File name: | Rechnungsbeilage_2019_10.doc |
Full analysis: | https://app.any.run/tasks/e01d09e6-2dd1-44de-9b45-f0dfb3839924 |
Verdict: | Malicious activity |
Threats: | Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns. |
Analysis date: | October 14, 2019, 11:56:12 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | application/msword |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: Licensed, Subject: Sleek, Author: Alivia Heaney, Keywords: Generic Concrete Gloves, Comments: Legacy, Template: Normal.dotm, Last Saved By: Sharon Kulas, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Mon Oct 14 09:04:00 2019, Last Saved Time/Date: Mon Oct 14 09:04:00 2019, Number of Pages: 1, Number of Words: 30, Number of Characters: 171, Security: 0 |
MD5: | BF6386482CFDA4C2CF49A9977AD4DE8E |
SHA1: | 96E23E01340130A30B26D2D02D62543672B1CD1D |
SHA256: | 263DD7396F687A1E78663B389367D98D48C7C996B3364C7F9A9989057DEC8765 |
SSDEEP: | 1536:1aHde0oPOXrkKPubsYwKjtrzu5rGImRoHynvwMMITLxQOXxrt:1aHde0oWQKgdzSrGtKyIwLx3B |
.doc | | | Microsoft Word document (54.2) |
---|---|---|
.doc | | | Microsoft Word document (old ver.) (32.2) |
Title: | Licensed |
---|---|
Subject: | Sleek |
Author: | Alivia Heaney |
Keywords: | Generic Concrete Gloves |
Comments: | Legacy |
Template: | Normal.dotm |
LastModifiedBy: | Sharon Kulas |
RevisionNumber: | 1 |
Software: | Microsoft Office Word |
TotalEditTime: | - |
CreateDate: | 2019:10:14 08:04:00 |
ModifyDate: | 2019:10:14 08:04:00 |
Pages: | 1 |
Words: | 30 |
Characters: | 171 |
Security: | None |
CodePage: | Windows Latin 1 (Western European) |
Company: | Baumbach, Beahan and Robel |
Lines: | 1 |
Paragraphs: | 1 |
CharCountWithSpaces: | 200 |
AppVersion: | 16 |
ScaleCrop: | No |
LinksUpToDate: | No |
SharedDoc: | No |
HyperlinksChanged: | No |
TitleOfParts: | - |
HeadingPairs: |
|
Manager: | Flatley |
CompObjUserTypeLen: | 32 |
CompObjUserType: | Microsoft Word 97-2003 Document |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
1972 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\Rechnungsbeilage_2019_10.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
1972 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRB7C1.tmp.cvr | — | |
MD5:— | SHA256:— | |||
1972 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\Word8.0\MSForms.exd | tlb | |
MD5:E69B8219B423DB5BF7647CBF266275BE | SHA256:DCF58A310CC9B61D7F21D7AAC3231401A8A22632F636E230D0FDDED045E35246 | |||
1972 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\88C95A6E.wmf | wmf | |
MD5:09569ED461D0399D6E6A9492F9D4E1C1 | SHA256:B62E72F098F67D81B0ABD0EB9049B52F52160EAC6C799077B226B5CA30C52C98 | |||
1972 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\5395A0AC.wmf | wmf | |
MD5:FD1F2F63D8ADDD069B3A0EAD251A6749 | SHA256:6F0EEA29C90B27CBC6FC53AE1C69944A6DDA05828ABDC818CBEC18BF259189AF | |||
1972 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:71834CB5A40FD067717E5E242FCFDDE2 | SHA256:053F9EECE736E49AA9E3C99DB635C70D83D2B9311D2D3CA8D612695DCF73376C | |||
1972 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8D3E479A.wmf | wmf | |
MD5:6091278508C837CCB13B729D8C7519E8 | SHA256:DC887D565160CE96D00AE41F750FFCF3E2FC434E4AE07D7D4C89F94A68ABB723 | |||
1972 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$chnungsbeilage_2019_10.doc | pgc | |
MD5:2E0992ECAFC8D7CD5A9A73AB18D92740 | SHA256:7128BE539BB0D27F46AC8F9221B80C1922D24C435F11F6E4DB8C24870A9132A5 | |||
1972 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FF6B97.wmf | wmf | |
MD5:CE43F1FAC623BBC22C924624C31BF65B | SHA256:244A3D4B24DDA0A0FAEC64647C2197C7384FA976E4BD883BF50A993D8E94E8FE | |||
1972 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8D69B0BD.wmf | wmf | |
MD5:3D85CB8DB19F871BFAB7D2E13347CBB7 | SHA256:E757A558435B96E8A65C4299276A3EB8CF323152BA1DA6A2A9B836CDE01218DE | |||
1972 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\633087CF.wmf | wmf | |
MD5:A5057546ED3841DA9BAB661FFFC3209A | SHA256:2C3F21BE976CF7F2C5C8DFE099A4A0AFD8D1D4104B217D786A8BCB8D3E56363E |