File name: | MN2340327214YM.doc |
Full analysis: | https://app.any.run/tasks/fa834a6d-5ad2-4747-b3ca-48d978fa20e1 |
Verdict: | Malicious activity |
Threats: | Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns. |
Analysis date: | September 30, 2020, 08:38:19 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | application/msword |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.2, Code page: 1252, Title: Est., Author: La Dupuy, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Thu Sep 24 06:47:00 2020, Last Saved Time/Date: Thu Sep 24 06:48:00 2020, Number of Pages: 1, Number of Words: 2590, Number of Characters: 14766, Security: 8 |
MD5: | 34A13E8D64A36628924C6360230B6EA4 |
SHA1: | E2CF68A933FF7B602B808F516F0C3E1209A65461 |
SHA256: | 2B222CEAE619089E74BFA571FFC54F1238D90CE27803EE3027E26134E7A657AF |
SSDEEP: | 1536:hAkT3yRFGEv0QtKPaOtMPAquK1gLadmpsHkkyeY+tB445TEgrO3jSWAg83tle1ZU:022TWTogk079THcpOu5UZ+REu9 |
.doc | | | Microsoft Word document (54.2) |
---|---|---|
.doc | | | Microsoft Word document (old ver.) (32.2) |
CompObjUserType: | Microsoft Word 97-2003 Document |
---|---|
CompObjUserTypeLen: | 32 |
LocaleIndicator: | 1033 |
CodePage: | Unicode UTF-16, little endian |
HeadingPairs: |
|
TitleOfParts: | - |
HyperlinksChanged: | No |
SharedDoc: | No |
LinksUpToDate: | No |
ScaleCrop: | No |
AppVersion: | 15 |
CharCountWithSpaces: | 17322 |
Paragraphs: | 34 |
Lines: | 123 |
Company: | - |
Security: | Locked for annotations |
Characters: | 14766 |
Words: | 2590 |
Pages: | 1 |
ModifyDate: | 2020:09:24 05:48:00 |
CreateDate: | 2020:09:24 05:47:00 |
TotalEditTime: | - |
Software: | Microsoft Office Word |
RevisionNumber: | 1 |
LastModifiedBy: | - |
Template: | Normal.dotm |
Comments: | - |
Keywords: | - |
Author: | Léa Dupuy |
Subject: | - |
Title: | Est. |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2232 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\MN2340327214YM.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2232 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRBFE6.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2232 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:E7CF7C7D76EB8601C18DE984E4219EA9 | SHA256:8AE03A59DE4E64FF9104761BB71D595044097E560A73B67C07E4ED4986162AB8 | |||
2232 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$2340327214YM.doc | pgc | |
MD5:C7C0ABAF1C64958585A77EBB976A7623 | SHA256:103AD90A805B6A6B7CA4DA21DA19DC76C02144FBEEC2AE8F13D6C3E7E7E7ABF4 |