File name: | sample.doc |
Full analysis: | https://app.any.run/tasks/14695d1f-59b5-43aa-9115-483fdbcf3207 |
Verdict: | Malicious activity |
Analysis date: | August 12, 2022, 14:41:37 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | application/octet-stream |
File info: | Microsoft OOXML |
MD5: | 52945AF1DEF85B171870B31FA4782E52 |
SHA1: | 06727FFDA60359236A8029E0B3E8A0FD11C23313 |
SHA256: | 4A24048F81AFBE9FB62E7A6A49ADBD1FAF41F266B5F9FEECDCEB567AEC096784 |
SSDEEP: | 192:AEhM7fIUU09264wptGheab8h7Z/c+8poF1d3jvvtl59rGxjPQDasYBcG7h+:AqWfIz092hwLGAabkcfa7pr1lzyxjPQ9 |
.docx | | | Word Microsoft Office Open XML Format document (52.2) |
---|---|---|
.zip | | | Open Packaging Conventions container (38.8) |
.zip | | | ZIP compressed archive (8.8) |
Description: | - |
---|---|
Creator: | KIS2 |
Subject: | - |
Title: | - |
ModifyDate: | 2022:05:25 13:14:00Z |
---|---|
CreateDate: | 2022:05:25 13:14:00Z |
RevisionNumber: | 3 |
LastModifiedBy: | KIS2 |
Keywords: | - |
AppVersion: | 16 |
HyperlinksChanged: | No |
SharedDoc: | No |
CharactersWithSpaces: | - |
LinksUpToDate: | No |
Company: | - |
ScaleCrop: | No |
Paragraphs: | - |
Lines: | - |
DocSecurity: | None |
Application: | Microsoft Office Word |
Characters: | - |
Words: | - |
Pages: | 1 |
TotalEditTime: | - |
Template: | Normal |
ZipFileName: | [Content_Types].xml |
---|---|
ZipUncompressedSize: | 1312 |
ZipCompressedSize: | 340 |
ZipCRC: | 0x6cd2a4df |
ZipModifyDate: | 2022:05:26 23:08:07 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
676 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\sample.doc.docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
676 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR9DF6.tmp.cvr | — | |
MD5:— | SHA256:— | |||
676 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{701C606C-4AE1-434A-B4A1-DD7C62415848} | binary | |
MD5:FA289FA4EAD750ED191BB930C76D30E7 | SHA256:F32CE47ABD915393D1E8958E6010D21846EF777365E86FA4A276BA3236FE0DDC | |||
676 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{66FDCD4C-7A1A-4539-BE58-93E9D810C213} | binary | |
MD5:20CBD76BA848AD720B3568345E587C4F | SHA256:8038E8D2059937C6BC84E11EAF4EECF0B2139D6A664A4FD0F81FE25281C27B95 | |||
676 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{B4598F21-F9D6-4D80-BA9F-78B0E5D8C417}.FSD | binary | |
MD5:3C5DE79F0C1F9F7586D1E9CAAA4386FE | SHA256:5B43E26E7D05F2380919D519081B58636F33AD5327DF2519CD4C15D186CC5055 | |||
676 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{304763E7-B63C-4891-88D8-5B472785EB6A}.FSD | binary | |
MD5:86D68A671E626CF980EF8165223456B7 | SHA256:B95C14AC64B3347648F20019420FD7D18E2441BAE0335BCD3BF9B108481CA985 | |||
676 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF | binary | |
MD5:D471A0BB5F0B8A9AC834E0172491B7F9 | SHA256:418B6AE0A39787583DCD77DA0ED040F8C3DDA03410E71D04C235EE6E736F298F | |||
676 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:D2232D7D7255D896578588604E19A8B0 | SHA256:8CFA012DDD8EC220855639B9F805DFF8774ABB4B3C2C0D321A2CD0D8B946691D | |||
676 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$mple.doc.docx | pgc | |
MD5:3B70ACA689D5106164E224A48764B26B | SHA256:EB9978B3E976B69B5DC2C5B79A2F3AF56E00A686FE5DD1C6304F2298BE50C8E6 | |||
676 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD | binary | |
MD5:20CBD76BA848AD720B3568345E587C4F | SHA256:8038E8D2059937C6BC84E11EAF4EECF0B2139D6A664A4FD0F81FE25281C27B95 | |||
676 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD | binary | |
MD5:FA289FA4EAD750ED191BB930C76D30E7 | SHA256:F32CE47ABD915393D1E8958E6010D21846EF777365E86FA4A276BA3236FE0DDC |
Domain | IP | Reputation |
---|---|---|
www.xmlformats.com |
| malicious |