File name: | OLE.docx |
Full analysis: | https://app.any.run/tasks/db46d830-1b13-4ce7-8414-64526cb0ef46 |
Verdict: | Malicious activity |
Analysis date: | July 11, 2019, 13:00:45 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File info: | Microsoft Word 2007+ |
MD5: | 5790E2D6B74F68F02B6282147F06EA5B |
SHA1: | B55F3738F3D43DFFC7160A9502C79D3912A39502 |
SHA256: | 29C7AF1089F5D1C9D7AC3CDA1EF45673807D7795802E0A45310C78C28B612472 |
SSDEEP: | 6144:GZ+jkV8fbJ5i0WePgx1GIAQqS19SUWssyBVry5nV7tF:GZ9gbJge2GDS1vW9yBVryNF |
.docx | | | Word Microsoft Office Open XML Format document (52.2) |
---|---|---|
.zip | | | Open Packaging Conventions container (38.8) |
.zip | | | ZIP compressed archive (8.8) |
AppVersion: | 15 |
---|---|
HyperlinksChanged: | No |
SharedDoc: | No |
CharactersWithSpaces: | 20 |
LinksUpToDate: | No |
Company: | - |
ScaleCrop: | No |
Paragraphs: | 1 |
Lines: | 1 |
DocSecurity: | None |
Application: | Microsoft Office Word |
Characters: | 18 |
Words: | 3 |
Pages: | 1 |
TotalEditTime: | 2 minutes |
Template: | Normal |
ModifyDate: | 2019:07:10 09:28:00Z |
CreateDate: | 2019:07:10 09:26:00Z |
RevisionNumber: | 3 |
LastModifiedBy: | Opal |
Keywords: | - |
Description: | - |
---|---|
Creator: | Opal |
Subject: | - |
Title: | - |
ZipFileName: | [Content_Types].xml |
---|---|
ZipUncompressedSize: | 1460 |
ZipCompressedSize: | 373 |
ZipCRC: | 0x24886c04 |
ZipModifyDate: | 1980:01:01 00:00:00 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0006 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3328 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\OLE.docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
872 | "C:\Users\admin\AppData\Local\Temp\investment proposal (2).scr" /S | C:\Users\admin\AppData\Local\Temp\investment proposal (2).scr | WINWORD.EXE | |
User: admin Company: G&G Software Integrity Level: MEDIUM Description: Controversy Bilingual Forks Councils Stocks Version: 6.3.2.4 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3328 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR6B32.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3328 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$OLE.docx | pgc | |
MD5:B68CA6A336CD8DF5F6D9BCC9B275A596 | SHA256:1DDAFEB6F100BB3000176EA806E1307622749D8E8753B9102E6CDCEEF26FF6E8 | |||
3328 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:5FEB07E3A262A925150E11542B57885E | SHA256:5EE878A6F80803BD9F14CC878656A4F27E47550BE4D47120A81C476B67C311FD | |||
3328 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\investment proposal (2).scr | executable | |
MD5:33E14179BC13A5AEAD84E7351C806E87 | SHA256:D97264C62FED820A59F52D3F451A60961399D11DAC54622B5EEF6F72DD12C66B | |||
3328 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8C4BE25D.emf | emf | |
MD5:0703026B83B08048C0652ADCF478E70B | SHA256:5688A413FBB9DC0C5D449049827E71079E2B638C08DFD6D04BFFC47D2BABA1C6 | |||
872 | investment proposal (2).scr | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGRR2OYX\ggkcowbacuayicoog[1].txt | html | |
MD5:E6B47C20212ED830766B93BFE45B2359 | SHA256:CDAFD300AE8A3AE552E7BDD29BE346F031C91E40D25CF5EF397AA6B4FCC59E8D | |||
872 | investment proposal (2).scr | C:\Users\admin\AppData\Local\Temp\¢Ï | wmf | |
MD5:FF848E8240B1764C1D0D782A3AFF3C61 | SHA256:1A5B30FFE6C7ED3E73D981BC48D34770B48E95F1005504835CF4E07AB8F05270 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
872 | investment proposal (2).scr | 185.243.114.220:443 | securegrandix.com | — | — | suspicious |
Domain | IP | Reputation |
---|---|---|
securegrandix.com |
| suspicious |