analyze malware
  • Huge database of samples and IOCs
  • Custom VM setup
  • Unlimited submissions
  • Interactive approach
Sign up, it’s free
File name:

diagnostic.doc

Full analysis: https://app.any.run/tasks/bbb3380e-2b28-4ef2-b305-81e49d0281a0
Verdict: Malicious activity
Analysis date: October 05, 2022, 06:34:11
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
cve-2022-30190
MIME: application/zip
File info: Zip archive data, at least v2.0 to extract
MD5:

3C6776501623B6E65D5CA17176DBF885

SHA1:

543293994A840462DEDF2546033E86109C9C4F4F

SHA256:

006F00C56808BF9A459BF2CAD6B74F057E827C69366B6772CE1890FF561BA7B1

SSDEEP:

192:QEhMM7Z/c+8poF1d3jvvtlm9264wpBXGheyb8khNrGxjPowLfIUUC3euI:QqZcfa7pr1lm92hwfGAyb1fyxjPowLfm

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • CVE-2022-30190 detected

      • WINWORD.EXE (PID: 2840)

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.docx | Word Microsoft Office Open XML Format document (52.2)
.zip | Open Packaging Conventions container (38.8)
.zip | ZIP compressed archive (8.8)
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winword.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
2840"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\diagnostic.doc.docx"C:\Program Files\Microsoft Office\Office14\WINWORD.EXEExplorer.EXE
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Microsoft Word
Version:
14.0.6024.1000
Total events
3 666
Read events
2 967
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
8
Text files
0
Unknown types
2

Dropped files

PID
Process
Filename
Type
2840WINWORD.EXEC:\Users\admin\AppData\Local\Temp\CVR9607.tmp.cvr
MD5:
SHA256:
2840WINWORD.EXEC:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotmpgc
MD5:D2232D7D7255D896578588604E19A8B0
SHA256:8CFA012DDD8EC220855639B9F805DFF8774ABB4B3C2C0D321A2CD0D8B946691D
2840WINWORD.EXEC:\Users\admin\AppData\Local\Temp\{8E6A58AC-9A7B-4C91-A163-F049E8314D41}binary
MD5:4299FE46481DB12E47D5B29AB6EAC2A1
SHA256:68C0FB01EB8E215ECCDC06E9CE7B64525361C3A7E01BC75C0B531EC1A3C66A36
2840WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSDbinary
MD5:4299FE46481DB12E47D5B29AB6EAC2A1
SHA256:68C0FB01EB8E215ECCDC06E9CE7B64525361C3A7E01BC75C0B531EC1A3C66A36
2840WINWORD.EXEC:\Users\admin\AppData\Local\Temp\{EA50412A-EDEF-43B9-B945-912D61B48561}binary
MD5:FCA04DD2FD533694B2FAB32F0A1C257A
SHA256:B2738672252C1B5778071102584E3E111B9E9BF62565AE7CC9A0C11FAC6A4A80
2840WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{17BF12B2-82F5-472F-877D-1931C6D03513}.FSDbinary
MD5:748B9C376EA781F9CC7619DAC75E62CF
SHA256:D1DF1EFED373E7E575456AD50950FCEC3A62F8CC62C7AD0F443FF4CC90D8D476
2840WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSDbinary
MD5:FCA04DD2FD533694B2FAB32F0A1C257A
SHA256:B2738672252C1B5778071102584E3E111B9E9BF62565AE7CC9A0C11FAC6A4A80
2840WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{6C1A706D-6863-4FDC-8F6B-2D3292E2AF3A}.FSDbinary
MD5:DEB17E13613DA156938EFA160ABA0F24
SHA256:E6BA26F20E41B2348C58CC0F21D553F54421CC900B950A1164ABC9D6B2DF808D
2840WINWORD.EXEC:\Users\admin\AppData\Local\Temp\~$agnostic.doc.docxpgc
MD5:33E332CB87AAD676099F9561EE415E6A
SHA256:021CF701AE45388C91C4E05623F8B4BADC3E3769299EB1E725FFAEBAC5334559
2840WINWORD.EXEC:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSFbinary
MD5:D471A0BB5F0B8A9AC834E0172491B7F9
SHA256:418B6AE0A39787583DCD77DA0ED040F8C3DDA03410E71D04C235EE6E736F298F
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

Domain
IP
Reputation
diagnostic.htb
malicious

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2024 ANY.RUN LLC. ALL RIGHTS RESERVED
ANY.RUN
Reports
diagnostic.doc