File name: | Italiano_bat.zip |
Full analysis: | https://app.any.run/tasks/644445fe-e1c8-480e-9004-09b4e218d272 |
Verdict: | Malicious activity |
Analysis date: | May 15, 2019, 07:48:30 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 64 bit) |
Tags: | |
Indicators: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | D705FD9F8A005183B0DB5F30FDAA82A8 |
SHA1: | FC8E96D8C4ADFED051C0694A514A8D674BABD6CA |
SHA256: | FD1F9FE5C53D54CB7FBC79182B7313BFE7EA633265283E410BDE34B117591585 |
SSDEEP: | 768:d+QWf7GzA2bzBjvVF6wi7xyK8z60qhiVKsL3t1i5loj9DNniaD/EQLMTIzKwNu1O:dI7G/bVuURIiRztgloj9UaDNMTIzGO |
.zip | | | ZIP compressed archive (100) |
---|
ZipFileName: | 2019_EmailCliente_0000096799_Allegato1_20190515021748.xls |
---|---|
ZipUncompressedSize: | 75776 |
ZipCompressedSize: | 49389 |
ZipCRC: | 0xc29137d5 |
ZipModifyDate: | 2019:05:15 09:43:20 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1376 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\Italiano_bat.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2252 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\Desktop\Italiano_bat.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
2672 | "C:\Program Files\WinRAR\WinRAR.exe" x -iext -ow -ver -- "C:\Users\admin\Desktop\Italiano_bat.zip" C:\Users\admin\Desktop\ | C:\Program Files\WinRAR\WinRAR.exe | — | explorer.exe |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.60.0 | ||||
1416 | "C:\Program Files\Microsoft Office\Office14\EXCEL.EXE" /dde | C:\Program Files\Microsoft Office\Office14\EXCEL.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Excel Exit code: 0 Version: 14.0.4756.1000 | ||||
2036 | C:\Windows\system32\cmd.exe /c ""C:\Users\admin\Desktop\italiano.bat" " | C:\Windows\system32\cmd.exe | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1724 | tzutil /s "W. Europe Standard Time" | C:\Windows\system32\tzutil.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Time Zone Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2504 | certutil /decode "C:\Users\admin\AppData\Local\Temp\b64" "C:\Users\admin\AppData\Local\Temp\decoded" | C:\Windows\system32\certutil.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: CertUtil.exe Exit code: 0 Version: 6.1.7601.18151 (win7sp1_gdr.130512-1533) | ||||
2652 | regedit.exe /s "C:\Users\admin\AppData\Local\Temp\decoded" | C:\Windows\regedit.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Registry Editor Exit code: 3221226540 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
2392 | "C:\Windows\regedit.exe" /s "C:\Users\admin\AppData\Local\Temp\decoded" | C:\Windows\regedit.exe | — | cmd.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Registry Editor Exit code: 3221226540 Version: 6.1.7600.16385 (win7_rtm.090713-1255) | ||||
3052 | "C:\Windows\regedit.exe" /s "C:\Users\admin\AppData\Local\Temp\decoded" | C:\Windows\regedit.exe | cmd.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Registry Editor Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
1416 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVR2C4D.tmp.cvr | — | |
MD5:— | SHA256:— | |||
1416 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF7A1E8030FAA5A274.TMP | — | |
MD5:— | SHA256:— | |||
1416 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DFBD8854A566EE3765.TMP | — | |
MD5:— | SHA256:— | |||
1128 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVRC79.tmp.cvr | — | |
MD5:— | SHA256:— | |||
1128 | EXCEL.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Office\Recent\2019_EmailCliente_0000096799_Allegato1_20190515021748.LNK | — | |
MD5:— | SHA256:— | |||
2872 | powERSHELl.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\VYJO8H6HWUM7SJGKKBL2.temp | — | |
MD5:— | SHA256:— | |||
1128 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF506FF7A77F7471E5.TMP | — | |
MD5:— | SHA256:— | |||
1128 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\~DF38E013BB22FA3398.TMP | — | |
MD5:— | SHA256:— | |||
2084 | EXCEL.EXE | C:\Users\admin\AppData\Local\Temp\CVR9BF9.tmp.cvr | — | |
MD5:— | SHA256:— | |||
616 | powERSHELl.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\R8HZ77R66NL0N4KT4NUH.temp | — | |
MD5:— | SHA256:— |
Domain | IP | Reputation |
---|---|---|
teredo.ipv6.microsoft.com |
| whitelisted |