File name: | GalaxyM63.zip |
Full analysis: | https://app.any.run/tasks/9419ae1d-d1e7-4cd6-8768-c9ef158173d8 |
Verdict: | Malicious activity |
Analysis date: | November 08, 2019, 15:50:10 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 101357E79A95471EE76A6406A9A20FE9 |
SHA1: | 1A0EC4DF090F3D347E35859527E8840CD7051FD5 |
SHA256: | C38FD1ACD0C805C3C1C204C26AA7ECBAE0DC01E0BC106378EC68428569EB9DE4 |
SSDEEP: | 1536:ozpwdfyCKM4RmRNlaG71p+Sps/gG+6IAaDlu3AsIiJR3z0oEyuQnASQWWH:iq1XTJN31pLps/gGN+Dk3AsIaFuIASk |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | info_11_07.doc |
---|---|
ZipUncompressedSize: | 83362 |
ZipCompressedSize: | 76428 |
ZipCRC: | 0x2fc39932 |
ZipModifyDate: | 2019:11:07 03:37:17 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0009 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2828 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Downloads\GalaxyM63.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3524 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\Rar$DIb2828.23650\info_11_07.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | WinRAR.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
3348 | "C:\Windows\System32\cmd.exe" /c wmic process list /format:"C:\Users\admin\AppData\Local\Temp\aWtKUm" | C:\Windows\System32\cmd.exe | — | WINWORD.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 2147614729 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
2868 | wmic process list /format:"C:\Users\admin\AppData\Local\Temp\aWtKUm" | C:\Windows\System32\Wbem\WMIC.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: WMI Commandline Utility Exit code: 2147614729 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
1976 | "C:\Windows\System32\cmd.exe" /c wmic process list /format:"C:\Users\admin\AppData\Local\Temp\aWtKUm" | C:\Windows\System32\cmd.exe | — | WINWORD.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3524 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRDFEB.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3524 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:4186BF10E1147BDAABCFB9E77AEF8B5D | SHA256:74A270CB55B1A933A2073D771E163A967D128D281F6005F3B633FD7D84837B11 | |||
3524 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd | tlb | |
MD5:092C8B60F34A46A192CDBBF50519BCCA | SHA256:39023344E6130C3FFE7392FD459340C1136300FC4FDDC374EC6AA3A5FFB15730 | |||
3524 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\MSO1049.acl | binary | |
MD5:39552AC789199AC5A30EDCFC3DA8785A | SHA256:BF48DA40215410D7DD88D21A259FD0324E936E138CE6BF95CBD188470136765D | |||
3524 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\aWtKUm.xsl | xml | |
MD5:6C2C11F3E26CF94B03A7C5FB34410DAF | SHA256:B0641E4A54D842E5DC149F26B6B9DC5B5D0B16663DE9192B396C7603654C284F | |||
2828 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIb2828.23650\info_11_07.doc | document | |
MD5:4488A89ABCA0B75E7D484164179E5923 | SHA256:366D4175022BBEBDB8252B6B868D52E77EC02F7EB5EE9BDFDB76E456EA0777CC | |||
3524 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\Rar$DIb2828.23650\~$fo_11_07.doc | pgc | |
MD5:EADFEF3A780F031B9A2CFDA5EA016FAE | SHA256:7316EEEEDA78F5FBF8881CC0EF1513A900BEC712B8BC349F21E98C6E42EAE784 |
Domain | IP | Reputation |
---|---|---|
xvobvgcssb.com |
| unknown |