File name: | 31d13840784b80b2c18c518c88d21648.zip |
Full analysis: | https://app.any.run/tasks/827cc5f4-5a45-4c6d-88f0-9f99f4b6ed96 |
Verdict: | Malicious activity |
Analysis date: | August 08, 2020, 16:09:42 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 9E5EF8FACFB2D2209F14B4DD783306B4 |
SHA1: | C9C9686EF8ADD29D5427832AED0DBFB044C9D34D |
SHA256: | 87543894935A297DACB8979E855A28CAE2789AE864DF218A78605CCC174D8A29 |
SSDEEP: | 192:tDBpI8cMN0W3jg8dRAaLofGdM7Gp7t1X1beCAKQ0O47Q8s9uoaB6LL5IizyNd9G0:tNcMN0WT8aL5d4GFt6CpQ0RQ8wuFQL5I |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | 0x0009 |
ZipCompression: | Deflated |
ZipModifyDate: | 2020:08:08 12:30:08 |
ZipCRC: | 0xb96ca5d5 |
ZipCompressedSize: | 11052 |
ZipUncompressedSize: | 50715 |
ZipFileName: | 31d13840784b80b2c18c518c88d21648 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2240 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\31d13840784b80b2c18c518c88d21648.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
1356 | "C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" "C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one" | C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft OneNote Exit code: 0 Version: 14.0.6022.1000 | ||||
1780 | /tsr | C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE | — | ONENOTE.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft OneNote Quick Launcher Version: 14.0.6015.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1356 | ONENOTE.EXE | C:\Users\admin\AppData\Local\Temp\CVR5FFC.tmp.cvr | — | |
MD5:— | SHA256:— | |||
1356 | ONENOTE.EXE | C:\Users\admin\AppData\Local\Microsoft\OneNote\14.0\OneNoteOfflineCache.onecache | — | |
MD5:— | SHA256:— | |||
1356 | ONENOTE.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk | lnk | |
MD5:D73B82F10DC22E711D0FC9890FC75710 | SHA256:FE117DF0B30ACD683AC4992067DDFDFF3F99FE014BE7BDCFB98EB20CBB6DA139 | |||
1356 | ONENOTE.EXE | C:\Users\admin\AppData\Roaming\Microsoft\OneNote\14.0\Preferences.dat | binary | |
MD5:6CA34C025B8D3EC10B36AADF011A11A5 | SHA256:C228D640912F27F087678E78C41CEA707BB4632EBB89976EFA9C0FEE547CB8B0 | |||
1356 | ONENOTE.EXE | C:\Users\admin\Documents\OneNote Notebooks\Personal\Unfiled Notes.one | one | |
MD5:FE5DD247463A0F5AAA86F7F02662AA8D | SHA256:E081B4F9243401D39045B5606A38CB103FBA7DD87C7CCA6948E931F033D11CF7 | |||
1356 | ONENOTE.EXE | C:\Users\admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex | text | |
MD5:F3B25701FE362EC84616A93A45CE9998 | SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209 |