File name: | c586f30 |
Full analysis: | https://app.any.run/tasks/8242450d-0ea9-40ce-b516-e38d7fd9b228 |
Verdict: | Malicious activity |
Analysis date: | July 17, 2019, 08:45:14 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-msaccess |
File info: | Microsoft Access Database |
MD5: | 3A702EFF51C07FCA23ACA8DD2F6D10EC |
SHA1: | 2FA5CE680BFE182C07BF3320479BC272B3D3205E |
SHA256: | C586F306880E9EE26997057B0FC430B0D330C59E24AE45B91F3C6A0D885937E7 |
SSDEEP: | 12288:unFabEY24Nun3poypgF+5qrfwHBh0cwq0t7e7/cqXQA/zylO/:UwbEYa3poS3/0cwa7/cc1 |
.mdb | | | Microsoft Jet DB (90.9) |
---|---|---|
.pi2 | | | DEGAS med-res bitmap (9) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3444 | "C:\Program Files\Microsoft Office\Office14\MSACCESS.EXE" /NOSTARTUP "C:\Users\admin\Desktop\c586f30.mdb" %2 %3 %4 %5 %6 %7 %8 %9 | C:\Program Files\Microsoft Office\Office14\MSACCESS.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Access Version: 14.0.6024.1000 | ||||
3460 | "C:\Users\admin\AppData\Local\Temp\cym_16001380430BD84B24.exe" | C:\Users\admin\AppData\Local\Temp\cym_16001380430BD84B24.exe | — | MSACCESS.EXE |
User: admin Integrity Level: MEDIUM |
PID | Process | Filename | Type | |
---|---|---|---|---|
3444 | MSACCESS.EXE | C:\Users\admin\AppData\Local\Temp\CVRD253.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3444 | MSACCESS.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Access\System.mdw | mdw | |
MD5:FE5A91F3DBBAA3AE36006B404926DA1A | SHA256:5BA245EDD8E5E3750C8AA3C4EAE7E318766867176B8E992C3277FA47DD7FCC10 | |||
3444 | MSACCESS.EXE | C:\Users\admin\AppData\Local\Temp\cym_16001380430BD84B24.exe | executable | |
MD5:E7BC3273C63BEE1F850A97C2F5809CEA | SHA256:CCDABC0D58E69AF33D39F01DBD8A1737F9AE0F8CC293603C53401373653B123A |
Process | Message |
---|---|
MSACCESS.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Access\System.mdw |