File name: | Archivo 11-10-2019_45668.doc |
Full analysis: | https://app.any.run/tasks/3b3bbf9d-cf0f-495a-8069-f4bf267f9eca |
Verdict: | Malicious activity |
Threats: | Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns. |
Analysis date: | October 14, 2019, 18:30:10 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | application/msword |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: Unbranded Wooden Computer, Subject: global, Author: Kathryne Botsford, Keywords: Course, Comments: Keys, Template: Normal.dotm, Last Saved By: Catharine Orn, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Fri Oct 11 18:55:00 2019, Last Saved Time/Date: Fri Oct 11 18:55:00 2019, Number of Pages: 1, Number of Words: 29, Number of Characters: 169, Security: 0 |
MD5: | 82E276457634360C2DBC022417DD71D6 |
SHA1: | 6F9B8B23662DD6A973B4BDDC4FA1EBA3707231A7 |
SHA256: | 0AC1A4F74045E372703561B65A5425890AE0C5431F8087D88D9DC7F6B5CEF284 |
SSDEEP: | 1536:0rkKPubsYwKjtrzu5rG5mRoHynvwMMITLxQOhxrtmxu:NKgdzSrGgKyIwLx3/Uxu |
.doc | | | Microsoft Word document (54.2) |
---|---|---|
.doc | | | Microsoft Word document (old ver.) (32.2) |
Title: | Unbranded Wooden Computer |
---|---|
Subject: | global |
Author: | Kathryne Botsford |
Keywords: | Course |
Comments: | Keys |
Template: | Normal.dotm |
LastModifiedBy: | Catharine Orn |
RevisionNumber: | 1 |
Software: | Microsoft Office Word |
TotalEditTime: | - |
CreateDate: | 2019:10:11 17:55:00 |
ModifyDate: | 2019:10:11 17:55:00 |
Pages: | 1 |
Words: | 29 |
Characters: | 169 |
Security: | None |
CompObjUserTypeLen: | 32 |
CompObjUserType: | Microsoft Word 97-2003 Document |
CodePage: | Windows Latin 1 (Western European) |
Company: | Howell and Sons |
Lines: | 1 |
Paragraphs: | 1 |
CharCountWithSpaces: | 197 |
AppVersion: | 16 |
ScaleCrop: | No |
LinksUpToDate: | No |
SharedDoc: | No |
HyperlinksChanged: | No |
TitleOfParts: | - |
HeadingPairs: |
|
Manager: | Williamson |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2576 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\Archivo 11-10-2019_45668.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2576 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRBBC9.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2576 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6B12CBB1.wmf | wmf | |
MD5:2A8DF098A1931EF16E81E095614C4F46 | SHA256:CBF7E04AEA538D363E56042CDEF25A90983BCCA054875C65CBCD78B4CEC6B042 | |||
2576 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1818F4E4.wmf | wmf | |
MD5:02F3DEAB89FDA884E3F836F28DA8D4C9 | SHA256:24768C3C4D9D0D5EE4CCF32568DD476E615C0F129D340E0627F9205CB882D9D6 | |||
2576 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\Word8.0\MSForms.exd | tlb | |
MD5:35FAC96A6BBA8F6D072879B30A84F856 | SHA256:1A80949FA57647432AC6D5CA4D3071923BBA32CE910A873C2BFD959D82DD2966 | |||
2576 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\B57B3E70.wmf | wmf | |
MD5:5708F31F25B50E377C258D50D711F4B7 | SHA256:389DC283AAA1BF151C19DAC9FA81EB62ACD110B4A521F54F1FD19BB7E89C1653 | |||
2576 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C86D336B.wmf | wmf | |
MD5:F9B15AAA8E51B17D00EB446BCA9E27C4 | SHA256:DB5BA9EDECFC0CF11D96FCA017428D36D54E1A385756B05EEEA3E8AA8EB2988A | |||
2576 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\151B4795.wmf | wmf | |
MD5:3867174190726A46149F31DECA62E45A | SHA256:30746DDACE419DC7D86F647A6555DBC551BA80AB5775E72AC8BB6EAD9FF6DB4F | |||
2576 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:45822EE62FC571A3151895E367644231 | SHA256:EB3C643FA978D554A4FC475FB2EC2D439467CBEED53546B5218462C2B3EC2CB5 | |||
2576 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$chivo 11-10-2019_45668.doc | pgc | |
MD5:EE8D7DAB291B2492910DD67AA85E3806 | SHA256:F49210310D20286CA943698D138BA5ECBB7044566D4BEF0B46C0ECDAC325D822 | |||
2576 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A0027AAF.wmf | wmf | |
MD5:36BFCE5127479BB39BEAB17C4D2998CA | SHA256:D592C48FBD5022E1B493EEF849EE5B6669B4221B822F97A137CF9F7C073DB538 |