File name: | Dian su deuda a la fecha Enero 2019.docx |
Full analysis: | https://app.any.run/tasks/12098418-f4c4-4202-8b2c-cc348fa93104 |
Verdict: | Malicious activity |
Analysis date: | January 10, 2019, 15:38:22 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File info: | Microsoft Word 2007+ |
MD5: | A442BEC8230BB5C9CC530E9B5ED3F279 |
SHA1: | 925A3C088815AACAF12A583C7AE14F4DA4D4A5C5 |
SHA256: | 63405D479E55D56425D0627EFBD9A4EC54A635FD3B9D9F4C1A4DEC3C612387EB |
SSDEEP: | 192:CtoBVewZBvCko4hcTtZxtzxTqrVZ/jT+Nwth0Z1mBEsHX3YAQcA2:aqeY5RatzlqrDjTnU1mHScA2 |
.docx | | | Word Microsoft Office Open XML Format document (52.2) |
---|---|---|
.zip | | | Open Packaging Conventions container (38.8) |
.zip | | | ZIP compressed archive (8.8) |
AppVersion: | 16 |
---|---|
HyperlinksChanged: | No |
SharedDoc: | No |
CharactersWithSpaces: | 119 |
LinksUpToDate: | No |
Company: | - |
TitlesOfParts: | - |
HeadingPairs: |
|
ScaleCrop: | No |
Paragraphs: | 1 |
Lines: | 1 |
DocSecurity: | None |
Application: | Microsoft Office Word |
Characters: | 102 |
Words: | 18 |
Pages: | 1 |
TotalEditTime: | 31 minutes |
Template: | Normal |
ModifyDate: | 2019:01:05 17:08:00Z |
CreateDate: | 2018:10:25 01:01:00Z |
RevisionNumber: | 15 |
LastModifiedBy: | Centro de Servicios Judiciales |
Keywords: | - |
Description: | - |
---|---|
Creator: | Centro de Servicios Judiciales |
Subject: | - |
Title: | - |
ZipFileName: | [Content_Types].xml |
---|---|
ZipUncompressedSize: | 1312 |
ZipCompressedSize: | 346 |
ZipCRC: | 0x6cd2a4df |
ZipModifyDate: | 1980:01:01 00:00:00 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0006 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2880 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\Dian su deuda a la fecha Enero 2019.docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
3792 | "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding | C:\Program Files\Internet Explorer\iexplore.exe | svchost.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
4032 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3792 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2940 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3792 CREDAT:6402 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2572 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\Dian_su_deuda_pendiente[1].doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Exit code: 0 Version: 14.0.6024.1000 | ||||
2552 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Embedding | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | WINWORD.EXE |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2880 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR8812.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3792 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RB73MZ6Y\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3792 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2880 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~DFCD32BA52C48BAEA6.TMP | — | |
MD5:— | SHA256:— | |||
4032 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\warning[1].txt | — | |
MD5:— | SHA256:— | |||
2880 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~DFD3CB196BACFCD14F.TMP | — | |
MD5:— | SHA256:— | |||
2940 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OCDM6JB6\warning[1].txt | — | |
MD5:— | SHA256:— | |||
4032 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@mediafire[1].txt | — | |
MD5:— | SHA256:— | |||
2572 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR443E.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2880 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\OICE_0625B11B-049D-4CE2-883C-85B4D58DA8E6.0\D1729D24.doc\:Zone.Identifier:$DATA | — | |
MD5:— | SHA256:— |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
3792 | iexplore.exe | GET | 200 | 204.79.197.200:80 | http://www.bing.com/favicon.ico | US | image | 237 b | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3792 | iexplore.exe | 67.199.248.15:443 | bitly.com | Bitly Inc | US | shared |
2880 | WINWORD.EXE | 67.199.248.10:443 | bit.ly | Bitly Inc | US | shared |
3792 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
4032 | iexplore.exe | 104.19.195.29:443 | www.mediafire.com | Cloudflare Inc | US | shared |
4032 | iexplore.exe | 67.199.248.15:443 | bitly.com | Bitly Inc | US | shared |
2940 | iexplore.exe | 67.199.248.15:443 | bitly.com | Bitly Inc | US | shared |
2880 | WINWORD.EXE | 162.213.253.97:80 | ceoseguros.com | Namecheap, Inc. | US | malicious |
2880 | WINWORD.EXE | 67.199.248.15:443 | bitly.com | Bitly Inc | US | shared |
4032 | iexplore.exe | 205.196.122.194:443 | download1253.mediafire.com | MediaFire, LLC | US | unknown |
Domain | IP | Reputation |
---|---|---|
bit.ly |
| shared |
bitly.com |
| shared |
www.bing.com |
| whitelisted |
www.mediafire.com |
| shared |
download1253.mediafire.com |
| unknown |
ceoseguros.com |
| malicious |