File name: | diagnostic.doc |
Full analysis: | https://app.any.run/tasks/bbb3380e-2b28-4ef2-b305-81e49d0281a0 |
Verdict: | Malicious activity |
Analysis date: | October 05, 2022, 06:34:11 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 3C6776501623B6E65D5CA17176DBF885 |
SHA1: | 543293994A840462DEDF2546033E86109C9C4F4F |
SHA256: | 006F00C56808BF9A459BF2CAD6B74F057E827C69366B6772CE1890FF561BA7B1 |
SSDEEP: | 192:QEhMM7Z/c+8poF1d3jvvtlm9264wpBXGheyb8khNrGxjPowLfIUUC3euI:QqZcfa7pr1lm92hwfGAyb1fyxjPowLfm |
.docx | | | Word Microsoft Office Open XML Format document (52.2) |
---|---|---|
.zip | | | Open Packaging Conventions container (38.8) |
.zip | | | ZIP compressed archive (8.8) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2840 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\diagnostic.doc.docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2840 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR9607.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2840 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:D2232D7D7255D896578588604E19A8B0 | SHA256:8CFA012DDD8EC220855639B9F805DFF8774ABB4B3C2C0D321A2CD0D8B946691D | |||
2840 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{8E6A58AC-9A7B-4C91-A163-F049E8314D41} | binary | |
MD5:4299FE46481DB12E47D5B29AB6EAC2A1 | SHA256:68C0FB01EB8E215ECCDC06E9CE7B64525361C3A7E01BC75C0B531EC1A3C66A36 | |||
2840 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD | binary | |
MD5:4299FE46481DB12E47D5B29AB6EAC2A1 | SHA256:68C0FB01EB8E215ECCDC06E9CE7B64525361C3A7E01BC75C0B531EC1A3C66A36 | |||
2840 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{EA50412A-EDEF-43B9-B945-912D61B48561} | binary | |
MD5:FCA04DD2FD533694B2FAB32F0A1C257A | SHA256:B2738672252C1B5778071102584E3E111B9E9BF62565AE7CC9A0C11FAC6A4A80 | |||
2840 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{17BF12B2-82F5-472F-877D-1931C6D03513}.FSD | binary | |
MD5:748B9C376EA781F9CC7619DAC75E62CF | SHA256:D1DF1EFED373E7E575456AD50950FCEC3A62F8CC62C7AD0F443FF4CC90D8D476 | |||
2840 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD | binary | |
MD5:FCA04DD2FD533694B2FAB32F0A1C257A | SHA256:B2738672252C1B5778071102584E3E111B9E9BF62565AE7CC9A0C11FAC6A4A80 | |||
2840 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{6C1A706D-6863-4FDC-8F6B-2D3292E2AF3A}.FSD | binary | |
MD5:DEB17E13613DA156938EFA160ABA0F24 | SHA256:E6BA26F20E41B2348C58CC0F21D553F54421CC900B950A1164ABC9D6B2DF808D | |||
2840 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$agnostic.doc.docx | pgc | |
MD5:33E332CB87AAD676099F9561EE415E6A | SHA256:021CF701AE45388C91C4E05623F8B4BADC3E3769299EB1E725FFAEBAC5334559 | |||
2840 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF | binary | |
MD5:D471A0BB5F0B8A9AC834E0172491B7F9 | SHA256:418B6AE0A39787583DCD77DA0ED040F8C3DDA03410E71D04C235EE6E736F298F |
Domain | IP | Reputation |
---|---|---|
diagnostic.htb |
| malicious |