File name: | __rg[1].htm.zip |
Full analysis: | https://app.any.run/tasks/46564ebe-9aa5-424c-9892-0404d6dfb745 |
Verdict: | Malicious activity |
Analysis date: | July 17, 2019, 12:43:30 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v1.0 to extract |
MD5: | A0D20C2E1AAFBCD416FADF572AB5CAED |
SHA1: | CDE3F91CEDC4CF97B432287FE53931B5194F4567 |
SHA256: | B5E4F67980519F135127E21C0FE0FFB38E52721C47AA1371D89045A29B939635 |
SSDEEP: | 48:iL7BJ2tehSVHeqtm81/oCTHP20qTLghvWVXDcfSEy/xNrpCRAf0qcw+IaLqK:iL7/QehctmQACTTKKvM2SjrpJ+Xr |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 10 |
---|---|
ZipBitFlag: | - |
ZipCompression: | None |
ZipModifyDate: | 2019:07:17 09:40:21 |
ZipCRC: | 0x00000000 |
ZipCompressedSize: | - |
ZipUncompressedSize: | - |
ZipFileName: | Nuevo Documento de Microsoft Word.docx |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2976 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\__rg[1].htm.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
3828 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\Nuevo Documento de Microsoft Word.docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
3716 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" -Embedding | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe Acrobat Reader DC Exit code: 1 Version: 15.23.20070.215641 | ||||
2900 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer -embedding | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | — | AcroRd32.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe Acrobat Reader DC Exit code: 1 Version: 15.23.20070.215641 | ||||
2276 | "C:\Windows\system32\taskmgr.exe" | C:\Windows\system32\taskmgr.exe | — | WINWORD.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Task Manager Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2744 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" -Embedding | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe Acrobat Reader DC Exit code: 1 Version: 15.23.20070.215641 | ||||
2240 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer -embedding | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | — | AcroRd32.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe Acrobat Reader DC Exit code: 1 Version: 15.23.20070.215641 | ||||
1772 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" -Embedding | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe Acrobat Reader DC Exit code: 1 Version: 15.23.20070.215641 | ||||
3036 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" --type=renderer -embedding | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | — | AcroRd32.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: LOW Description: Adobe Acrobat Reader DC Exit code: 1 Version: 15.23.20070.215641 | ||||
3904 | "C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" -Embedding | C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe | — | svchost.exe |
User: admin Company: Adobe Systems Incorporated Integrity Level: MEDIUM Description: Adobe Acrobat Reader DC Version: 15.23.20070.215641 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2976 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa2976.43575\__rg[1].htm | — | |
MD5:— | SHA256:— | |||
3828 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR1C6E.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3828 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\index.dat | text | |
MD5:E948E3B0BE16E03BF2A1D29AC8F36194 | SHA256:CD94FA436624AC1F79511459CFDAD9AEEEB279D2D957C0CDC899AC4318044184 | |||
3828 | WINWORD.EXE | C:\Users\admin\Desktop\~$evo Documento de Microsoft Word.docx | pgc | |
MD5:7C5777A913ADE4AF151ACFDA1AE23081 | SHA256:5641963A4BB0BD130208A5AAA49AB825DD5F87BD3A292253D734AD8FB5DFB518 | |||
3828 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\Nuevo Documento de Microsoft Word.docx.LNK | lnk | |
MD5:A181381CC48B31BB6D00862E4E183E40 | SHA256:9E75BED1720CEC61F8AA08FB824BECCD4BD0658CA5FBDE2F229B75405384782C | |||
3828 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:57147206E0702B7673ED516F1D44EFA8 | SHA256:74441E2748CA9A6609F124B5DF8844E820FEF4BC4B78BD72F1BBAA02DB58A65B | |||
3716 | AcroRd32.exe | C:\Users\admin\Desktop\__rg[1].xml | xml | |
MD5:BF2EB346D3B42D9EA5AC1DE637936948 | SHA256:1EA594CABA42C2E48FC6782CF32691464111C4D8AFCC013D390EBAF24CFCEF69 |