File name: | 4706195933275640545_orig_file.zip |
Full analysis: | https://app.any.run/tasks/c4f47e24-81c7-413e-84b9-0ef293888cc7 |
Verdict: | Malicious activity |
Analysis date: | November 16, 2019, 20:48:26 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v1.0 to extract |
MD5: | E10E2CD384F223ED561AF13ED4D8CDA2 |
SHA1: | FE02500D87BB63AF7B96BE10FD296B85042B6884 |
SHA256: | B4539BECB83EF0E1FF3E39428E747E9D52945E8E14EDE50A4A52294728FF491C |
SSDEEP: | 6144:Sa2nx/PyoY+q/45wST+6SwPvXwTKavyeoN0Uu+vzhmtBC0PjQL9k4CuKPx47gmhF:StxyoYf6SIyo+UX1mtBCuQLto451uw |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 10 |
---|---|
ZipBitFlag: | - |
ZipCompression: | None |
ZipModifyDate: | 2019:11:16 23:47:13 |
ZipCRC: | 0xfc649f5c |
ZipCompressedSize: | 452262 |
ZipUncompressedSize: | 452262 |
ZipFileName: | AVSamples.zip |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2168 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\4706195933275640545_orig_file.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2084 | "C:\Program Files\WinRAR\WinRAR.exe" C:\Users\admin\AppData\Local\Temp\Rar$DIa2168.33184\AVSamples.zip | C:\Program Files\WinRAR\WinRAR.exe | WinRAR.exe | |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
1600 | "C:\Users\admin\AppData\Local\Temp\Rar$EXb2084.33743\New Invoice.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXb2084.33743\New Invoice.exe | — | WinRAR.exe |
User: admin Company: Markus Benovsky Integrity Level: MEDIUM Description: ObcidiaNetwork Exit code: 0 Version: 1.5.0.0 | ||||
2040 | "C:\Users\admin\AppData\Local\Temp\Rar$EXb2084.33743\New Invoice.exe" | C:\Users\admin\AppData\Local\Temp\Rar$EXb2084.33743\New Invoice.exe | New Invoice.exe | |
User: admin Company: Markus Benovsky Integrity Level: MEDIUM Description: ObcidiaNetwork Version: 1.5.0.0 | ||||
2644 | "C:\Users\admin\Desktop\New Invoice.exe" | C:\Users\admin\Desktop\New Invoice.exe | — | explorer.exe |
User: admin Company: Markus Benovsky Integrity Level: MEDIUM Description: ObcidiaNetwork Exit code: 4294967295 Version: 1.5.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2084 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$EXb2084.33743\New Invoice.exe | executable | |
MD5:15846930E63B12EBAB5D3FC2BB18A18D | SHA256:5100638E353074E040EC1B477E6357A1D464F15146C6FF3FBDCE149D32DC5440 | |||
2040 | New Invoice.exe | C:\Users\admin\AppData\Roaming\GvwZwPp\cEAzX.exe | executable | |
MD5:15846930E63B12EBAB5D3FC2BB18A18D | SHA256:5100638E353074E040EC1B477E6357A1D464F15146C6FF3FBDCE149D32DC5440 | |||
2084 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRb2084.38990\New Invoice.exe | executable | |
MD5:15846930E63B12EBAB5D3FC2BB18A18D | SHA256:5100638E353074E040EC1B477E6357A1D464F15146C6FF3FBDCE149D32DC5440 | |||
2168 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa2168.33184\AVSamples.zip | compressed | |
MD5:88137D94CE35EC5CA0060FEF0DA25489 | SHA256:2CF49360757C8D7C69E3AAB3E1FA04BE8C503BC18369028064A1DB90A94174F8 | |||
2040 | New Invoice.exe | C:\Users\admin\AppData\Local\Temp\51faa74e-5f7a-4cb6-9189-a8413b2b28a7 | sqlite | |
MD5:0B3C43342CE2A99318AA0FE9E531C57B | SHA256:0CCB4915E00390685621DA3D75EBFD5EDADC94155A79C66415A7F4E9763D71B8 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2040 | New Invoice.exe | 192.185.28.88:587 | mail.octindia.com | CyrusOne LLC | US | malicious |
Domain | IP | Reputation |
---|---|---|
mail.octindia.com |
| malicious |
PID | Process | Class | Message |
---|---|---|---|
2040 | New Invoice.exe | Generic Protocol Command Decode | SURICATA Applayer Detect protocol only one direction |