File name: | Doc58.docx |
Full analysis: | https://app.any.run/tasks/777ccc17-fd54-429e-b76a-c5a52c6a5c3d |
Verdict: | Malicious activity |
Analysis date: | September 10, 2019, 23:15:45 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
MIME: | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
File info: | Microsoft Word 2007+ |
MD5: | ADBA5CD6A652B5665FCAADF55E659AFE |
SHA1: | ED5D2E84A6E43029B9F856C6E995B5CD64AB32B7 |
SHA256: | 6C78B3C942088AA1AD32A053D3BA65949C455D235B2C98F9D7202CBAB5BE8D45 |
SSDEEP: | 1536:5MvQoevSQEmAgk0CzrfHc8AzKkpiBipMA:5Mvpev4gk1fHc8ccEMA |
.docx | | | Word Microsoft Office Open XML Format document (52.2) |
---|---|---|
.zip | | | Open Packaging Conventions container (38.8) |
.zip | | | ZIP compressed archive (8.8) |
ContentTypeId: | 0x010100857685E617905343A49DBF25AE11BCD9 |
---|---|
AppVersion: | 16 |
HyperlinksChanged: | No |
SharedDoc: | No |
CharactersWithSpaces: | - |
LinksUpToDate: | No |
Company: | - |
TitlesOfParts: | - |
HeadingPairs: |
|
ScaleCrop: | No |
Paragraphs: | - |
Lines: | - |
DocSecurity: | None |
Application: | Microsoft Office Word |
Characters: | - |
Words: | - |
Pages: | 1 |
TotalEditTime: | 10 minutes |
Template: | Normal.dotm |
ModifyDate: | 2019:09:10 23:07:00Z |
CreateDate: | 2019:09:09 23:03:00Z |
LastPrinted: | 2018:06:27 01:39:00Z |
RevisionNumber: | 5 |
LastModifiedBy: | Taran Montaperto |
Keywords: | - |
Description: | - |
---|---|
Creator: | Taran Montaperto |
Subject: | - |
Title: | - |
ZipFileName: | [Content_Types].xml |
---|---|
ZipUncompressedSize: | 2535 |
ZipCompressedSize: | 443 |
ZipCRC: | 0x5af163b0 |
ZipModifyDate: | 1980:01:01 00:00:00 |
ZipCompression: | Deflated |
ZipBitFlag: | 0x0006 |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2748 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\Doc58.docx" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2748 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR9BB8.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2748 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{C6FF333C-3DD1-402E-BC62-DA7B2276B58B} | — | |
MD5:— | SHA256:— | |||
2748 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\{02FF9DD2-3D49-4D4F-A478-C6088D13D984} | — | |
MD5:— | SHA256:— | |||
2748 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD | binary | |
MD5:2A14E2C40E752229241D47233EAE25B8 | SHA256:B3F213DF302F855C1570CB60754A6634FDD913A4F6A5B02A6BEF6119E1B78A3E | |||
2748 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$Doc58.docx | pgc | |
MD5:859B97904F75FEE3635168334BE5B12E | SHA256:28F61393FE4687B6FB32A2AF99FE059969593B5299B4A95F0008A23D3C0A7076 | |||
2748 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:62F2DA178DD59EBA6B61EE250E55F925 | SHA256:8CF938206B83D51659082A32A71F3A9F077217F5A2E07A98541350C60245A244 | |||
2748 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{ABB077F8-3B3E-49F7-BCB1-A415D3D8749D}.FSD | binary | |
MD5:E20F0E64372B15AC2F7DD8464E35380D | SHA256:909D083472E0FB0D1ED6D5B8E1548F01B667BDA882EC06CA48986A98070F7E1B | |||
2748 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF | binary | |
MD5:048A71FD756B4080394B59FA7A923DAD | SHA256:0898A6429083054310C014986562004C9B2F42F6C7E8876E9AD8167B71C14041 | |||
2748 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{A76ABBA8-CBC6-4A7D-B78A-59458448D9BB}.FSD | binary | |
MD5:4D8E0A223C93CF2C8D7BDF7170C54E39 | SHA256:B40EC711BEE450340A3D5BE6F4B5F42B64895B8270DB6D23759853F1835653DD | |||
2748 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD | binary | |
MD5:34DC9813B4FF2278FF9A8B2342A6D112 | SHA256:847F14041B5C54B498548E06EB2D363B53564F0078DC93C78B85BB25D31E4BB4 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2748 | WINWORD.EXE | GET | — | 10.2.44.124:80 | http://10.2.44.124/1px.png | unknown | — | — | unknown |
2748 | WINWORD.EXE | GET | — | 10.2.44.124:80 | http://10.2.44.124/1px.png | unknown | — | — | unknown |
2748 | WINWORD.EXE | GET | — | 10.2.44.124:80 | http://10.2.44.124/1px.png | unknown | — | — | unknown |
2748 | WINWORD.EXE | GET | — | 10.2.44.124:80 | http://10.2.44.124/1px.png | unknown | — | — | unknown |
2748 | WINWORD.EXE | GET | — | 10.2.44.124:80 | http://10.2.44.124/1px.png | unknown | — | — | unknown |
2748 | WINWORD.EXE | GET | — | 10.2.44.124:80 | http://10.2.44.124/1px.png | unknown | — | — | unknown |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
2748 | WINWORD.EXE | 10.2.44.124:80 | — | — | — | unknown |