File name: | sample.zip |
Full analysis: | https://app.any.run/tasks/a493859b-ff63-432d-a137-b59b311f1a95 |
Verdict: | Malicious activity |
Analysis date: | December 18, 2018, 20:15:21 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | B650191C73449C540B1B6A5979188AA1 |
SHA1: | EB51C18E6AC37C41BF95218E2C7C2230AC8943D3 |
SHA256: | 9DF9B6A6273ACDA6126CDF69A6F86CB631C7093360ADA4AABE01015B20736AE2 |
SSDEEP: | 768:0MG+RChM11TmptpAVWrM/duEyje7c2A5OtgiQaDnRCZ4vX+miDQeiODS469rSj:0ARUuQsYje7criPnRC+X13ehyFSj |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | Deflated |
ZipModifyDate: | 2018:12:18 21:11:15 |
ZipCRC: | 0x7f85132d |
ZipCompressedSize: | 44808 |
ZipUncompressedSize: | 82435 |
ZipFileName: | samples/0f2ee8f0e463a4e5ac54ba0d9d5960cd |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2820 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\sample.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
844 | C:\Windows\system32\svchost.exe -k netsvcs | C:\Windows\System32\svchost.exe | services.exe | |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Host Process for Windows Services Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
116 | C:\Windows\Explorer.EXE | C:\Windows\explorer.exe | — | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Explorer Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1224 | "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" | C:\Windows\System32\SearchProtocolHost.exe | — | SearchIndexer.exe |
User: SYSTEM Company: Microsoft Corporation Integrity Level: SYSTEM Description: Microsoft Windows Search Protocol Host Version: 7.00.7600.16385 (win7_rtm.090713-1255) | ||||
884 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\0f2ee8f0e463a4e5ac54ba0d9d5960cd.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2820 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2820.17099\samples\0f2ee8f0e463a4e5ac54ba0d9d5960cd | — | |
MD5:— | SHA256:— | |||
884 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR547A.tmp.cvr | — | |
MD5:— | SHA256:— | |||
884 | WINWORD.EXE | C:\Users\admin\Desktop\~$2ee8f0e463a4e5ac54ba0d9d5960cd.doc | pgc | |
MD5:72004BBC98FE2ABA80D395E0010C5631 | SHA256:7AB20D0F562EB8C061EEDFE75631CF811B87E28CD290485449A7A8530A06D375 | |||
116 | explorer.exe | C:\Users\admin\Desktop\0f2ee8f0e463a4e5ac54ba0d9d5960cd | executable | |
MD5:0F2EE8F0E463A4E5AC54BA0D9D5960CD | SHA256:7D3B4787D1B55676043ACDD07147DA47380E8C144861C3A0349D82C1BB83D345 | |||
116 | explorer.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012018121820181219\index.dat | dat | |
MD5:493DC22CFFE16C25E0DAD8125B7A389E | SHA256:342AEB8D565DB88811A9428677E515D610DAB3BCD326AB1186FAF8F27E6E4157 | |||
844 | svchost.exe | C:\Windows\appcompat\programs\RecentFileCache.bcf | txt | |
MD5:F21900C7A25F863C30D1D846EA91370B | SHA256:19E89AC099570546B4FB964A14D5E70B72AB17B892739FFE1A6111AD8404641F | |||
116 | explorer.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\0f2ee8f0e463a4e5ac54ba0d9d5960cd.doc.lnk | lnk | |
MD5:41167B88E4BAF650EA30A8C9A96EDB38 | SHA256:2ED63E1A620BE04DDA3A6C303FA893D5A0EB7E2ED3B976E106CD51D6C4EC90A6 | |||
116 | explorer.exe | C:\Users\admin\Desktop\0f2ee8f0e463a4e5ac54ba0d9d5960cd.doc | executable | |
MD5:0F2EE8F0E463A4E5AC54BA0D9D5960CD | SHA256:7D3B4787D1B55676043ACDD07147DA47380E8C144861C3A0349D82C1BB83D345 | |||
116 | explorer.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1b4dd67f29cb1962.automaticDestinations-ms | automaticdestinations-ms | |
MD5:C2676CFB35180CD7A33938C1EE21FB6C | SHA256:6CA81FD3AC2ED50B86F1AC3CDF4253F2EE820266673E031C23ABD2AA03BB1020 | |||
116 | explorer.exe | C:\Users\admin\Desktop\0f2ee8f0e463a4e5ac54ba0d9d5960cd.exe | executable | |
MD5:0F2EE8F0E463A4E5AC54BA0D9D5960CD | SHA256:7D3B4787D1B55676043ACDD07147DA47380E8C144861C3A0349D82C1BB83D345 |