File name: | covid19.doc |
Full analysis: | https://app.any.run/tasks/642a1b8c-6232-41c0-8c74-0f4513a44599 |
Verdict: | Suspicious activity |
Analysis date: | March 24, 2020, 08:36:58 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 64 bit) |
Tags: | |
Indicators: | |
MIME: | application/msword |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Template: Normal.dotm, Revision Number: 7, Total Editing Time: 18:00, Create Time/Date: Thu Mar 19 08:06:00 2020, Last Saved Time/Date: Fri Mar 20 08:22:00 2020, Number of Pages: 3, Number of Words: 98, Number of Characters: 562, Security: 0 |
MD5: | 555FE4685033CB33B6508ACB3F463BE9 |
SHA1: | 7B3B5FAD119BB2A492385E9F98CFACDF94F9F09E |
SHA256: | 4D71F1EAB01045DE9AE76EA248BE7746BAD70C12AD977EEB6E8F8E46BBCE6395 |
SSDEEP: | 12288:GxKdcKUocIKuxr+bKZ1uQd65oStnzL4RTGbJ5l3:GxKdfH9xB15MoWX4RKb |
.doc | | | Microsoft Word document (35.9) |
---|---|---|
.xls | | | Microsoft Excel sheet (33.7) |
.doc | | | Microsoft Word document (old ver.) (21.3) |
Title: | - |
---|---|
Subject: | - |
Keywords: | - |
Comments: | - |
Template: | Normal.dotm |
RevisionNumber: | 7 |
TotalEditTime: | 18.0 minutes |
CreateDate: | 2020:03:19 08:06:00 |
ModifyDate: | 2020:03:20 08:22:00 |
Pages: | 3 |
Words: | 98 |
Characters: | 562 |
Security: | None |
CodePage: | Windows Latin 1 (Western European) |
Company: | - |
Lines: | 4 |
Paragraphs: | 1 |
CharCountWithSpaces: | 659 |
AppVersion: | 16 |
ScaleCrop: | No |
LinksUpToDate: | No |
SharedDoc: | No |
HyperlinksChanged: | No |
TitleOfParts: | - |
HeadingPairs: |
|
CompObjUserTypeLen: | 32 |
CompObjUserType: | Microsoft Word 97-2003 Document |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2884 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\covid19.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.5123.5000 | ||||
2136 | C:\Windows\\SysWOW64\\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe | — | WINWORD.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows host process (Rundll32) Version: 6.1.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2884 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRD49E.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2884 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$ovid19.doc | pgc | |
MD5:0FF195F0C386FDBF7113AA5052A4F87C | SHA256:21E494EB047B4D1ED54C879A7F065D10DCF5677D2C4A311E8A4B3CBCA7B15CEB |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2884 | WINWORD.EXE | 34.247.80.95:443 | cdn.javacon.eu | Amazon.com, Inc. | IE | unknown |
Domain | IP | Reputation |
---|---|---|
cdn.javacon.eu |
| unknown |