File name: | PhfOidr4RZS5Dil3TVZ1_Documents_Pyament.doc |
Full analysis: | https://app.any.run/tasks/4690c074-5379-4690-ba9d-b5d2d6b3ee84 |
Verdict: | Malicious activity |
Analysis date: | November 30, 2020, 03:43:35 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/msword |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: Windows User, Template: Normal, Last Saved By: [email protected], Revision Number: 6, Name of Creating Application: Microsoft Office Word, Total Editing Time: 02:00, Create Time/Date: Fri Feb 28 03:49:00 2020, Last Saved Time/Date: Fri Nov 27 17:37:00 2020, Number of Pages: 1, Number of Words: 3, Number of Characters: 18, Security: 0 |
MD5: | 44478B1455526CB5DF17C3821E5BDBE7 |
SHA1: | 834E0A5DF8357DB3C1958D15F461878337E27828 |
SHA256: | 42186A0DEC773C2E918B53A1FEF4C500713C6E95B2CC1342B77F3656BBE21BA6 |
SSDEEP: | 24576:v/1JiitSQ7STXy/8Vef+qN56cOgK9x6wYFIXf8XGd0NZP9HHsuMQh:vNJiitDoXj0f+E56Lgcx6wYFIXf8XGdg |
.doc | | | Microsoft Word document (54.2) |
---|---|---|
.doc | | | Microsoft Word document (old ver.) (32.2) |
CompObjUserType: | Microsoft Word 97-2003 Document |
---|---|
CompObjUserTypeLen: | 32 |
HeadingPairs: |
|
TitleOfParts: | - |
HyperlinksChanged: | No |
SharedDoc: | No |
LinksUpToDate: | No |
ScaleCrop: | No |
AppVersion: | 16 |
CharCountWithSpaces: | 20 |
Paragraphs: | 1 |
Lines: | 1 |
Company: | - |
CodePage: | Windows Latin 1 (Western European) |
Security: | None |
Characters: | 18 |
Words: | 3 |
Pages: | 1 |
ModifyDate: | 2020:11:27 17:37:00 |
CreateDate: | 2020:02:28 03:49:00 |
TotalEditTime: | 2.0 minutes |
Software: | Microsoft Office Word |
RevisionNumber: | 6 |
LastModifiedBy: | [email protected] |
Template: | Normal |
Keywords: | - |
Author: | Windows User |
Subject: | - |
Title: | - |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2248 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\PhfOidr4RZS5Dil3TVZ1_Documents_Pyament.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
868 | "C:\Users\admin\AppData\Local\Temp\Documents_payments.exe" | C:\Users\admin\AppData\Local\Temp\Documents_payments.exe | — | WINWORD.EXE |
User: admin Integrity Level: MEDIUM Description: Exit code: 0 Version: 0.0.0.0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2248 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR8276.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2248 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\111F65ED.emf | emf | |
MD5:B3C7F0AC4F30CEE345176726BE7BCFC9 | SHA256:643E3F79BCFB5275A3962B05556D3A11004D966D753806AFDD98D87CCD43B6A9 | |||
2248 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$fOidr4RZS5Dil3TVZ1_Documents_Pyament.doc | pgc | |
MD5:0405DE911597DCEF3017F2D867458055 | SHA256:A9FA8FF7E96D704700DA9A8C8F35E5B0F96EAC296462785DDCD5DDEDBCF8A56E | |||
2248 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:786E61290E32E28F687AD6B9BF14F4CF | SHA256:B1D4DB77829095C2AED27E974923787827D2117F4399982963D7452AFA9E99E2 | |||
2248 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\Documents_payments.exe | executable | |
MD5:8AF606E68D329690D7FE0DDE19910899 | SHA256:79BA8554F79BDBC40C1C24DF6A4339BEB900B3B80E202E8FE4B2708D0DD7731E |