File name: | Proforma Invoice.ace |
Full analysis: | https://app.any.run/tasks/07857ea2-ec58-4a4d-8522-625c694f2243 |
Verdict: | Malicious activity |
Analysis date: | July 11, 2019, 14:48:16 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/octet-stream |
File info: | ACE archive data version 20, from Win/32, version 20 to extract, contains AV-String (unregistered), solid |
MD5: | BA8E7DCBAC167497763A8CC59070CAEA |
SHA1: | 7A6FC00A7B7115DA91E0A0264D555103C59E93FA |
SHA256: | 994E4435AE51350C1B3AD040C73B2257C3A22F32D14BCF87C7D40FB4640EC695 |
SSDEEP: | 3072:gKZjZ32D/pJU4y5TVOATY1lmRBE1Tyobdye6jNYeRNGSl6wirBD7+VHbZ:/ZmTjy5TVOAuhTUfxY10jbZ |
.ace | | | ACE compressed archive (77.8) |
---|---|---|
.pgc | | | PGN (Portable Gaming Notation) Compressed format (22.1) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3288 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Proforma Invoice.ace" | C:\Program Files\WinRAR\WinRAR.exe | explorer.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3140 | "C:\Users\admin\AppData\Local\Temp\Rar$DIa3288.2723\Proforma Invoice.scr" /S | C:\Users\admin\AppData\Local\Temp\Rar$DIa3288.2723\Proforma Invoice.scr | WinRAR.exe | |
User: admin Company: Hyperionshieldtail Integrity Level: MEDIUM Exit code: 0 Version: 4.03.0006 | ||||
4072 | "C:\Users\admin\AppData\Local\Temp\Rar$DIa3288.5615\Proforma Invoice.scr" /S | C:\Users\admin\AppData\Local\Temp\Rar$DIa3288.5615\Proforma Invoice.scr | — | WinRAR.exe |
User: admin Company: Hyperionshieldtail Integrity Level: MEDIUM Version: 4.03.0006 | ||||
3320 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\subfolder\filename.vbs" | C:\Windows\System32\WScript.exe | Proforma Invoice.scr | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Exit code: 0 Version: 5.8.7600.16385 | ||||
3544 | "C:\Users\admin\subfolder\filename.scr" /S | C:\Users\admin\subfolder\filename.scr | — | Proforma Invoice.scr |
User: admin Company: Hyperionshieldtail Integrity Level: MEDIUM Version: 4.03.0006 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3140 | Proforma Invoice.scr | C:\Users\admin\AppData\Local\Temp\~DFC3455DB046D98553.TMP | binary | |
MD5:3CC73B181668E1D922E8C9E66B2DB75D | SHA256:338D86F95A218B0B6A1E56B0F21E34BE9E57619486F34E2B2F3F5BEAC6516D01 | |||
3140 | Proforma Invoice.scr | C:\Users\admin\subfolder\filename.scr | executable | |
MD5:9A669ABFCADB0550B68149E10ACD8A4B | SHA256:03BBD52028B61F019A8AC9257D6813CD5954373ACCEBB5BBF6FFA79392E940A2 | |||
3288 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa3288.2723\Proforma Invoice.scr | executable | |
MD5:9A669ABFCADB0550B68149E10ACD8A4B | SHA256:03BBD52028B61F019A8AC9257D6813CD5954373ACCEBB5BBF6FFA79392E940A2 | |||
3288 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa3288.5615\Proforma Invoice.scr | executable | |
MD5:9A669ABFCADB0550B68149E10ACD8A4B | SHA256:03BBD52028B61F019A8AC9257D6813CD5954373ACCEBB5BBF6FFA79392E940A2 | |||
3140 | Proforma Invoice.scr | C:\Users\admin\subfolder\filename.vbs | text | |
MD5:DA1D1F604474FC50F7CF8060A496DAE3 | SHA256:EB5726D1E5010EB8D8B8E0B2A64AE42B2ED96F98D5018C7387D4C000C0576971 |