File name: | contract.doc |
Full analysis: | https://app.any.run/tasks/4627e4f0-1779-4bbe-82c6-f84404d21f67 |
Verdict: | Malicious activity |
Analysis date: | November 08, 2019, 12:41:21 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/msword |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: nRDOuPL, Subject: PbmbDeE, Author: ttSvkth, Template: Normal, Last Saved By: J, Revision Number: 2, Name of Creating Application: Microsoft Office Word, Create Time/Date: Fri Nov 8 11:46:00 2019, Last Saved Time/Date: Fri Nov 8 11:46:00 2019, Number of Pages: 1, Number of Words: 6, Number of Characters: 37, Security: 0 |
MD5: | 97FCBD21803E98AA48CE4675CF37EAB8 |
SHA1: | B991A2EE721075F03E634803318DE59C0C7A8B66 |
SHA256: | 3EAC791138339A1B0E1052A5ADFA2DE12AE3DF38431C10D59C3740ECBCA3B3F5 |
SSDEEP: | 12288:kRQ6X9GDapmG7H+9vo4karcaXv2CAwz0NASBY196ID+9b5O:kRQ6tld/4kc/vAi0NASi65DO |
.doc | | | Microsoft Word document (54.2) |
---|---|---|
.doc | | | Microsoft Word document (old ver.) (32.2) |
Title: | nRDOuPL |
---|---|
Subject: | PbmbDeE |
Author: | ttSvkth |
Keywords: | - |
Comments: | - |
Template: | Normal |
LastModifiedBy: | J |
RevisionNumber: | 2 |
Software: | Microsoft Office Word |
TotalEditTime: | - |
CreateDate: | 2019:11:08 11:46:00 |
ModifyDate: | 2019:11:08 11:46:00 |
Pages: | 1 |
Words: | 6 |
Characters: | 37 |
Security: | None |
Company: | - |
Bytes: | 35418 |
Lines: | 1 |
Paragraphs: | 1 |
CharCountWithSpaces: | 42 |
AppVersion: | 16 |
ScaleCrop: | No |
LinksUpToDate: | No |
SharedDoc: | No |
HyperlinksChanged: | No |
TitleOfParts: | - |
HeadingPairs: |
|
CodePage: | Windows Latin 1 (Western European) |
HIhyglW: | YN?Q;ecD9]i8-~YsMqN_e@QmQ#O |
CompObjUserTypeLen: | 32 |
CompObjUserType: | Microsoft Word 97-2003 Document |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2168 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\contract.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2168 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRA8FC.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2168 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~WRD0000.tmp | — | |
MD5:— | SHA256:— | |||
2168 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$demem.docx.zip | — | |
MD5:— | SHA256:— | |||
2168 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~WRD0001.tmp | — | |
MD5:— | SHA256:— | |||
2168 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\videmem.docx | document | |
MD5:31D6B03EC4E97274FADFE04F007F3DB6 | SHA256:740AFC5C071620A22C5DAB1124F66BFC670F316B466C9DEC2302ABB892F57AF3 | |||
2168 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd | tlb | |
MD5:EAB20D9B97221C722F59F14850DD5568 | SHA256:8F99F69B795BC79DCBF5B1A6948A8731ED3F66BD78D2227965484328E290F503 | |||
2168 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$idemem.docx | pgc | |
MD5:61FC321BC0E647D391D9B79D25299709 | SHA256:91B8B24E788502D9B17E41D8C7E0A15758C452582B0AC17109254158AF921DAC | |||
2168 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\videmem.docx.zip | document | |
MD5:063FD1C662974E4F3AADC2D06594D25B | SHA256:E9C8AA681FE92B246A19354105BBABA632C63AB49F4C168FA14AFFC333C31624 | |||
2168 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$ntract.doc | pgc | |
MD5:BA5FE88837755285192FFFCB034E8219 | SHA256:458D7EE11BE5173E02C6632D8F4298BAA77DA6D39057F9334E101F63DF7E8C0A | |||
2168 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4BEAA7F0.emf | emf | |
MD5:FB3981532125928BB4E7E59661FB0744 | SHA256:7B2D4BC5CE523C483E756AC65AAD9678CC1FCB6D183EBA4A9977EEE320ADD207 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2168 | WINWORD.EXE | 195.123.246.12:443 | microsoft-hub-us.com | — | UA | unknown |
Domain | IP | Reputation |
---|---|---|
microsoft-hub-us.com |
| unknown |