File name: | sample.doc |
Full analysis: | https://app.any.run/tasks/7a707ec3-8eee-45c0-b631-792852a7ff4d |
Verdict: | Malicious activity |
Analysis date: | June 27, 2022, 07:14:41 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | application/octet-stream |
File info: | Microsoft OOXML |
MD5: | 52945AF1DEF85B171870B31FA4782E52 |
SHA1: | 06727FFDA60359236A8029E0B3E8A0FD11C23313 |
SHA256: | 4A24048F81AFBE9FB62E7A6A49ADBD1FAF41F266B5F9FEECDCEB567AEC096784 |
SSDEEP: | 192:AEhM7fIUU09264wptGheab8h7Z/c+8poF1d3jvvtl59rGxjPQDasYBcG7h+:AqWfIz092hwLGAabkcfa7pr1lzyxjPQ9 |
.docx | | | Word Microsoft Office Open XML Format document (52.2) |
---|---|---|
.zip | | | Open Packaging Conventions container (38.8) |
.zip | | | ZIP compressed archive (8.8) |
Description: | - |
---|---|
Creator: | KIS2 |
Subject: | - |
Title: | - |
ModifyDate: | 2022:05:25 13:14:00Z |
---|---|
CreateDate: | 2022:05:25 13:14:00Z |
RevisionNumber: | 3 |
LastModifiedBy: | KIS2 |
Keywords: | - |
AppVersion: | 16 |
HyperlinksChanged: | No |
SharedDoc: | No |
CharactersWithSpaces: | - |
LinksUpToDate: | No |
Company: | - |
ScaleCrop: | No |
Paragraphs: | - |
Lines: | - |
DocSecurity: | None |
Application: | Microsoft Office Word |
Characters: | - |
Words: | - |
Pages: | 1 |
TotalEditTime: | - |
Template: | Normal |
ZipFileName: | [Content_Types].xml |
---|---|
ZipUncompressedSize: | 1312 |
ZipCompressedSize: | 340 |
ZipCRC: | 0x6cd2a4df |
ZipModifyDate: | 2022:05:26 23:08:07 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2844 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\sample.doc.docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Exit code: 0 Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2844 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR4D66.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2844 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:1B0D8D67E95E84A74C67B0697D01A1EF | SHA256:B8B36B65AFFE780FBEA4BAFE64CA6B27F36C74352223F014F310DBF8E3921629 | |||
2844 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD | binary | |
MD5:15B6809ADA8D4D15EC2DF02C4F4B5BAB | SHA256:50F26D0870E1F1CE5A4FDE6498D705A553EF6D8AE3217109780FBD55DDD8BB06 | |||
2844 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$mple.doc.docx | pgc | |
MD5:96B714BA12251A1050D1D2CC7DFBF55D | SHA256:23FA1366A2E22115E867322B17E841F31287C782A48424F22A0AFC959C01AAA9 | |||
2844 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{A5C98121-9681-470F-9FCA-6B2006AF7948}.FSD | binary | |
MD5:A987D649E78E6C671C2D9487CED78AE7 | SHA256:11061301C880CC7E85A88AD1252CF042DE56B7A81CD4CB3C1255DB216E81FE56 | |||
2844 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{DE90273A-681B-4BFC-8DEA-78C4D074C68E}.FSD | binary | |
MD5:149AD9A065C96FB91B6B5565402EAE52 | SHA256:0A09AFFEAF79FC7855C6B1BF03528F852B9529612A6A01FB2792592664BCFBAB | |||
2844 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{C995240F-1A55-4F2E-8CDD-290BDC7AB661} | binary | |
MD5:15B6809ADA8D4D15EC2DF02C4F4B5BAB | SHA256:50F26D0870E1F1CE5A4FDE6498D705A553EF6D8AE3217109780FBD55DDD8BB06 | |||
2844 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{11ACDC07-9980-4977-AFE9-251FA9A04E8D} | binary | |
MD5:8435B77108802D96B9215D9DD3F4C5D1 | SHA256:E83893DA9F2610AC2B686ACF19D1352218C504801F0BFE0395C6F1C34DAC5127 | |||
2844 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{463AD058-7EEA-4301-A122-EB5588738800}.tmp | binary | |
MD5:9796085740D2FAEE337CA17A4D5B1020 | SHA256:9A314728997B920FAC04356DFD4928AAE72C2331AB8C08B0EB3417827A1300A3 | |||
2844 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD | binary | |
MD5:8435B77108802D96B9215D9DD3F4C5D1 | SHA256:E83893DA9F2610AC2B686ACF19D1352218C504801F0BFE0395C6F1C34DAC5127 |
Domain | IP | Reputation |
---|---|---|
www.xmlformats.com |
| malicious |