File name: | sample.doc |
Full analysis: | https://app.any.run/tasks/db12f1bc-69ba-466c-a673-7595086fe2c5 |
Verdict: | Malicious activity |
Analysis date: | August 12, 2022, 14:50:22 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | application/octet-stream |
File info: | Microsoft OOXML |
MD5: | 52945AF1DEF85B171870B31FA4782E52 |
SHA1: | 06727FFDA60359236A8029E0B3E8A0FD11C23313 |
SHA256: | 4A24048F81AFBE9FB62E7A6A49ADBD1FAF41F266B5F9FEECDCEB567AEC096784 |
SSDEEP: | 192:AEhM7fIUU09264wptGheab8h7Z/c+8poF1d3jvvtl59rGxjPQDasYBcG7h+:AqWfIz092hwLGAabkcfa7pr1lzyxjPQ9 |
.docx | | | Word Microsoft Office Open XML Format document (52.2) |
---|---|---|
.zip | | | Open Packaging Conventions container (38.8) |
.zip | | | ZIP compressed archive (8.8) |
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | Deflated |
ZipModifyDate: | 2022:05:26 23:08:07 |
ZipCRC: | 0x6cd2a4df |
ZipCompressedSize: | 340 |
ZipUncompressedSize: | 1312 |
ZipFileName: | [Content_Types].xml |
Template: | Normal |
---|---|
TotalEditTime: | - |
Pages: | 1 |
Words: | - |
Characters: | - |
Application: | Microsoft Office Word |
DocSecurity: | None |
Lines: | - |
Paragraphs: | - |
ScaleCrop: | No |
Company: | - |
LinksUpToDate: | No |
CharactersWithSpaces: | - |
SharedDoc: | No |
HyperlinksChanged: | No |
AppVersion: | 16 |
Keywords: | - |
LastModifiedBy: | KIS2 |
RevisionNumber: | 3 |
CreateDate: | 2022:05:25 13:14:00Z |
ModifyDate: | 2022:05:25 13:14:00Z |
Title: | - |
---|---|
Subject: | - |
Creator: | KIS2 |
Description: | - |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3580 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\sample.doc.docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3580 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRD518.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3580 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{5A6F4CCA-814C-4374-B016-A57E02FA3B84}.FSD | binary | |
MD5:BFE1B928E401E3A6DA5E8BF028CEADB0 | SHA256:2AC6F7E95F9C22E0F2E1C29FEE7CFFA9344E170060C75FB8EC1B9755549166B9 | |||
3580 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:3A81A98EF3EA746BEBEC0A0E071C6470 | SHA256:4D708B00A51B865A7F79A8DD2E0D09D687ACFC38CAA2DCEB2C62CAB0E9E00910 | |||
3580 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD | binary | |
MD5:B9EC245FEA1B3A2ED0C6F7CF559084B4 | SHA256:FFA57255957BA07E3BB6440E52B50DECCF50966C3058127736B7023DD5132689 | |||
3580 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD | binary | |
MD5:945CBD80227968B0C9339BDE0E0A9105 | SHA256:90589629DF6E754AA369A1E1D8D73C599FBC587C953CD9FA49ECD99BAFBE5ACB | |||
3580 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$mple.doc.docx | pgc | |
MD5:050AA1BCFD4A1B2DAB4B88D8C1D9DD44 | SHA256:B18475EEB39FB936572D40C15C01CF63A0DABC9C205FDB2AB6BDEF09346F54AC | |||
3580 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{2FE64880-6ED4-4739-AE1C-91E3C5BBF4CB}.FSD | binary | |
MD5:DAB4B3F1FCA84BF78466D768FA68A8C1 | SHA256:6082D8B413B8844EF985D5B637601F7F3E0CDCDC7F2BAEB367494B126DED9670 | |||
3580 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{97318FF2-A21A-403C-B4D9-1520037FF19F} | binary | |
MD5:945CBD80227968B0C9339BDE0E0A9105 | SHA256:90589629DF6E754AA369A1E1D8D73C599FBC587C953CD9FA49ECD99BAFBE5ACB | |||
3580 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{40B5620C-2CEC-4FC0-A5C3-7FD316675FE0} | binary | |
MD5:B9EC245FEA1B3A2ED0C6F7CF559084B4 | SHA256:FFA57255957BA07E3BB6440E52B50DECCF50966C3058127736B7023DD5132689 | |||
3580 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF | binary | |
MD5:D471A0BB5F0B8A9AC834E0172491B7F9 | SHA256:418B6AE0A39787583DCD77DA0ED040F8C3DDA03410E71D04C235EE6E736F298F |
Domain | IP | Reputation |
---|---|---|
www.xmlformats.com |
| malicious |