File name: | BLACKBAND_DESIGN.zip |
Full analysis: | https://app.any.run/tasks/e51da624-9715-43c2-b6cd-8a575dfdb99f |
Verdict: | Malicious activity |
Analysis date: | May 30, 2020, 13:04:57 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 10C64CE83F42CEBD4D65DE8B67F1C307 |
SHA1: | 5ADD6AA30BD6C5B2785B170B135DD3A548D76F49 |
SHA256: | E9EF6EFB211529D11D1CF02FF293DD5C2047B58DC48157129A8E3A14CEEA8D56 |
SSDEEP: | 1536:JcYTFSpBzpcDBOhnRbPUgMHIJWaWu1SKZreP/iHt:JcYp4VZPnY7LuMX/K |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | legislate.05.20.doc |
---|---|
ZipUncompressedSize: | 75399 |
ZipCompressedSize: | 63717 |
ZipCRC: | 0x953c69fd |
ZipModifyDate: | 2020:05:27 02:13:26 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0009 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
812 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\BLACKBAND_DESIGN.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
2764 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\Rar$DIb812.25109\legislate.05.20.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | WinRAR.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
840 | Regsvr32 c:\programdata\60556589.dat | C:\Windows\system32\Regsvr32.exe | — | WINWORD.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft(C) Register Server Exit code: 3 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2764 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRB9AA.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2764 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:2DB0F9D3E9E00B41673EB3CE5AE887D6 | SHA256:9273D6A67D49290AF02E2F5C0FEE8FB2B2919C0BB7B1AC14A765AC7FD979BDFD | |||
812 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DIb812.25109\legislate.05.20.doc | document | |
MD5:3196D7CADF32762A129993AD6EFFE898 | SHA256:D5B377692A10355944E8E77BF1A2EBA829498BE1D154E32AFFE989D880713FAE | |||
2764 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\Rar$DIb812.25109\~$gislate.05.20.doc | pgc | |
MD5:1BF7B5EFA2974A1E2F744ADFB72FAA1B | SHA256:4FCB05D101A8B81ACC374D3EB0F67400E2743E20B57820B3F4F069DCF46E020E |
Domain | IP | Reputation |
---|---|---|
nrs2wjke0t2vz9.com |
| malicious |