File name: | sample.doc |
Full analysis: | https://app.any.run/tasks/501d0ab3-7d7c-43f4-9b2e-7718a7322838 |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 09:45:54 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | application/octet-stream |
File info: | Microsoft OOXML |
MD5: | 52945AF1DEF85B171870B31FA4782E52 |
SHA1: | 06727FFDA60359236A8029E0B3E8A0FD11C23313 |
SHA256: | 4A24048F81AFBE9FB62E7A6A49ADBD1FAF41F266B5F9FEECDCEB567AEC096784 |
SSDEEP: | 192:AEhM7fIUU09264wptGheab8h7Z/c+8poF1d3jvvtl59rGxjPQDasYBcG7h+:AqWfIz092hwLGAabkcfa7pr1lzyxjPQ9 |
.docx | | | Word Microsoft Office Open XML Format document (52.2) |
---|---|---|
.zip | | | Open Packaging Conventions container (38.8) |
.zip | | | ZIP compressed archive (8.8) |
Description: | - |
---|---|
Creator: | KIS2 |
Subject: | - |
Title: | - |
ModifyDate: | 2022:05:25 13:14:00Z |
---|---|
CreateDate: | 2022:05:25 13:14:00Z |
RevisionNumber: | 3 |
LastModifiedBy: | KIS2 |
Keywords: | - |
AppVersion: | 16 |
HyperlinksChanged: | No |
SharedDoc: | No |
CharactersWithSpaces: | - |
LinksUpToDate: | No |
Company: | - |
ScaleCrop: | No |
Paragraphs: | - |
Lines: | - |
DocSecurity: | None |
Application: | Microsoft Office Word |
Characters: | - |
Words: | - |
Pages: | 1 |
TotalEditTime: | - |
Template: | Normal |
ZipFileName: | [Content_Types].xml |
---|---|
ZipUncompressedSize: | 1312 |
ZipCompressedSize: | 340 |
ZipCRC: | 0x6cd2a4df |
ZipModifyDate: | 2022:05:26 23:08:07 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2840 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\sample.doc.docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2840 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR46FE.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2840 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{54996778-E1E1-4926-B85D-02109E4D477D}.FSD | binary | |
MD5:932876CB7F78769E9D05F5F2B7EFB292 | SHA256:8AF5D5F8A52176A9165F63973B2CD0F755EBEC63F525C4D91A1D3F3FD335AB95 | |||
2840 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{BB981D84-7C4B-489D-821A-D3C0983301C2} | binary | |
MD5:67BE64C37CF6D4E48F72BE916A0BFCB3 | SHA256:E5F79C3BC11535662095F1D8ECBD2BEE1E7366995A2B9F9598496C550C7FF015 | |||
2840 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{07FF3A0D-9BE4-44B0-9F83-A1F7026F3750} | binary | |
MD5:C6FD1258C253005A51F786B81B39E4A2 | SHA256:6F00C2A9EBFF4C3C162BC4463505EDE8B4C6C441F5ABC981120EF2C8FBBFB389 | |||
2840 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{B629558E-4592-4DF8-85BA-D34EA3947EFF}.FSD | binary | |
MD5:F835EB0F97963629C6CB474336F39561 | SHA256:A48A319A89CFEA80C31F485D1383982ED1EBADAFC723C842B45A97AA4DBE3460 | |||
2840 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD | binary | |
MD5:67BE64C37CF6D4E48F72BE916A0BFCB3 | SHA256:E5F79C3BC11535662095F1D8ECBD2BEE1E7366995A2B9F9598496C550C7FF015 | |||
2840 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:BA7A8C3F66A2A0E2319C31AEEC3955D0 | SHA256:0EC6232CC2BED849997473CE4BE0A30665F3A4D606250DB1E1CF8E309559005C | |||
2840 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$mple.doc.docx | pgc | |
MD5:21AA390E7BBE1479E6B53F9BA8138FC9 | SHA256:9A85A0B2DB203F3976BAB3F8353ECF90BD6147C0D3DF1C32265C59F87092B532 | |||
2840 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD | binary | |
MD5:C6FD1258C253005A51F786B81B39E4A2 | SHA256:6F00C2A9EBFF4C3C162BC4463505EDE8B4C6C441F5ABC981120EF2C8FBBFB389 | |||
2840 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF | binary | |
MD5:D471A0BB5F0B8A9AC834E0172491B7F9 | SHA256:418B6AE0A39787583DCD77DA0ED040F8C3DDA03410E71D04C235EE6E736F298F |
Domain | IP | Reputation |
---|---|---|
www.xmlformats.com |
| malicious |