File name: | follina.doc |
Full analysis: | https://app.any.run/tasks/8997eb34-d306-46e3-9b0e-57c4d9e6a546 |
Verdict: | Malicious activity |
Analysis date: | October 05, 2022, 02:03:05 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | application/zip |
File info: | Zip archive data, at least v2.0 to extract |
MD5: | 4FF290447C721AE4669381D4C8DDA506 |
SHA1: | 34F1E7B68451AA2D7A43C9E67C19BC99571C0D66 |
SHA256: | 469249D9C453A09A50D35CE3FF5250FF7EADA60CA60A5A8CB362BEAFB73D6763 |
SSDEEP: | 192:yEhMQf9UU17Z/c+8poF1d3jvvtll9264wpuGhejb8dmErGxjPISL:yqJf9zTcfa7pr1ll92hwUGAjbLEyxjP9 |
.docx | | | Word Microsoft Office Open XML Format document (52.2) |
---|---|---|
.zip | | | Open Packaging Conventions container (38.8) |
.zip | | | ZIP compressed archive (8.8) |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2208 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\follina.doc.docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2208 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRA0C5.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2208 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD | binary | |
MD5:2D6673A7B9A6177AA7890B7F7ED83DA2 | SHA256:E64E1FC3753D41773F9310C73981F6A0D31E78465A3615CE9A99431AE8529507 | |||
2208 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{0136A876-7177-47AE-BD62-FCBC87840DBA} | binary | |
MD5:2D6673A7B9A6177AA7890B7F7ED83DA2 | SHA256:E64E1FC3753D41773F9310C73981F6A0D31E78465A3615CE9A99431AE8529507 | |||
2208 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:A0B5E97A8348791BE43B140F2EBF046A | SHA256:EF222CF431DA7F3C34A50D8933114E27CF61A2D52FDAB59CC96EBFCDEF29EE1A | |||
2208 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{EF0F9BA4-751E-43FE-81A3-7AE1F82C5F2F}.FSD | binary | |
MD5:BBC34645A5862E95D18C0A401A57D64B | SHA256:49B9A9F04009F3E4396C8779C568B4C425043C0DB367AD305952000915E778EC | |||
2208 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD | binary | |
MD5:752049DEAE4D980C8487E2BC96EB180F | SHA256:AA17C6F143416BA1BF64F10F1764FE50EA4407199CE8F32F99F31FDC11AF1500 | |||
2208 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{912A7D2F-2FED-4F0A-A753-A9A496841040} | binary | |
MD5:752049DEAE4D980C8487E2BC96EB180F | SHA256:AA17C6F143416BA1BF64F10F1764FE50EA4407199CE8F32F99F31FDC11AF1500 | |||
2208 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{EF4DA704-0CEA-4F45-A6CC-4DE71A7BE646}.FSD | binary | |
MD5:FFA2F98D60B8FB4CF810412CC2D8CDB4 | SHA256:4F249DCB08396663639CC7FB00048C1650E5BC4A084E29EB89F1C3139F5389A1 | |||
2208 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF | binary | |
MD5:D471A0BB5F0B8A9AC834E0172491B7F9 | SHA256:418B6AE0A39787583DCD77DA0ED040F8C3DDA03410E71D04C235EE6E736F298F | |||
2208 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$llina.doc.docx | pgc | |
MD5:1A0DC2BDF7A582873AFB687471299172 | SHA256:7E149D0679A3B27E21899C6171034546C1B1C402DAA8AD565C3E5CE254EC886B |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
— | — | 192.168.100.140:65041 | — | — | — | malicious |
— | — | 192.168.100.140:64295 | — | — | — | malicious |
— | — | 192.168.100.140:64619 | — | — | — | malicious |
— | — | 192.168.100.140:49910 | — | — | — | malicious |
— | — | 192.168.100.140:65358 | — | — | — | malicious |
— | — | 192.168.100.140:49265 | — | — | — | malicious |
— | — | 192.168.100.140:49590 | — | — | — | malicious |
— | — | 192.168.100.140:50228 | — | — | — | malicious |