URL: | http://templatehaven.com/wp-content/uploads/2016/11/Project-Change-Request-Form.docx |
Full analysis: | https://app.any.run/tasks/0a47c265-7d35-4b33-a8f5-071903ee7fed |
Verdict: | Malicious activity |
Analysis date: | March 14, 2019, 12:40:39 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MD5: | 7F46736E423BEA1F1290E0054EFF8AD6 |
SHA1: | 73DDB38C279F33F42627D78E82F76251A43E8663 |
SHA256: | 3A2733905E649B6C8EDB3705C397B97EEF517758369C666BC34A928E27E6825A |
SSDEEP: | 3:N1KKAdm/iVOlAQyXAULjE2AwNKK:CKGVOlAZQ243K |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2984 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3264 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2984 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2832 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" -Embedding | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | svchost.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
3252 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Embedding | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | WINWORD.EXE |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2984 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
2984 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2832 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR1905.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2832 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{3DBC3796-B4DF-4F05-82E4-604535C0C67F} | — | |
MD5:— | SHA256:— | |||
2832 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{FD3C6ABA-3A62-4321-90F2-2D09981A4727} | — | |
MD5:— | SHA256:— | |||
3252 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\OICE_B61129E4-ECA3-49D8-86B0-98C3DB2BD6EC.0\mso8E35.tmp | — | |
MD5:— | SHA256:— | |||
2832 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{069AA029-82DD-4E4A-A634-6EA7CAE78C94}.FSD | binary | |
MD5:2FBFB4D5F01CCD330D0300FEEA4E580C | SHA256:93D8F22B32585D9CDDEEA34340410CA2AB5477EA9F1CDA3A54A4C9C1970C1AC7 | |||
2832 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD | binary | |
MD5:D4089BFC1AD0215F067AE994235C94FC | SHA256:179C4EAB23B4A13DE53A9980C85C07F6AC66C715D10F21C6073638AF061469E8 | |||
2984 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFA0CACD741E91CBD0.TMP | — | |
MD5:— | SHA256:— | |||
2984 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF4407BB41DA89A476.TMP | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2832 | WINWORD.EXE | OPTIONS | 200 | 104.156.53.145:80 | http://templatehaven.com/wp-content/uploads/2016/11/ | US | — | — | unknown |
2832 | WINWORD.EXE | HEAD | 200 | 104.156.53.145:80 | http://templatehaven.com/wp-content/uploads/2016/11/Project-Change-Request-Form.docx | US | — | — | unknown |
976 | svchost.exe | PROPFIND | 301 | 104.156.53.145:80 | http://templatehaven.com/wp-content/uploads/2016/11 | US | html | 260 b | unknown |
976 | svchost.exe | PROPFIND | — | 104.156.53.145:80 | http://templatehaven.com/ | US | — | — | unknown |
976 | svchost.exe | PROPFIND | — | 104.156.53.145:80 | http://templatehaven.com/ | US | — | — | unknown |
976 | svchost.exe | PROPFIND | 301 | 104.156.53.145:80 | http://templatehaven.com/wp-content/uploads/2016 | US | html | 257 b | unknown |
976 | svchost.exe | PROPFIND | 301 | 104.156.53.145:80 | http://templatehaven.com/wp-content/uploads/2016/ | US | html | 257 b | unknown |
2984 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
976 | svchost.exe | PROPFIND | 301 | 104.156.53.145:80 | http://templatehaven.com/wp-content/uploads/ | US | html | 252 b | unknown |
3264 | iexplore.exe | GET | 200 | 104.156.53.145:80 | http://templatehaven.com/wp-content/uploads/2016/11/Project-Change-Request-Form.docx | US | document | 16.3 Kb | unknown |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2984 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
3264 | iexplore.exe | 104.156.53.145:80 | templatehaven.com | HIVELOCITY VENTURES CORP | US | unknown |
2832 | WINWORD.EXE | 104.156.53.145:80 | templatehaven.com | HIVELOCITY VENTURES CORP | US | unknown |
976 | svchost.exe | 104.156.53.145:80 | templatehaven.com | HIVELOCITY VENTURES CORP | US | unknown |
Domain | IP | Reputation |
---|---|---|
www.bing.com |
| whitelisted |
templatehaven.com |
| unknown |