File name: | 7faaa8aeb4bea4ce708cac3050c062f2922f574732f3203ce57ad8a7681eee49.doc |
Full analysis: | https://app.any.run/tasks/2f94d09f-7d2e-4c15-a62a-a6fc1f36418a |
Verdict: | Malicious activity |
Analysis date: | June 12, 2019, 07:50:06 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Tags: | |
Indicators: | |
MIME: | application/octet-stream |
File info: | Microsoft OOXML |
MD5: | 72988B0F51B70CE34712A9D1C726EDDF |
SHA1: | 5FE06ADD43A7D3D0C98E622057FD4ACB5649D669 |
SHA256: | 7FAAA8AEB4BEA4CE708CAC3050C062F2922F574732F3203CE57AD8A7681EEE49 |
SSDEEP: | 12288:oq6VavE5HXqqoZbYLlKTFZ+GEZl0ubrd3kL8Q9w8Vl1zrNHN9M3:oCvE5HaqCbYUTFUGcHbrdUL8C71X9PQ |
.docx | | | Word Microsoft Office Open XML Format document (52.2) |
---|---|---|
.zip | | | Open Packaging Conventions container (38.8) |
.zip | | | ZIP compressed archive (8.8) |
AppVersion: | 15 |
---|---|
HyperlinksChanged: | No |
HLinks: |
|
SharedDoc: | No |
CharactersWithSpaces: | 6408 |
LinksUpToDate: | No |
Company: | - |
TitlesOfParts: | - |
HeadingPairs: |
|
ScaleCrop: | No |
Paragraphs: | 12 |
Lines: | 45 |
DocSecurity: | None |
Application: | Microsoft Office Word |
Characters: | 5462 |
Words: | 958 |
Pages: | 2 |
TotalEditTime: | 1 minute |
Template: | Normal.dotm |
ModifyDate: | 2017:04:18 08:41:00Z |
CreateDate: | 2017:04:18 08:41:00Z |
Keywords: | - |
Subject: | - |
---|---|
Title: | - |
ZipFileName: | [Content_Types].xml |
---|---|
ZipUncompressedSize: | 1375 |
ZipCompressedSize: | 354 |
ZipCRC: | 0xf5547294 |
ZipModifyDate: | 2017:04:18 12:27:12 |
ZipCompression: | Deflated |
ZipBitFlag: | - |
ZipRequiredVersion: | 20 |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2256 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Temp\7faaa8aeb4bea4ce708cac3050c062f2922f574732f3203ce57ad8a7681eee49.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | explorer.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
3512 | "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\FLTLDR.EXE" C:\Program Files\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\FLTLDR.EXE | — | WINWORD.EXE |
User: admin Integrity Level: LOW Exit code: 0 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2256 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR40F4.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2256 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\mso535A.tmp | — | |
MD5:— | SHA256:— | |||
2256 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:B19FF5CEFD1DA5D0F2805A945B570C3C | SHA256:F75A592B67565D406D9D7F15EC8C276CD6D0D5E54AD5EF87413F565E44175FC9 | |||
2256 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\~$aaa8aeb4bea4ce708cac3050c062f2922f574732f3203ce57ad8a7681eee49.doc | pgc | |
MD5:0AE67A575F1E3C7672149F1033DF8C98 | SHA256:DC7F6BA5BA0D91D43A9142A9874A29BDEA1CA65D491D0F2E8ED0B59F84F6B3A5 | |||
2256 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex | text | |
MD5:F3B25701FE362EC84616A93A45CE9998 | SHA256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209 | |||
2256 | WINWORD.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E8CD4EEA.eps | ps | |
MD5:B137C809E3BF11F2F5D867A6F4215F95 | SHA256:2E75DEAC828111D224C2E6F08662A25E6CCF1C2B7AA938D8D35AE08560AE278A | |||
2256 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\OICE_87E6841E-C218-46F1-8A2D-0B28B60AE424.0\FL5A22.tmp | ps | |
MD5:B137C809E3BF11F2F5D867A6F4215F95 | SHA256:2E75DEAC828111D224C2E6F08662A25E6CCF1C2B7AA938D8D35AE08560AE278A |