File name: | contract.doc |
Full analysis: | https://app.any.run/tasks/5bd9c431-6b2c-4224-96ff-d24445596dfd |
Verdict: | Malicious activity |
Analysis date: | November 08, 2019, 15:05:35 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/msword |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: IWUQl, Subject: gGNYFTR, Author: wTcKVPU, Template: Normal, Last Saved By: J, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Fri Nov 8 11:46:00 2019, Last Saved Time/Date: Fri Nov 8 11:46:00 2019, Number of Pages: 1, Number of Words: 6, Number of Characters: 37, Security: 0 |
MD5: | 47B3585D5B7465B451D04AFC8AE241B9 |
SHA1: | E171EB73986B98350215AB43B6FBEC1CE984A8A6 |
SHA256: | 2FA134336458C86C41DA48106693CF8460FBE47321CDCA10FDB0884309DB79EA |
SSDEEP: | 12288:ZRQ6X9GDapm47H+9vo4karcaXv2CAwz0NASBY196ID+9rtQ:ZRQ6tlr/4kc/vAi0NASi65BS |
.doc | | | Microsoft Word document (54.2) |
---|---|---|
.doc | | | Microsoft Word document (old ver.) (32.2) |
CompObjUserType: | Microsoft Word 97-2003 Document |
---|---|
CompObjUserTypeLen: | 32 |
VpuYWBwOpv: | fvU7I&b)t7e@P8|_c-A|uP |
TgCXdVR: | Q)98uJqT7L],Kf/-.CNp;4&*HEp0 |
NdQvu: | D)&bwQ]5dv$sjI! |
TcvoCqLTOa: | c,f&C%sgoG/{RK~_/r |
BhrouMg: | EaH^7Sx0x?~R4:A |
YYxCPuw: | oyEsh|XLp#05a9Lk(/2 |
KfawYF: | &IsHP719 |
GvkzAvd: | ^zvAx].t@,/#bmL@,~a4K2b|iqiE&X |
LNadKFiV: | z=KgHm2s2SM |
AnbsuzhPRp: | ):3.5+/s0u&5T/;G~2F^I%d)3JV |
CodePage: | Windows Latin 1 (Western European) |
HeadingPairs: |
|
TitleOfParts: | - |
HyperlinksChanged: | No |
SharedDoc: | No |
LinksUpToDate: | No |
ScaleCrop: | No |
AppVersion: | 16 |
CharCountWithSpaces: | 42 |
Paragraphs: | 1 |
Lines: | 1 |
Bytes: | 34759 |
Company: | - |
Security: | None |
Characters: | 37 |
Words: | 6 |
Pages: | 1 |
ModifyDate: | 2019:11:08 11:46:00 |
CreateDate: | 2019:11:08 11:46:00 |
TotalEditTime: | - |
Software: | Microsoft Office Word |
RevisionNumber: | 2 |
LastModifiedBy: | J |
Template: | Normal |
Comments: | - |
Keywords: | - |
Author: | wTcKVPU |
Subject: | gGNYFTR |
Title: | IWUQl |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2200 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\contract.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2200 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRA802.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2200 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~WRD0000.tmp | — | |
MD5:— | SHA256:— | |||
2200 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$demem.docx.zip | — | |
MD5:— | SHA256:— | |||
2200 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~WRD0001.tmp | — | |
MD5:— | SHA256:— | |||
2200 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$ntract.doc | pgc | |
MD5:DDDAD01179C52A2C15C3A3ABDA602F69 | SHA256:BFE0E6616E18F2B85E1CBF764084DC0924E6AC0A00DEA7BD420B67E7B5AC7F45 | |||
2200 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\videmem.docx | document | |
MD5:D22FB34197DCD74952825271CB772A3A | SHA256:9DD8E1D389D0C2770F0F15342BEB4A2D12D90E5EA10FC03D48B13D3DC21A72DC | |||
2200 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd | tlb | |
MD5:BEDDCE21A81E4AE9AD6A5066C407B9EA | SHA256:0E6A5B1A458E1F18A9D6658BCB575AFB7FBEE1C896678806B839926B13A46188 | |||
2200 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\oleObject1.bin | binary | |
MD5:D146162D6096A48C2A4EACE2ABD8697A | SHA256:138E2370CDCEAF9CF06A7F906A33831BB0C16523853864AF069FA473312D866B | |||
2200 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:C34C1DDD839C2A0232FC5E3F81A8AFDF | SHA256:9294C8C13A505FBABE20E846186AA03AD23D0A8728B641B98C23D2EBFCD8DC60 | |||
2200 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$idemem.docx | pgc | |
MD5:6EF02CCBDD080DDDB12F27DEB940950F | SHA256:F6666A382CDCF80880489741C7DDD92A434F3B6F11AE49657EC5E71AEA108C03 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2200 | WINWORD.EXE | 195.123.246.12:443 | microsoft-hub-us.com | — | UA | unknown |
Domain | IP | Reputation |
---|---|---|
microsoft-hub-us.com |
| unknown |
dns.msftncsi.com |
| shared |