File name: | sample_opi0921u41 .doc |
Full analysis: | https://app.any.run/tasks/347ff553-1058-4ff0-95a8-02778d78c818 |
Verdict: | Malicious activity |
Threats: | Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns. |
Analysis date: | February 22, 2020, 05:02:00 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | application/vnd.oasis.opendocument.text |
File info: | OpenDocument Text |
MD5: | 25A27A934E1A698F67A8FBA838DD8E88 |
SHA1: | 7885246E4E079854A2BA340C11CC2E0C811194F4 |
SHA256: | 13E9916FC67F3A7DC45B1955313B9C04C516E10E1071C45DCD3B2B167BF69254 |
SSDEEP: | 3072:Lu/GPBwXO52I2DsTUyEpf/Eg22wNGdAB3It8Klo:L7PBCHDYUFf/XyGd230o |
.odt | | | OpenDocument Text document (54.1) |
---|---|---|
.xmind | | | XMind Workbook (37.6) |
.zip | | | ZIP compressed archive (4.1) |
Document-statisticNon-whitespace-character-count: | - |
---|---|
Document-statisticCharacter-count: | - |
Document-statisticWord-count: | - |
Document-statisticParagraph-count: | - |
Document-statisticPage-count: | 1 |
Document-statisticObject-count: | 1 |
Document-statisticImage-count: | 1 |
Document-statisticTable-count: | - |
Generator: | LibreOffice/6.4.0.3$Windows_x86 LibreOffice_project/b0a288ab3d2d4774cb44b62f04d5d28733ac6df8 |
Editing-duration: | PT37M51S |
Editing-cycles: | 7 |
Date: | 2020:02:21 19:31:04.721000000 |
Creator: | uaodwihd oijdadj |
Language: | ja-JP |
Creation-date: | 2020:02:21 10:58:09 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2864 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\sample_opi0921u41 .doc.odt" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2864 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR6B55.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2864 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\msoAB0E.tmp | — | |
MD5:— | SHA256:— | |||
2864 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\82B09460.tmp | — | |
MD5:— | SHA256:— | |||
2864 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$mple_opi0921u41 .doc.odt | pgc | |
MD5:DFBAF713695431DD4C1DFA31E28A12A7 | SHA256:62D779A30C9734FB6EE7E2F3D7B2FF8366059CCF0762AD693B4633A78CB7E4E1 | |||
2864 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:79E75D269FD97A0359A2AF837AEEC711 | SHA256:9CA4EAC61FC0E6DD68AB52A31F9D9FE8FA40AEDBA7A9EA3CF20E3255CB54719D |