File name: | 4f50a0936c247f7ab34988afb9bcaf10e170bc681f347dfe65f20f1c98b8239b |
Full analysis: | https://app.any.run/tasks/350120cc-5fcb-4280-91ce-8db9d4c4ff1c |
Verdict: | Malicious activity |
Analysis date: | July 18, 2019, 06:26:03 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File info: | Microsoft Word 2007+ |
MD5: | 016E9467B08D7A25137A717CE38AC7D2 |
SHA1: | 9461B5D6348CDCB54FB4C84AA6A3369721903EFA |
SHA256: | 4F50A0936C247F7AB34988AFB9BCAF10E170BC681F347DFE65F20F1C98B8239B |
SSDEEP: | 3072:+dhqy1oClpLAI2TqaPKUcbcmJlzSL0c6sWUDOoLZVT1vSnfAo8HNTngLxLK99:+dhqymEd2TqaP2cgWL/LDOoLZbvuIDlZ |
.docm | | | Word Microsoft Office Open XML Format document (with Macro) (53.6) |
---|---|---|
.docx | | | Word Microsoft Office Open XML Format document (24.2) |
.zip | | | Open Packaging Conventions container (18) |
.zip | | | ZIP compressed archive (4.1) |
Description: | - |
---|---|
Creator: | user |
Subject: | - |
Title: | - |
ModifyDate: | 2019:07:01 06:25:00Z |
---|---|
CreateDate: | 2019:06:04 05:30:00Z |
RevisionNumber: | 79 |
LastModifiedBy: | user |
Keywords: | - |
AppVersion: | 15 |
HyperlinksChanged: | No |
SharedDoc: | No |
CharactersWithSpaces: | 1 |
LinksUpToDate: | No |
Company: | SPecialiST RePack |
TitlesOfParts: | - |
HeadingPairs: |
|
ScaleCrop: | No |
Paragraphs: | 1 |
Lines: | 1 |
DocSecurity: | None |
Application: | Microsoft Office Word |
Characters: | 1 |
Words: | - |
Pages: | 1 |
TotalEditTime: | 1.5 hours |
Template: | Normal.dotm |
ZipFileName: | [Content_Types].xml |
---|---|
ZipUncompressedSize: | 1617 |
ZipCompressedSize: | 419 |
ZipCRC: | 0xaf1703c6 |
ZipModifyDate: | 1980:01:01 00:00:00 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0006 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3608 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\4f50a0936c247f7ab34988afb9bcaf10e170bc681f347dfe65f20f1c98b8239b.docm" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
2864 | "C:\Windows\System32\WScript.exe" "C:\Users\admin\AppData\Roaming\Microsoft\Templates\0.3854486.jse" | C:\Windows\System32\WScript.exe | — | WINWORD.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft ® Windows Based Script Host Version: 5.8.7600.16385 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3608 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRE8AC.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3608 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd | tlb | |
MD5:4A7C277B7F5FC0ABE9D9A040770D3EE4 | SHA256:1A9055711A00C06C028AF015FC352A102DA6EF7243E972EA00A58E5FF5D8C62E | |||
3608 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:8DBB3CEAE9EEB459486BCDE1EC6BD6AF | SHA256:9C7F01D9D8BFE4A501DFF0DF65FF6157DA3525BF0E0C55839BA62FD57696A3C3 | |||
3608 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\0.3854486.jse | text | |
MD5:006FB3D5CFD002D43D96F0A3E22F4216 | SHA256:D04C606A8656E8F92484071E3B423F43420CC8B8BBCFFE551C8F93888407BCAA | |||
3608 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$50a0936c247f7ab34988afb9bcaf10e170bc681f347dfe65f20f1c98b8239b.docm | pgc | |
MD5:B94AB5150749BEA6594454CD6D53C93C | SHA256:81598D4691E9F84B582406FA0A31241FF12767F3950C1FDA2F37C385489A8715 |