File name: | MESSAGIO-20190918.doc |
Full analysis: | https://app.any.run/tasks/fd4a0be0-5324-41c2-ae59-bd03aaeaf8f6 |
Verdict: | Malicious activity |
Threats: | Emotet is one of the most dangerous trojans ever created. Over the course of its lifetime, it was upgraded to become a very destructive malware. It targets mostly corporate victims but even private users get infected in mass spam email campaigns. |
Analysis date: | September 18, 2019, 15:08:20 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
MIME: | application/msword |
File info: | Composite Document File V2 Document, Little Endian, Os: Windows, Version 6.1, Code page: 1252, Title: Senior Rustic Rubber Soap context-sensitive, Subject: Program, Author: Deon Raynor, Comments: benchmark, Template: Normal.dotm, Revision Number: 1, Name of Creating Application: Microsoft Office Word, Create Time/Date: Wed Sep 18 11:25:00 2019, Last Saved Time/Date: Wed Sep 18 11:25:00 2019, Number of Pages: 1, Number of Words: 95, Number of Characters: 547, Security: 0 |
MD5: | C8B555A63EC6129A8225DF58751B4D46 |
SHA1: | 27AB9487F61768F59EC5298B67A59AA70C33214F |
SHA256: | 7A9302228EB206C7D5863DD28BC87DC022499860069B79A1689BE452657812DC |
SSDEEP: | 6144:Mupm1VmTG3cBubZMHY6I2KDNTto08WQxqLkI47NSU4jJntATfDd:Mupm1VmTG3cBubZMHY6I2KDNTto08WQJ |
.doc | | | Microsoft Word document (54.2) |
---|---|---|
.doc | | | Microsoft Word document (old ver.) (32.2) |
CompObjUserType: | Microsoft Word 97-2003 Document |
---|---|
CompObjUserTypeLen: | 32 |
Manager: | Stamm |
HeadingPairs: |
|
TitleOfParts: | - |
HyperlinksChanged: | No |
SharedDoc: | No |
LinksUpToDate: | No |
ScaleCrop: | No |
AppVersion: | 16 |
CharCountWithSpaces: | 641 |
Paragraphs: | 1 |
Lines: | 4 |
Company: | Walter and Sons |
CodePage: | Windows Latin 1 (Western European) |
Security: | None |
Characters: | 547 |
Words: | 95 |
Pages: | 1 |
ModifyDate: | 2019:09:18 10:25:00 |
CreateDate: | 2019:09:18 10:25:00 |
TotalEditTime: | - |
Software: | Microsoft Office Word |
RevisionNumber: | 1 |
LastModifiedBy: | - |
Template: | Normal.dotm |
Comments: | benchmark |
Keywords: | - |
Author: | Deon Raynor |
Subject: | Program |
Title: | Senior Rustic Rubber Soap context-sensitive |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
3424 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\MESSAGIO-20190918.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
3424 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR9C44.tmp.cvr | — | |
MD5:— | SHA256:— | |||
3424 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6FF3F68.wmf | wmf | |
MD5:CF7BF4454BF5394C4E87BC4EBBD5427D | SHA256:2F885908302863C6E92D871632C2756775F1680B7A703C5F8BDBFC443C23296E | |||
3424 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9023A1B6.wmf | wmf | |
MD5:096756B3FE1D16E98A25815297430D2A | SHA256:66CD60C7140CC72022E97B4E01174741C2D15245E0E9BFB1BB475E721B5CCAE1 | |||
3424 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\Word8.0\MSForms.exd | tlb | |
MD5:33FDEF85639CB49A273C494C7563A6D2 | SHA256:0F2403F75554A1CBDBFF723F7033F6A432E71C2ECBA84AE69C1D25E7E9353F9E | |||
3424 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:62F2DA178DD59EBA6B61EE250E55F925 | SHA256:8CF938206B83D51659082A32A71F3A9F077217F5A2E07A98541350C60245A244 | |||
3424 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\66BA9F62.wmf | wmf | |
MD5:D65CC9A017C5C7587E96749A55DB19A4 | SHA256:CB56DFA1587DCB728FB432842369F7D586178790A999EE91F1AC5BAEDFF5E298 | |||
3424 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AF8C8F34.wmf | wmf | |
MD5:626FFF2E0ACBDA7F5E97E3B0FEBC247C | SHA256:D019E89106099285EB91AA19CFF5E597088A14204CC22C0414BDDEF70F574E9E | |||
3424 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E745FDA5.wmf | wmf | |
MD5:D4288E0800826368E57BF9592010ADD5 | SHA256:65D335AC22C2817FF8C848137B62D93B454AE5E2CFECCD1B005B4EC4CED64C47 | |||
3424 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C5F534FA.wmf | wmf | |
MD5:525A977AD19CF68F20F411DBAF9F8BC3 | SHA256:DD8729314D3BEA5C0089F70AD8F017C935835157522A442EC543E98CE70A55DE | |||
3424 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\4F03BA3F.wmf | wmf | |
MD5:AFF53A8D48DD1DAFD3C3E388054B5527 | SHA256:5BA2E2AFCDBDA9FE170929606A89309F99A888CE2995BDB13F523D8C9DB3163B |