C4A1CCB3A9290583CC05F
4084Office 2010 Activation and Conversion Kit 1.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Pack\Licenses\VL\Standard\Registration32.regtext
MD5:462F47EA2DA5823F4F4EE3B01CB72A4B
SHA256:BA7F51E07E4C7BA749F5982D5E4D552CF4C3B08AFBB63A6E328B9C6B17E5E159
4084Office 2010 Activation and Conversion Kit 1.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Pack\Licenses\VL\PowerPoint\Registration32.regtext
MD5:A5156CC941795F744B0782ABBDFAAFAE
SHA256:04E8FD1A7BB6319B010E26477097475460F546270081DDE671EE6C0A90BDBF07
4084Office 2010 Activation and Conversion Kit 1.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Pack\Licenses\VL\Outlook\Registration32.regtext
MD5:3E74CD0368F0EB2B05FEA0BD49EE966E
SHA256:DE93A2F3A44D569581D21D188CAE18443B555710847D32BFA20D61888B867F6B
4084Office 2010 Activation and Conversion Kit 1.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Pack\Licenses\VL\ProjectPro\Registration32.regtext
MD5:4B8947546E1728E6EBFF7CAA04A76EE6
SHA256:A6CE7FAFEE5D1A24231D12E99720F960F6881C5C6E3FB7FDFB6E0975C96F74D2
4084Office 2010 Activation and Conversion Kit 1.6.exeC:\Users\admin\AppData\Local\Temp\7ZipSfx.000\Pack\Licenses\VL\Publisher\Registration32.regtext
MD5:919331DF29F0BBADD428A3FF5D49435E
SHA256:45D0F9749A061C4F3ADC6EA577A570BEF37F769A105619C3D6F0F2446BDD4F26
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Office 2010 Activation and Conversion Kit 1.6.exe