download: | 382 |
Full analysis: | https://app.any.run/tasks/bf0aa297-ccd7-4565-8ff0-0bdd36575589 |
Verdict: | Malicious activity |
Analysis date: | August 13, 2019, 20:57:35 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/msword |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: SRU Search API, Author: Janifer Gatenby, Keywords: ISNI SRU Search API Guidelines examples, Template: Normal.dotm, Last Saved By: Janifer Gatenby, Revision Number: 4, Name of Creating Application: Microsoft Office Word, Total Editing Time: 14:00, Last Printed: Fri Apr 15 09:07:00 2011, Create Time/Date: Fri Dec 16 16:36:00 2011, Last Saved Time/Date: Sat Jun 30 14:04:00 2012, Number of Pages: 4, Number of Words: 1182, Number of Characters: 6501, Security: 0 |
MD5: | 1A6027142E07A5D01211C1152F9D5491 |
SHA1: | 97B494E25E3AFA07D3959DBAC27404974FD5C12F |
SHA256: | 6E52DCF41FBF4DCF2210648A2E9BFDC45FD8FCE187980F8D674B1F92F3D5339A |
SSDEEP: | 1536:v1X2ApxMCechhd7jzFMRL+wnKrFTlkBPxCw8hFjFiw8rlBZlGw8cw8cw8hFjFBs:9QI5aDKrApx8s |
.doc | | | Microsoft Word document (80) |
---|
CompObjUserType: | Microsoft Office Word 97-2003 Document |
---|---|
CompObjUserTypeLen: | 39 |
Hyperlinks: |
|
CodePage: | Windows Latin 1 (Western European) |
HeadingPairs: |
|
TitleOfParts: | SRU Search API |
HyperlinksChanged: | No |
SharedDoc: | No |
LinksUpToDate: | No |
ScaleCrop: | No |
AppVersion: | 12 |
CharCountWithSpaces: | 7668 |
Paragraphs: | 15 |
Lines: | 54 |
Company: | OCLC B.V. |
Security: | None |
Characters: | 6501 |
Words: | 1182 |
Pages: | 4 |
ModifyDate: | 2012:07:31 13:04:00 |
CreateDate: | 2011:12:16 16:36:00 |
LastPrinted: | 2011:04:15 08:07:00 |
TotalEditTime: | 14.0 minutes |
Software: | Microsoft Office Word |
RevisionNumber: | 4 |
LastModifiedBy: | Janifer Gatenby |
Template: | Normal.dotm |
Comments: | - |
Keywords: | ISNI SRU Search API Guidelines examples |
Author: | Janifer Gatenby |
Subject: | - |
Title: | SRU Search API |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2264 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\382.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
3496 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | WINWORD.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
4080 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3496 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3128 | "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding | C:\Program Files\Internet Explorer\iexplore.exe | svchost.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
4052 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:3128 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
2944 | "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding | C:\Program Files\Internet Explorer\iexplore.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3108 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2944 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
1544 | "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding | C:\Program Files\Internet Explorer\iexplore.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
3644 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:1544 CREDAT:71937 | C:\Program Files\Internet Explorer\iexplore.exe | iexplore.exe | |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 8.00.7600.16385 (win7_rtm.090713-1255) | ||||
1700 | "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding | C:\Program Files\Internet Explorer\iexplore.exe | — | svchost.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Version: 8.00.7600.16385 (win7_rtm.090713-1255) |
PID | Process | Filename | Type | |
---|---|---|---|---|
2264 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVRCF4F.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2264 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\sru[1].htm | — | |
MD5:— | SHA256:— | |||
3496 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LH043OAM\favicon[1].ico | — | |
MD5:— | SHA256:— | |||
3496 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | — | |
MD5:— | SHA256:— | |||
2264 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$382.doc | pgc | |
MD5:BCAE5DAEAAB76478A9F3313716438494 | SHA256:5B460B0D1002565EC3234F45EBABFF94454B47A25BB827D8FD6D691B563B543C | |||
4080 | iexplore.exe | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\Low\admin@loc[2].txt | — | |
MD5:— | SHA256:— | |||
4080 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat | dat | |
MD5:3CBC9C68A4D4AF5A3D2D47D5BCBB03DB | SHA256:E49F802DB5844EF8C1751C0C511CAE25096F122839B4CEEF0B04BBA50F1847FA | |||
4080 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RBZBFJD4\sru[1].htm | html | |
MD5:BD2B94BAC139CE6E497B4654D12FE900 | SHA256:B27DAADEB99EA58D460796E5EB6543BBE7DA15F2FE88E7640B5CDCB97BD4659E | |||
2264 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:0950D54657AC4503C17B681B50CF9AA9 | SHA256:EFEFF3D04EE624A9FB681C021C0F73F7D1381478B799F47ED61149C21B6908FF | |||
2264 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Windows\Cookies\admin@loc[1].txt | text | |
MD5:59E22700A5D0B2A0D3FDE9EDE1C3B072 | SHA256:F7C6B856F9ADA3C005895A60A6431B91BB7EBF5BDE76230E6567A4B1F0BD8EE8 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2264 | WINWORD.EXE | GET | 200 | 104.16.54.16:80 | http://www.loc.gov/standards/sru/ | US | html | 2.33 Kb | shared |
4080 | iexplore.exe | GET | 200 | 104.16.54.16:80 | http://www.loc.gov/standards/sru/css/sru-print.css | US | text | 1.05 Kb | shared |
4080 | iexplore.exe | GET | 200 | 104.16.54.16:80 | http://www.loc.gov/standards/sru/css/sru-base.css | US | text | 1.60 Kb | shared |
4052 | iexplore.exe | GET | 200 | 193.240.184.206:80 | http://isni.oclc.nl/sru/DB=1.2/ | DE | xml | 5.38 Kb | unknown |
4080 | iexplore.exe | GET | 302 | 66.117.29.227:80 | http://cmon.loc.gov/b/ss/locgovprod/1/H.27.5/s45713251246143?AQB=1&ndh=1&t=13%2F7%2F2019%2021%3A58%3A39%202%20-60&fid=0CF150F27EB57722-013D5C18D60F74FB&ce=UTF-8&ns=thelibraryofcongress&g=http%3A%2F%2Fwww.loc.gov%2Fstandards%2Fsru%2F&server=www.loc.gov&events=event40&c1=SRU%3A%20Search%2FRetrieval%20via%20URL%20--%20SRU%2C%20CQL%20and%20ZeeRex%20%28Standards%2C%20Library%20of%20Congress%29&v8=9%3A45PM&c9=PRODDEC2012-1&v9=Tuesday&v15=D%3Dg&v19=PRODDEC2012-1&c61=standards&c62=sru&s=1280x720&c=32&j=1.5&v=Y&k=Y&bw=792&bh=464&ct=lan&hp=N&AQE=1 | US | — | — | suspicious |
2264 | WINWORD.EXE | GET | 200 | 193.240.184.206:80 | http://isni.oclc.nl/sru/DB=1.2/?xsl=explainresponse | DE | xml | 9.81 Kb | unknown |
4052 | iexplore.exe | GET | 200 | 193.240.184.206:80 | http://isni.oclc.nl/sru/DB=1.2/?xsl=explainresponse | DE | xml | 9.81 Kb | unknown |
4080 | iexplore.exe | GET | 200 | 104.16.54.16:80 | http://cdn.loc.gov/js/global/metrics/sc/s_code.js | US | text | 24.4 Kb | shared |
4080 | iexplore.exe | GET | 200 | 104.16.54.16:80 | http://www.loc.gov/standards/sru/ | US | html | 2.29 Kb | shared |
4080 | iexplore.exe | GET | 200 | 104.16.54.16:80 | http://www.loc.gov/standards/sru/images/sru.gif | US | image | 4.59 Kb | shared |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3496 | iexplore.exe | 204.79.197.200:80 | www.bing.com | Microsoft Corporation | US | whitelisted |
4080 | iexplore.exe | 66.117.29.227:80 | cmon.loc.gov | Adobe Systems Inc. | US | unknown |
4080 | iexplore.exe | 104.16.54.16:80 | www.loc.gov | Cloudflare Inc | US | shared |
2264 | WINWORD.EXE | 104.16.54.16:80 | www.loc.gov | Cloudflare Inc | US | shared |
3496 | iexplore.exe | 104.16.54.16:8081 | www.loc.gov | Cloudflare Inc | US | shared |
2264 | WINWORD.EXE | 193.240.184.206:80 | isni.oclc.nl | Online Computer Library Center | DE | unknown |
3644 | iexplore.exe | 193.240.184.206:80 | isni.oclc.nl | Online Computer Library Center | DE | unknown |
4052 | iexplore.exe | 193.240.184.206:80 | isni.oclc.nl | Online Computer Library Center | DE | unknown |
3128 | iexplore.exe | 193.240.184.206:80 | isni.oclc.nl | Online Computer Library Center | DE | unknown |
2560 | iexplore.exe | 193.240.184.206:80 | isni.oclc.nl | Online Computer Library Center | DE | unknown |
Domain | IP | Reputation |
---|---|---|
www.loc.gov |
| unknown |
www.bing.com |
| whitelisted |
cdn.loc.gov |
| unknown |
cmon.loc.gov |
| suspicious |
isni.oclc.nl |
| unknown |