File name: | 43eecf22e8f914d44df3da16c23dcc2e076a8753.zip |
Full analysis: | https://app.any.run/tasks/c01ce828-e738-4df2-a3cb-05dd11f2f8a6 |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 12:06:20 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | A8E41B10354D07800FA16FFB8247D4AA |
SHA1: | 4CF5BBB099F33F30A5A95520B3184E3C9D9870A5 |
SHA256: | F8BD28F38B64BD952D05F83069328FD7F38E7DA2B4E59F787CE27DB467D180B3 |
SSDEEP: | 192:tU+GRY6E1fjWDOvZ/FQfTS1/CCVGDhwUJm7Yhbe0EKtXvWIg2bkALm/6ceEbbsX2:RL6sfjN/wTSdVGDhrJmSb7pWnRh/UEUm |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | sample/ |
---|---|
ZipUncompressedSize: | - |
ZipCompressedSize: | - |
ZipCRC: | 0x00000000 |
ZipModifyDate: | 2022:06:01 17:02:16 |
ZipCompression: | None |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1780 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\43eecf22e8f914d44df3da16c23dcc2e076a8753.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | Explorer.EXE |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
2620 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\sample\sample.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Exit code: 0 Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2620 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR7C75.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2620 | WINWORD.EXE | C:\Users\admin\Desktop\sample\~$sample.doc | pgc | |
MD5:29A5C637AB16B5734A448B432D61146E | SHA256:40D7CBF013ED500F950876E55A81C92D09A40B79D9731EA45C57220DCAC99A7C | |||
2620 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{1E4E1D5E-A8AE-4729-8156-03B1586F6EDF}.FSD | binary | |
MD5:70F2832DAACE62537C9E1D7F50EF9DD3 | SHA256:C8F9180EC4A71696C69FCDD7065B56787DDF5C1868C9635ABA17A7C7C154E989 | |||
2620 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{B6BCD6CE-3A8F-4959-90AB-686126EF6C34} | binary | |
MD5:7A55C9681881EA53F38C5BA382EE563D | SHA256:925BFBF636C8AB8A71AF89CE215EEBDB6D5448AF12F52D31E85DE7F8F4579A2C | |||
2620 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD | binary | |
MD5:5BD315B8E3CF8674591F74BB4DBE74EA | SHA256:0B0C6CAF596E1E56131F8EE31E3EA6A1DE228149CE1847D828BE823040DB5E1D | |||
2620 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD | binary | |
MD5:7A55C9681881EA53F38C5BA382EE563D | SHA256:925BFBF636C8AB8A71AF89CE215EEBDB6D5448AF12F52D31E85DE7F8F4579A2C | |||
2620 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\sample.doc.LNK | lnk | |
MD5:2DD9D232E056F016725D36615BD593A6 | SHA256:7A14E91D521B69C52EFC60E4D3866914ADC87AB112CA31148DC6A6FAEB27C568 | |||
2620 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{CABD2624-2E51-4FFE-9F97-B684BE41AAB6}.tmp | binary | |
MD5:83A424211F23A02CA34FCAD63935DFFE | SHA256:CEC15B365A4792BDA93231E57EE3C0870B725411CA1F93A653E68A666A2503A1 | |||
2620 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:94D091BC9E83C8BE6F404EB0AE06CBDC | SHA256:AB236D7BE09C858BD98A6A9727B50CE03402679B6C30F6C9168EFAAFD55A184D | |||
2620 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{0E9594CE-29C3-4F8F-A424-0CB4A9FD5AF3} | binary | |
MD5:5BD315B8E3CF8674591F74BB4DBE74EA | SHA256:0B0C6CAF596E1E56131F8EE31E3EA6A1DE228149CE1847D828BE823040DB5E1D |
Domain | IP | Reputation |
---|---|---|
www.xmlformats.com |
| malicious |