File name: | Mahnung_9415174.doc |
Full analysis: | https://app.any.run/tasks/8744e43f-5c44-4e5b-bd27-6eea886275a2 |
Verdict: | Malicious activity |
Analysis date: | June 19, 2019, 13:39:00 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/msword |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.3, Code page: 1252, Author: Administrator, Template: Normal, Last Saved By: Administrator, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Fri Jun 29 10:40:00 2018, Last Saved Time/Date: Fri Jun 29 10:41:00 2018, Number of Pages: 1, Number of Words: 0, Number of Characters: 1, Security: 0 |
MD5: | 25A5A19487BF84EBF2EB9354D6650FFD |
SHA1: | 9DC467EC455AF149ABE42A46E0119F70B41263DB |
SHA256: | 58EBE798AC3C4845513764DEC23093585781CF10B213A1AE31058214F1FE8177 |
SSDEEP: | 1536:MflXyBkWd88+a9MkJ3wfF0MQDVYgodbICgpH33eJ7Y1IKQndy8MEqsmoATjQbdTK:MdXadyOWtsodcCOH+JE1zsmobtKr |
.doc | | | Microsoft Word document (54.2) |
---|---|---|
.doc | | | Microsoft Word document (old ver.) (32.2) |
Title: | - |
---|---|
Subject: | - |
Author: | Administrator |
Keywords: | - |
Comments: | - |
Template: | Normal |
LastModifiedBy: | Administrator |
RevisionNumber: | 1 |
Software: | Microsoft Office Word |
TotalEditTime: | - |
CreateDate: | 2018:06:29 09:40:00 |
ModifyDate: | 2018:06:29 09:41:00 |
Pages: | 1 |
Words: | - |
Characters: | 1 |
Security: | None |
Company: | - |
Bytes: | 11000 |
Lines: | 1 |
Paragraphs: | 1 |
CharCountWithSpaces: | 1 |
AppVersion: | 16 |
ScaleCrop: | No |
LinksUpToDate: | No |
SharedDoc: | No |
HyperlinksChanged: | No |
TitleOfParts: | - |
HeadingPairs: |
|
CodePage: | Windows Latin 1 (Western European) |
XfhvqAdWA: | TW5BUGRKcnFPdEhmeDF1Q3dLQnNDZXJxWURzZlBFb1JpS3FGSnpkTGNXUVVLb3NodlJEQUE= |
CompObjUserTypeLen: | 32 |
CompObjUserType: | Microsoft Word 97-2003 Document |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2796 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\Mahnung_9415174.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2796 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRE369.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2796 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@gyazo[1].txt | — | |
MD5:— | SHA256:— | |||
2796 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{4EB6F618-7AEF-42C5-B09F-96701AB055A4} | — | |
MD5:— | SHA256:— | |||
2796 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{75A944DF-DA6A-42FC-ACDF-C9A9CC863C23} | — | |
MD5:— | SHA256:— | |||
2796 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:D76F4168BF0F0E6D09678F095128B0F1 | SHA256:C8BF8D3C9DA7146556C4475C794BD9D11E13596F3752768109A6C5EFE340D331 | |||
2796 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{D5A169E9-4B3A-4437-A8BB-6F5172EC531D}.FSD | binary | |
MD5:05630EABAFC2FBC1028750205FC82917 | SHA256:3F9D2D15982EBE22D64597BE4FC7EC23C0EB890CFD452DA58960511E85720224 | |||
2796 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$hnung_9415174.doc | pgc | |
MD5:44129FD9400C6EF050590CE7A2163361 | SHA256:8E17A4650E509E05F16F115586A2DD1E5F36C89DDBD5499953699B3E0CB5CCD2 | |||
2796 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{F3D74767-10D0-49A2-9DED-4638097E1DC5}.FSD | binary | |
MD5:48E0B643B263DA69E29AC60E2E4907AF | SHA256:657FD653B0EA451F3429F3A2C9C5A91F6FF189BEDBBD0FABBE98FE73B9A458CE | |||
2796 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\VBE\MSForms.exd | tlb | |
MD5:AE18DD6B1BF9D73D4B8F2B1EE574D303 | SHA256:FAC979CC8F166C5C45A252E66F18F4E9C95AC0C755F1E6AF36F8E631F0E1DFA3 | |||
2796 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD | binary | |
MD5:D9109BC65F833527CCE1486C93E6F3E6 | SHA256:691623B318D67284A1AC03B441C1CF8B26391C04F4629FE7C9955CB187D413E5 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2796 | WINWORD.EXE | 104.19.142.111:443 | i.gyazo.com | Cloudflare Inc | US | shared |
2796 | WINWORD.EXE | 74.119.239.234:443 | dkb-agbs.com | PDR | US | malicious |
Domain | IP | Reputation |
---|---|---|
i.gyazo.com |
| whitelisted |
dkb-agbs.com |
| malicious |