File name: | llllllllll.doc |
Full analysis: | https://app.any.run/tasks/f36849b5-9e3c-44df-8923-5b4d3c016b52 |
Verdict: | Malicious activity |
Analysis date: | March 14, 2019, 10:39:38 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/msword |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Title: Italy - Vendor Master Form, Author: Grace Logan, Keywords: vendor master, form, italy, Template: Normal.dotm, Last Saved By: Vichi, Roberta, Revision Number: 3, Name of Creating Application: Microsoft Office Word, Total Editing Time: 02:00, Last Printed: Wed May 12 13:49:00 2010, Create Time/Date: Tue Feb 19 18:21:00 2019, Last Saved Time/Date: Wed Mar 13 10:19:00 2019, Number of Pages: 2, Number of Words: 641, Number of Characters: 3654, Security: 0 |
MD5: | 4CCD5BF5F8D54F16078149A603F09BBB |
SHA1: | CCC3321EEC4CB34BFE3FEB2F2D8A138716AE594A |
SHA256: | 1B05E8CC4DD6723FFF1B96A04CD71A44BB48369EDD77B0963C213B5DAA2CFAE5 |
SSDEEP: | 1536:fxKZlSDwyVF/DK87xO2P6xMZ7kG/tFKp1kzuDC3lj8yjz1di1dX1dKJq:fxKZ9MK87xO2P6e8c |
.doc | | | Microsoft Word document (54.2) |
---|---|---|
.doc | | | Microsoft Word document (old ver.) (32.2) |
CompObjUserType: | Microsoft Word 97-2003 Document |
---|---|
CompObjUserTypeLen: | 32 |
ContentType: | Document |
Country: | Italy |
Order: | 7200 |
Tag_NewReviewCycle: | - |
Hyperlinks: |
|
CodePage: | Windows Latin 1 (Western European) |
HeadingPairs: |
|
TitleOfParts: | Italy - Vendor Master Form |
HyperlinksChanged: | No |
SharedDoc: | No |
LinksUpToDate: | No |
ScaleCrop: | No |
AppVersion: | 16 |
CharCountWithSpaces: | 4287 |
Paragraphs: | 8 |
Lines: | 30 |
Company: | Bristol Myers Squibb Co. |
Security: | None |
Characters: | 3654 |
Words: | 641 |
Pages: | 2 |
ModifyDate: | 2019:03:13 10:19:00 |
CreateDate: | 2019:02:19 18:21:00 |
LastPrinted: | 2010:05:12 12:49:00 |
TotalEditTime: | 2.0 minutes |
Software: | Microsoft Office Word |
RevisionNumber: | 3 |
LastModifiedBy: | Vichi, Roberta |
Template: | Normal.dotm |
Keywords: | vendor master, form, italy |
Author: | Grace Logan |
Subject: | - |
Title: | Italy - Vendor Master Form |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3516 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\llllllllll.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
2984 | "C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" -c IPM.Note /m "mailto:[email protected]" | C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE | WINWORD.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Exit code: 0 Version: 14.0.6025.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3516 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRDDBF.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2984 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVR920B.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3516 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\72998D00.wmf | wmf | |
MD5:4EDE612D0B87D9CC6B52D01300520066 | SHA256:98E83426A18FB26BDC50E26F6D37CCF6980085F3E60A4FA729EA6B37F8F68463 | |||
3516 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\59C1283B.wmf | wmf | |
MD5:D3473952F6B1F2DC8A5CE6ED495AAAB6 | SHA256:6B96E01C5BF384AA456153CB894C85941FC081F64EB2338DEFF75BEFEBF59D3A | |||
3516 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\Word8.0\MSForms.exd | tlb | |
MD5:CBAFE0E5D16E0B914885F8B422788E45 | SHA256:0476C92838D9D8EF303AD7B3212D994E6509DD61C12E8E18914B6D76AA9CA947 | |||
3516 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\3637E4A2.wmf | wmf | |
MD5:EB5BB83414612AFC77485A2B8D8B2B5B | SHA256:2AF1E2F7E1C0A0688FBDC394A315667EFD1BD368F1B6AF4DB5F94542890E789E | |||
3516 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\294BDA7F.wmf | wmf | |
MD5:9F3DF660180CCC36019D33030F045B02 | SHA256:DAE16B51742E57025F2647E48EE644D515AF79B5D52006335AF580B1E71B2C50 | |||
2984 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{2E041BFC-8265-4CC6-A762-D9897E466F3A}.tmp | — | |
MD5:— | SHA256:— | |||
3516 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\CBA72F6.wmf | wmf | |
MD5:40B6D1EC4A7705AF396215B49ECC9034 | SHA256:7FCDB2249C4C8A5DA2CA266F873EB218A15B64C3CAA83270A6143857B22EAFE6 | |||
3516 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A84FB274.wmf | wmf | |
MD5:6A0A9EF9A942A9DE75AFD7DE91C8930E | SHA256:8118376B09E65576E1D8E11F11D9C2AB75A48DD6C931DF303FB1C57C5EE8468E |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2984 | OUTLOOK.EXE | GET | — | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | — | — | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2984 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |