File name: | 6bb33a67af4f4a85cbae5cec2fac89297f1250167ec096f9e656af12068abc72 |
Full analysis: | https://app.any.run/tasks/3a87c381-768b-47ef-8d80-29161eabe96f |
Verdict: | Malicious activity |
Analysis date: | February 19, 2019, 07:33:44 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File info: | Microsoft Word 2007+ |
MD5: | E2AED850C18449A43886FC79B342132F |
SHA1: | 295A99BEBB8122A0FC26086ECC115582F37F6B47 |
SHA256: | 6BB33A67AF4F4A85CBAE5CEC2FAC89297F1250167EC096F9E656AF12068ABC72 |
SSDEEP: | 3072:0JxK75SbZs9NNN7ZPQd9sJT8gX05OpkQMFXCv13JaKoYa/:0275SboQbstSQdMFyv15TFO |
.docx | | | Word Microsoft Office Open XML Format document (52.2) |
---|---|---|
.zip | | | Open Packaging Conventions container (38.8) |
.zip | | | ZIP compressed archive (8.8) |
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | 0x0006 |
ZipCompression: | Deflated |
ZipModifyDate: | 1980:01:01 00:00:00 |
ZipCRC: | 0x5ee0a151 |
ZipCompressedSize: | 414 |
ZipUncompressedSize: | 2016 |
ZipFileName: | [Content_Types].xml |
InternalTags: | - |
---|---|
ContentTypeId: | 0x0101006EDDDB5EE6D98C44930B742096920B300400F5B6D36B3EF94B4E9A635CDF2A18F5B8 |
FeatureTags: | - |
LocalizationTags: | - |
CampaignTags: | - |
ScenarioTags: | - |
Keywords: | - |
LastModifiedBy: | Windows User |
RevisionNumber: | 6 |
CreateDate: | 2018:08:22 10:24:00Z |
ModifyDate: | 2018:11:09 04:28:00Z |
Template: | vava.png |
TotalEditTime: | 9 minutes |
Pages: | 2 |
Words: | 348 |
Characters: | 1987 |
Application: | Microsoft Office Word |
DocSecurity: | None |
Lines: | 16 |
Paragraphs: | 4 |
ScaleCrop: | No |
Company: | - |
LinksUpToDate: | No |
CharactersWithSpaces: | 2331 |
SharedDoc: | No |
HyperlinksChanged: | No |
AppVersion: | 15 |
Title: | - |
---|---|
Subject: | - |
Creator: | Tushar |
Description: | - |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2964 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\6bb33a67af4f4a85cbae5cec2fac89297f1250167ec096f9e656af12068abc72.docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2964 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR6A63.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2964 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\mso6CB6.tmp | — | |
MD5:— | SHA256:— | |||
2964 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{4F45EDE6-CCDB-49B4-897F-49BEBCB18900} | — | |
MD5:— | SHA256:— | |||
2964 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{C42ABDF4-45E3-44DD-82A8-91D95A60F7B3} | — | |
MD5:— | SHA256:— | |||
2964 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD | binary | |
MD5:240AD990F32AFB591926D37765CB6FAE | SHA256:F7C31B00C41A1F070E3B31DC42405799EF60EDB31506735354AE97BEFE52AF1A | |||
2964 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF | binary | |
MD5:143C1C96A7B6E2DB23D20CD2083D641A | SHA256:327AFA407EFB7E87219389A6462DE7054A47FE619817D16A6C2CEBD861A5594D | |||
2964 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$b33a67af4f4a85cbae5cec2fac89297f1250167ec096f9e656af12068abc72.docx | pgc | |
MD5:7AC8554CF4865320E55813924BC6E8AB | SHA256:32B481480FEDF94C1455F8B6EDF718B731C1C1268C4A6AD4AE4237C90831FA3E | |||
2964 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD | binary | |
MD5:3A51C52F8E7AF0BA9FBAFCCF649E0CDB | SHA256:FFB895818A22E552AFAEED763C5DF4D29101AD9A528BF10536CA3CBB16623E2E | |||
2964 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:FFDDA778140572C37C6C1B9E1A88C58B | SHA256:478279FBD54E6D1EE6C21D74755708B0B3AD34CCC4069C872C81C9A3A4BF25D2 | |||
2964 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{014E89E5-F5F2-489C-A082-C87CCFC8BE29}.FSD | binary | |
MD5:F5FCD4BD735FE06145D5944A4231C942 | SHA256:3F13EC89FD6499C5392718F82F7D6B4765D61347FB154F5C3CC78C9E444DD996 |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
980 | svchost.exe | 198.50.164.161:443 | outlook.officebetas.com | OVH SAS | CA | malicious |
2964 | WINWORD.EXE | 198.50.164.161:443 | outlook.officebetas.com | OVH SAS | CA | malicious |
Domain | IP | Reputation |
---|---|---|
outlook.officebetas.com |
| malicious |