File name: | DhlExpressPNN050595.doc |
Full analysis: | https://app.any.run/tasks/2ea71a21-8d43-49fb-afd7-957054e97875 |
Verdict: | Malicious activity |
Analysis date: | June 12, 2019, 03:43:49 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File info: | Microsoft Word 2007+ |
MD5: | C462D43753FD8C38513C80D73A230BC3 |
SHA1: | BC3965845249C6270E229D56AB1EA6AB05FD82FD |
SHA256: | 234BD6AB773A4CB52AB9175AD74DA4495F9C8A57C48706DA3A51FFC12652E09C |
SSDEEP: | 6144:G/PhPmeQB8Ua9Eh1Y4uhGdvB6GsFOCtuQDxqAZsD:k42KM4u8dvB6VOhQDIAZsD |
.docx | | | Word Microsoft Office Open XML Format document (52.2) |
---|---|---|
.zip | | | Open Packaging Conventions container (38.8) |
.zip | | | ZIP compressed archive (8.8) |
AppVersion: | 12 |
---|---|
HyperlinksChanged: | No |
SharedDoc: | No |
CharactersWithSpaces: | 19 |
LinksUpToDate: | No |
Company: | - |
ScaleCrop: | No |
Paragraphs: | 1 |
Lines: | 1 |
DocSecurity: | None |
Application: | Microsoft Office Word |
Characters: | 18 |
Words: | 2 |
Pages: | 1 |
TotalEditTime: | - |
Template: | Normal |
ModifyDate: | 2019:06:11 09:47:00Z |
CreateDate: | 2019:06:11 09:47:00Z |
RevisionNumber: | 3 |
LastModifiedBy: | HONGKONG |
Keywords: | - |
Description: | - |
---|---|
Creator: | HONGKONG |
Subject: | - |
Title: | - |
ZipFileName: | [Content_Types].xml |
---|---|
ZipUncompressedSize: | 1460 |
ZipCompressedSize: | 386 |
ZipCRC: | 0x7fcf3406 |
ZipModifyDate: | 1980:01:01 00:00:00 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0006 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3328 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\DhlExpressPNN050595.doc.docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
3864 | "C:\Users\admin\AppData\Local\Temp\Dhl-AwbNoice.exe" | C:\Users\admin\AppData\Local\Temp\Dhl-AwbNoice.exe | — | WINWORD.EXE |
User: admin Integrity Level: MEDIUM Description: Version: 0.0.0.0 | ||||
3264 | "C:\Windows\System32\cmd.exe" /C type nul > "C:\Users\admin\AppData\Local\Temp\Dhl-AwbNoice.exe:Zone.Identifier" | C:\Windows\System32\cmd.exe | — | Dhl-AwbNoice.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | ||||
1488 | "C:\Windows\System32\cmd.exe" /C type nul > "C:\Users\admin\AppData\Local\Temp\Dhl-AwbNoice.exe:Zone.Identifier" | C:\Windows\System32\cmd.exe | — | Dhl-AwbNoice.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) |
PID | Process | Filename | Type | |
---|---|---|---|---|
3328 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRF7EA.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3328 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:1DBF94C52019F3FA68C5F190CC8E718C | SHA256:D3BE336F578B31B1E3E6BD5ABD73B111AB652DB1A9E30959ED3E7F3480EC098E | |||
3328 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$lExpressPNN050595.doc.docx | pgc | |
MD5:3FB3736B3F1AF99890AF62D03916B7D3 | SHA256:DA04CD72A29CFDECB83805D63C9AE68F83E23A70032344F47E6AE37DB7A6047F | |||
3328 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\Dhl-AwbNoice.exe | executable | |
MD5:903662DF66B996F23FD17A3E6CBE0742 | SHA256:4BD92B0E70A9D11CF67FECD8F0D1483E90E0FFD2A50DF0CC959034E24E7936C5 | |||
3328 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7E23C0D4.emf | emf | |
MD5:69920311A5EC15E504E4277AC3255B54 | SHA256:71C573782DA4D9FAD1F364FBFE0C01FFDEF7280C8A893AB441E75901E0C6927D |