File name: | 43eecf22e8f914d44df3da16c23dcc2e076a8753.zip |
Full analysis: | https://app.any.run/tasks/4278aa9d-527d-41ca-a5c0-1b5cce046e79 |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 12:04:37 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | A8E41B10354D07800FA16FFB8247D4AA |
SHA1: | 4CF5BBB099F33F30A5A95520B3184E3C9D9870A5 |
SHA256: | F8BD28F38B64BD952D05F83069328FD7F38E7DA2B4E59F787CE27DB467D180B3 |
SSDEEP: | 192:tU+GRY6E1fjWDOvZ/FQfTS1/CCVGDhwUJm7Yhbe0EKtXvWIg2bkALm/6ceEbbsX2:RL6sfjN/wTSdVGDhrJmSb7pWnRh/UEUm |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | sample/ |
---|---|
ZipUncompressedSize: | - |
ZipCompressedSize: | - |
ZipCRC: | 0x00000000 |
ZipModifyDate: | 2022:06:01 17:02:16 |
ZipCompression: | None |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1000 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\43eecf22e8f914d44df3da16c23dcc2e076a8753.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | Explorer.EXE |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
3476 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\sample\sample.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3476 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRDBB1.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3476 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD | binary | |
MD5:4FEF4BE38B5DE9E284D3AF7690F8C998 | SHA256:7E0F9D0F27EFB4A9F871758EFF77387157AB2EE983A2E9F0CE767B4C88C633B1 | |||
3476 | WINWORD.EXE | C:\Users\admin\Desktop\sample\~$sample.doc | pgc | |
MD5:831261F3D1561D70DC212D18098540B4 | SHA256:6E17C9CC1F48B642C0555E19CA32D20DC04339753653E51D431A6DEADA2D28B5 | |||
3476 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:3265101EDECCA53C96C57D1AADEF0028 | SHA256:8FDE1E2A85B3D192629CA73344F457ABD34847480503169C662F6A2693877AAC | |||
3476 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{BB198DFD-932C-4996-8B76-F08C4E5B41C9} | binary | |
MD5:92E8347389A35EB761124426D645E125 | SHA256:EA32DF7E9B1B4C8A8B094A018E30890CB8DAA1B78E31E4FB6BEEE0223B0473EB | |||
3476 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{99D53EAA-AECD-4AEF-9CA7-90CD9F53A508} | binary | |
MD5:4FEF4BE38B5DE9E284D3AF7690F8C998 | SHA256:7E0F9D0F27EFB4A9F871758EFF77387157AB2EE983A2E9F0CE767B4C88C633B1 | |||
3476 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{075EE302-1D29-46E3-ADF9-1907A5E04E31}.FSD | binary | |
MD5:063A88E97540C4363A90FFA62C77A695 | SHA256:FA4A4780BEABBF6B3AE0AD453C6478DEBCC526164E8D76B3D1AEEA30E825E841 | |||
3476 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD | binary | |
MD5:92E8347389A35EB761124426D645E125 | SHA256:EA32DF7E9B1B4C8A8B094A018E30890CB8DAA1B78E31E4FB6BEEE0223B0473EB | |||
3476 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\sample.doc.LNK | lnk | |
MD5:FD5AC2CF81346854AF9167102DBCDB70 | SHA256:5FF8833650169425064974B84720C303887F4DFAC3B4BD6FC5C1984F24D2265C | |||
3476 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF | binary | |
MD5:D471A0BB5F0B8A9AC834E0172491B7F9 | SHA256:418B6AE0A39787583DCD77DA0ED040F8C3DDA03410E71D04C235EE6E736F298F |
Domain | IP | Reputation |
---|---|---|
www.xmlformats.com |
| malicious |