File name: | sup69.zip |
Full analysis: | https://app.any.run/tasks/6de6d1a6-1731-41c8-bd1f-0f2bf61d7187 |
Verdict: | Malicious activity |
Threats: | Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns. |
Analysis date: | January 18, 2020, 12:32:37 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 635B5D5F6F706608BAF40FADDBA47FC4 |
SHA1: | A47EBC84272734C18058097A046D343E213EA56F |
SHA256: | E97D10B3EB03B10534E5790ADD830AE1781CF6816BAEE50E152BE5AFD37CD2C6 |
SSDEEP: | 3072:xQ6ILEjOlCPdM64pDSFYiYBl07FKMnKWkVhJ34U4UCYvx7edj+PH:xQ6ILEjnS644oBlMPK9V734U4UhhesH |
.zip | | | ZIP compressed archive (100) |
---|
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | 0x0009 |
ZipCompression: | Deflated |
ZipModifyDate: | 1980:00:00 00:00:00 |
ZipCRC: | 0x61ec113f |
ZipCompressedSize: | 168384 |
ZipUncompressedSize: | 236894 |
ZipFileName: | 808adea1830cfdd095f76b336b5211573c6f12053aecfeffe2e3bdc197fb5cb8 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
516 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\sup69.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 |
(PID) Process: | (516) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtBMP |
Value: | |||
(PID) Process: | (516) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface\Themes |
Operation: | write | Name: | ShellExtIcon |
Value: | |||
(PID) Process: | (516) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\12B\52C64B7E |
Operation: | write | Name: | LanguageList |
Value: en-US | |||
(PID) Process: | (516) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\AppData\Local\Temp\sup69.zip | |||
(PID) Process: | (516) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | name |
Value: 120 | |||
(PID) Process: | (516) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | size |
Value: 80 | |||
(PID) Process: | (516) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | type |
Value: 120 | |||
(PID) Process: | (516) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
Operation: | write | Name: | mtime |
Value: 100 | |||
(PID) Process: | (516) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\DialogEditHistory\ExtrPath |
Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop | |||
(PID) Process: | (516) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\Interface |
Operation: | write | Name: | ShowPassword |
Value: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
516 | WinRAR.exe | C:\Users\admin\Desktop\808adea1830cfdd095f76b336b5211573c6f12053aecfeffe2e3bdc197fb5cb8 | document | |
MD5:D9E35FF02B563F2027239794E6A89F74 | SHA256:808ADEA1830CFDD095F76B336B5211573C6F12053AECFEFFE2E3BDC197FB5CB8 |