File name: | FedEx-INVOICE.ace |
Full analysis: | https://app.any.run/tasks/09eec5c7-22f9-4516-95d7-48d46ae99d30 |
Verdict: | Malicious activity |
Threats: | LokiBot was developed in 2015 to steal information from a variety of applications. Despite the age, this malware is still rather popular among cybercriminals. |
Analysis date: | February 19, 2019, 08:51:31 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/octet-stream |
File info: | ACE archive data version 20, from Win/32, version 20 to extract, contains AV-String (unregistered), solid |
MD5: | 89788C9DD9CAACAE967FD33B5987FE0C |
SHA1: | BD01D3065810579E9B3DE6BDD57DF214A81357CE |
SHA256: | F27643722B82F342A543101182FFDE539103FC6905B347ADF9F9E48055C7CE1A |
SSDEEP: | 6144:k1wDQZ+gKIHRS/bFJtS5u8x05uz5Pu9sq5pMSMLO65cK:kCSsmOD05u8uoDqVnK |
.ace | | | ACE compressed archive (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3152 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\FedEx-INVOICE.ace" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Version: 5.60.0 | ||||
3536 | "C:\Users\admin\Desktop\favor.scr" /S | C:\Users\admin\Desktop\favor.scr | — | explorer.exe |
User: admin Integrity Level: MEDIUM Exit code: 0 | ||||
3060 | "C:\Users\admin\Desktop\favor.scr" /S | C:\Users\admin\Desktop\favor.scr | favor.scr | |
User: admin Integrity Level: MEDIUM |
PID | Process | Filename | Type | |
---|---|---|---|---|
3152 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3152.32859\favor.scr | — | |
MD5:— | SHA256:— | |||
3060 | favor.scr | C:\Users\admin\AppData\Roaming\F63AAA\A71D80.lck | — | |
MD5:— | SHA256:— | |||
3060 | favor.scr | C:\Users\admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-1302019708-1500728564-335382590-1000\0f5007522459c86e95ffcc62f32308f1_90059c37-1320-41a4-b58d-2b75a9850d2f | dbf | |
MD5:18B8CFC0185C50383AAC0A4F30A9DAC8 | SHA256:913E8CED6A447FE791954D382ABA52D490513C5D2F689B391866C7E561F89A03 | |||
3060 | favor.scr | C:\Users\admin\AppData\Roaming\F63AAA\A71D80.exe | executable | |
MD5:5FA45F24EBBC80DB951122B53336A246 | SHA256:D5B2E91B65A87B488541C62DC3121AA5E5D9338AAF9E6477B6EE95E91A25FAF0 |
Domain | IP | Reputation |
---|---|---|
cablevay.com |
| unknown |