File name: | 46efb964cf953047a83f433b53da18a0.docx |
Full analysis: | https://app.any.run/tasks/c0c8cfef-7315-4d53-8db6-4a61d595e6e2 |
Verdict: | Malicious activity |
Threats: | Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns. |
Analysis date: | March 31, 2020, 06:53:20 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File info: | Microsoft Word 2007+ |
MD5: | 46EFB964CF953047A83F433B53DA18A0 |
SHA1: | 578A6D1F9A8DFBD67C15650D07FE06BB2EEDA2BC |
SHA256: | 1F4EB8880563B6DD20F2C4CB0919A54FDA603EB3963C55A29816E2086EADF814 |
SSDEEP: | 3072:pVAHQqprDuG8xheY3P9jhytOxPaf5vEPWLNyEyuKmQSp3:7AHb5j6heA9ly8xPalLcEZdp3 |
.docx | | | Word Microsoft Office Open XML Format document (52.2) |
---|---|---|
.zip | | | Open Packaging Conventions container (38.8) |
.zip | | | ZIP compressed archive (8.8) |
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | 0x0006 |
ZipCompression: | Deflated |
ZipModifyDate: | 1980:01:01 00:00:00 |
ZipCRC: | 0x0c0cc35b |
ZipCompressedSize: | 400 |
ZipUncompressedSize: | 1505 |
ZipFileName: | [Content_Types].xml |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2896 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\46efb964cf953047a83f433b53da18a0.docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2896 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR6B16.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2896 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:699DFD2E4ADEB0969A70144F998F38EE | SHA256:62FE9E840F80E65B4F08F32D23CDD6DC9DD159E094B5217A89B59A303A0DB684 | |||
2896 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$efb964cf953047a83f433b53da18a0.docx | pgc | |
MD5:013F0DC59BAFABC3842ECA581CD77D14 | SHA256:44ECD8B0611005E887E7F4FBCBB6B36D9C144189F0A8830BD97D62F5AB468F98 |