File name: | 17088739e1bbc696a82e6181c4938a68866646f0a89fe158b38b640592d28192.docm |
Full analysis: | https://app.any.run/tasks/33e6e409-4996-431c-a9ef-0fd103673db8 |
Verdict: | Malicious activity |
Analysis date: | May 24, 2019, 02:03:44 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File info: | Microsoft Word 2007+ |
MD5: | BE8376EE6047E851820B90B78FC2A11C |
SHA1: | 80DACA0222B631BC74D5F5BEE6B0A168FC2F4E35 |
SHA256: | 17088739E1BBC696A82E6181C4938A68866646F0A89FE158B38B640592D28192 |
SSDEEP: | 12288:qZYTdp53JgmplY01VYsfKalrlvzE9kq9pWdd8fv3AiVkIFWYn4ygQS316HXsI:BZp535plY04OrlpekusddWwiVkXYIRI |
.docm | | | Word Microsoft Office Open XML Format document (with Macro) (53.6) |
---|---|---|
.docx | | | Word Microsoft Office Open XML Format document (24.2) |
.zip | | | Open Packaging Conventions container (18) |
.zip | | | ZIP compressed archive (4.1) |
AppVersion: | 14 |
---|---|
HyperlinksChanged: | No |
SharedDoc: | No |
CharactersWithSpaces: | 2090 |
LinksUpToDate: | No |
Company: | FB Wirtschaftswissenschaften |
TitlesOfParts: |
|
HeadingPairs: |
|
ScaleCrop: | No |
Paragraphs: | 4 |
Lines: | 14 |
DocSecurity: | None |
Application: | Microsoft Office Word |
Characters: | 1782 |
Words: | 312 |
Pages: | 3 |
TotalEditTime: | - |
Template: | Normal.dotm |
ModifyDate: | 2016:09:13 16:58:00Z |
CreateDate: | 2016:09:13 16:58:00Z |
RevisionNumber: | 2 |
LastModifiedBy: | User |
Creator: | labwiwi3 |
---|---|
Title: | Anschreiben: Soll Atmosphäre schaffen |
ZipFileName: | [Content_Types].xml |
---|---|
ZipUncompressedSize: | 1747 |
ZipCompressedSize: | 464 |
ZipCRC: | 0xd8a131a1 |
ZipModifyDate: | 1980:01:01 00:00:00 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0006 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3288 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\17088739e1bbc696a82e6181c4938a68866646f0a89fe158b38b640592d28192.docm" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
3572 | "C:\Users\admin\AppData\Local\Temp\radDB228.exe" | C:\Users\admin\AppData\Local\Temp\radDB228.exe | — | WINWORD.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Machine Debug Manager Version: 7.10.3077 | ||||
3548 | "C:\Users\admin\AppData\Local\Temp\radDB228.exe" | C:\Users\admin\AppData\Local\Temp\radDB228.exe | radDB228.exe | |
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: Machine Debug Manager Version: 7.10.3077 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3288 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRFB74.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3288 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$088739e1bbc696a82e6181c4938a68866646f0a89fe158b38b640592d28192.docm | pgc | |
MD5:47B147571E8D012F5D0F5AC92564322B | SHA256:0AC78D79787F83D67C3A121F782D9ED95100E05295F301834AAA64B7DFF06040 | |||
3288 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:B4A3A7010D8FEA8F141CA79DBF1C0A7F | SHA256:1AE5A8F017BE4D661214AD5059D36CCC00CE7BC44428DA72655DCE7695B6AB06 | |||
3288 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\radDB228.exe | executable | |
MD5:E9D2E34AB54A1C6CDC3468DC94AC435C | SHA256:96A88732899213956D75F2831277DDDCD3AD2C827797B63CF64C726633FD8880 | |||
3288 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex | text | |
MD5:F3B25701FE362EC84616A93A45CE9998 | SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209 |