analyze malware
- Huge database of samples and IOCs
- Custom VM setup
- Unlimited submissions
- Interactive approach
| File name: | sample_opi0921u41 .doc |
| Full analysis: | https://app.any.run/tasks/347ff553-1058-4ff0-95a8-02778d78c818 |
| Verdict: | Malicious activity |
| Threats: | Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns. |
| Analysis date: | February 22, 2020, 05:02:00 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Tags: | |
| MIME: | application/vnd.oasis.opendocument.text |
| File info: | OpenDocument Text |
| MD5: | 25A27A934E1A698F67A8FBA838DD8E88 |
| SHA1: | 7885246E4E079854A2BA340C11CC2E0C811194F4 |
| SHA256: | 13E9916FC67F3A7DC45B1955313B9C04C516E10E1071C45DCD3B2B167BF69254 |
| SSDEEP: | 3072:Lu/GPBwXO52I2DsTUyEpf/Eg22wNGdAB3It8Klo:L7PBCHDYUFf/XyGd230o |
MALICIOUS
No malicious indicators.SUSPICIOUS
No suspicious indicators.INFO
Creates files in the user directory
- WINWORD.EXE (PID: 2864)
Reads Microsoft Office registry keys
- WINWORD.EXE (PID: 2864)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .odt | | | OpenDocument Text document (54.1) |
|---|---|---|
| .xmind | | | XMind Workbook (37.6) |
| .zip | | | ZIP compressed archive (4.1) |
EXIF
XMP
| Document-statisticNon-whitespace-character-count: | - |
|---|---|
| Document-statisticCharacter-count: | - |
| Document-statisticWord-count: | - |
| Document-statisticParagraph-count: | - |
| Document-statisticPage-count: | 1 |
| Document-statisticObject-count: | 1 |
| Document-statisticImage-count: | 1 |
| Document-statisticTable-count: | - |
| Generator: | LibreOffice/6.4.0.3$Windows_x86 LibreOffice_project/b0a288ab3d2d4774cb44b62f04d5d28733ac6df8 |
| Editing-duration: | PT37M51S |
| Editing-cycles: | 7 |
| Date: | 2020:02:21 19:31:04.721000000 |
| Creator: | uaodwihd oijdadj |
| Language: | ja-JP |
| Creation-date: | 2020:02:21 10:58:09 |
Total processes
35
Monitored processes
1
Malicious processes
0
Suspicious processes
0
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process |
|---|---|---|---|---|
| 2864 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\sample_opi0921u41 .doc.odt" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
Total events
2 051
Read events
964
Write events
0
Delete events
0
Modification events
Executable files
0
Suspicious files
0
Text files
0
Unknown types
2
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2864 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR6B55.tmp.cvr | — | |
MD5:— | SHA256:— | |||
| 2864 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\msoAB0E.tmp | — | |
MD5:— | SHA256:— | |||
| 2864 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\82B09460.tmp | — | |
MD5:— | SHA256:— | |||
| 2864 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$mple_opi0921u41 .doc.odt | pgc | |
MD5:DFBAF713695431DD4C1DFA31E28A12A7 | SHA256:62D779A30C9734FB6EE7E2F3D7B2FF8366059CCF0762AD693B4633A78CB7E4E1 | |||
| 2864 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:79E75D269FD97A0359A2AF837AEEC711 | SHA256:9CA4EAC61FC0E6DD68AB52A31F9D9FE8FA40AEDBA7A9EA3CF20E3255CB54719D | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report