File name: | 3C722F99DF5D1018DCD361D8DEB5CDC425C725EDBEB0A688D62F1B6C67ABD22C.zip |
Full analysis: | https://app.any.run/tasks/3b10ec13-1f0c-4e5d-b803-d1c9df799224 |
Verdict: | Malicious activity |
Analysis date: | December 02, 2019, 17:25:32 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | E157A53F006D70E6E80E4FAD75BD150E |
SHA1: | E96210B19BE3A77AA0E430C2426F4E12CDD30A65 |
SHA256: | 9556872F594F32F07EA1A045C7C303F33666C0D144B1451A122FA95883C061B1 |
SSDEEP: | 196608:z99dwPPvn8RlkLiy8spcuMFzPSXh99VAexciLnHxuRWB9u:zpwP3ulJiM9KXh9VucB8 |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | 3C722F99DF5D1018DCD361D8DEB5CDC425C725EDBEB0A688D62F1B6C67ABD22C |
---|---|
ZipUncompressedSize: | 12341332 |
ZipCompressedSize: | 8745137 |
ZipCRC: | 0xdaab3608 |
ZipModifyDate: | 2019:12:02 16:55:00 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0009 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
388 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\3C722F99DF5D1018DCD361D8DEB5CDC425C725EDBEB0A688D62F1B6C67ABD22C.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3128 | "C:\Users\admin\Desktop\a.exe" | C:\Users\admin\Desktop\a.exe | explorer.exe | |
User: admin Company: Cameyo (cameyo.com) Integrity Level: MEDIUM Exit code: 0 Version: 2, 6, 1209, 0 | ||||
2176 | "C:\Program Files\Pago Haberes por Empresas (Suc.)\BPSSucursal.exe" | C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\Pago Haberes y Recaudaciones Suc.exe | — | a.exe |
User: admin Integrity Level: MEDIUM |
PID | Process | Filename | Type | |
---|---|---|---|---|
388 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb388.7015\3C722F99DF5D1018DCD361D8DEB5CDC425C725EDBEB0A688D62F1B6C67ABD22C | — | |
MD5:— | SHA256:— | |||
3128 | a.exe | C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\EngineStamps\AppVirtDll_Pago Haberes y Recaudaciones Suc.dll.20140625-182934.274.stamp | — | |
MD5:— | SHA256:— | |||
3128 | a.exe | C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\EngineStamps\AppVirtDll64_Pago Haberes y Recaudaciones Suc.dll.20140625-182934.424.stamp | — | |
MD5:— | SHA256:— | |||
3128 | a.exe | C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\EngineStamps\Pago Haberes y Recaudaciones Suc.exe.20140625-182934.634.stamp | — | |
MD5:— | SHA256:— | |||
3128 | a.exe | C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\EngineStamps\Pago Haberes y Recaudaciones Suc64.exe.20140625-182934.634.stamp | — | |
MD5:— | SHA256:— | |||
3128 | a.exe | C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\EngineStamps\VirtFiles.Prog.db.20140630-174023.811.stamp | — | |
MD5:— | SHA256:— | |||
3128 | a.exe | C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\EngineStamps\SandboxCfg.db.20140625-182934.644.stamp | — | |
MD5:— | SHA256:— | |||
3128 | a.exe | C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\EngineStamps\VirtReg.Prog.dat.20140630-174023.847.stamp | — | |
MD5:— | SHA256:— | |||
3128 | a.exe | C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\CHANGES\VirtReg.dat | — | |
MD5:— | SHA256:— | |||
3128 | a.exe | C:\Users\admin\AppData\Roaming\VOS\Pago Haberes y Recaudaciones Suc\CHANGES\VirtFiles.db.3148.tmp | — | |
MD5:— | SHA256:— |