File name: | invoice notification 2019.rar |
Full analysis: | https://app.any.run/tasks/d4a6aefc-141e-4fb0-9643-853ca84b1b61 |
Verdict: | Malicious activity |
Analysis date: | May 20, 2019, 15:52:18 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/x-rar |
File info: | RAR archive data, v5 |
MD5: | 39CC38757ABFAB02ACDB0705F587B6DB |
SHA1: | E8B97C3FFB1A7FBFF72A04468C7E94D2929343C3 |
SHA256: | E9440422F51B1DC00BC9A8164C9DE32146FB22A28EE50E56805405BC3D510A3A |
SSDEEP: | 1536:VOEFXDWWTidMIYGmJ2owpnLS8iiywz4gph9SU2Ig3:9DWKW7YGm8owJ9kwsgph9Fjg3 |
.rar | | | RAR compressed archive (v5.0) (61.5) |
---|---|---|
.rar | | | RAR compressed archive (gen) (38.4) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3532 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\invoice notification 2019.rar" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
1008 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\Rar$DIa3532.7086\invoice notification 2019.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | WinRAR.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1008 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR12A5.tmp.cvr | — | |
MD5:— | SHA256:— | |||
1008 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\Rar$DIa3532.7086\~$voice notification 2019.doc | pgc | |
MD5:561E98CFB9C26995DEAD5D83C625A4C6 | SHA256:66B109107B63B4700602A0293E40A34BE0F5363E80562F6E171AB51373DB5D98 | |||
1008 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:5FC549E254419DB7E637BEDEDE968980 | SHA256:49FC2ADABF910202E59A9344F8B7B236F3C6605469816E4450D07DD1BEE8DF57 | |||
3532 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIa3532.7086\invoice notification 2019.doc | document | |
MD5:0A4CDBB04CCE002CA94D8F79C5113AC6 | SHA256:9E061EAEC56CD40DEAA792918A1C46146B2410A98F037453A745B1AA4F43ADC5 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
1008 | WINWORD.EXE | 47.245.58.124:443 | kentona.su | — | US | suspicious |
Domain | IP | Reputation |
---|---|---|
kentona.su |
| malicious |
dns.msftncsi.com |
| shared |
PID | Process | Class | Message |
---|---|---|---|
— | — | Potentially Bad Traffic | ET DNS Query for .su TLD (Soviet Union) Often Malware Related |