File name: | web server.docx |
Full analysis: | https://app.any.run/tasks/1827b29f-e9f2-44df-8060-beea16a3bfca |
Verdict: | Malicious activity |
Analysis date: | January 14, 2022, 19:28:20 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | application/octet-stream |
File info: | Microsoft OOXML |
MD5: | 0B831F6459C1FFD39E02385F8095B4C1 |
SHA1: | DF8E387F3DE994E824901CD4C61CB143C7009706 |
SHA256: | 8098212842D59D08E99D5D98C32CBBB0A52098B49FABBBAA85991982797A0763 |
SSDEEP: | 192:R6Sv7mQOJ2wc3rMKkzekcaP18H111M05AgPekjD2h0vcPp0:R6SviQIhzegWH111/eahvCp0 |
.zip | | | Open Packaging Conventions container (81.3) |
---|---|---|
.zip | | | ZIP compressed archive (18.6) |
ZipRequiredVersion: | 20 |
---|---|
ZipBitFlag: | - |
ZipCompression: | Deflated |
ZipModifyDate: | 2021:10:01 14:10:17 |
ZipCRC: | 0x1e3c81b4 |
ZipCompressedSize: | 358 |
ZipUncompressedSize: | 1416 |
ZipFileName: | [Content_Types].xml |
Template: | Normal |
---|---|
TotalEditTime: | 34 minutes |
Pages: | 1 |
Words: | 206 |
Characters: | 1176 |
Application: | Microsoft Office Word |
DocSecurity: | None |
Lines: | 9 |
Paragraphs: | 2 |
ScaleCrop: | No |
Company: | Consumers Association |
LinksUpToDate: | No |
CharactersWithSpaces: | 1380 |
SharedDoc: | No |
HyperlinksChanged: | No |
AppVersion: | 16 |
LastModifiedBy: | user |
RevisionNumber: | 6 |
CreateDate: | 2013:10:31 15:25:00Z |
ModifyDate: | 2021:08:31 16:47:00Z |
Title: | - |
---|---|
Subject: | - |
Creator: | Microsoft |
Description: | - |
Language: | en-US |
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2180 | "C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\web server.docx.zip" | C:\Program Files\WinRAR\WinRAR.exe | — | Explorer.EXE |
User: admin Company: Alexander Roshal Integrity Level: MEDIUM Description: WinRAR archiver Exit code: 0 Version: 5.91.0 | ||||
3492 | "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\admin\Desktop\_rels\.rels" | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: XML Editor Exit code: 0 Version: 14.0.4750.1000 | ||||
4092 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | MSOXMLED.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2176 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4092 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2496 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4092 CREDAT:78849 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3400 | "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\admin\Desktop\[Content_Types].xml" | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: XML Editor Exit code: 0 Version: 14.0.4750.1000 | ||||
2620 | "C:\Program Files\Internet Explorer\iexplore.exe" -nohome | C:\Program Files\Internet Explorer\iexplore.exe | MSOXMLED.EXE | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 1 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
1448 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2620 CREDAT:267521 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
3416 | "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2620 CREDAT:78849 /prefetch:2 | C:\Program Files\Internet Explorer\iexplore.exe | — | iexplore.exe |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Internet Explorer Exit code: 0 Version: 11.00.9600.16428 (winblue_gdr.131013-1700) | ||||
2436 | "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE" /verb open "C:\Users\admin\Desktop\word\webSettings.xml" | C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.EXE | — | Explorer.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: XML Editor Exit code: 0 Version: 14.0.4750.1000 |
PID | Process | Filename | Type | |
---|---|---|---|---|
4092 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | der | |
MD5:AC68ACF50745357D4EA92B214D9E7132 | SHA256:AE3F7FDE380D2D90571A61378E52B1BC284B4C4C6A1E099F6F022395EBED6154 | |||
4092 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{3D2B7FC8-7570-11EC-BB61-12A9866C77DE}.dat | binary | |
MD5:AC836CBDA21006E2E3733A65C46B7B8D | SHA256:2225AD8A6728455C116FB8AB22F73303F84969C43435669B022A1B67C21638AE | |||
4092 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_711ED44619924BA6DC33E69F97E7FF63 | binary | |
MD5:9921CCB95C0B88120C402A9B263DB7AA | SHA256:188435C60C5B6265A63E66F6BCFA07FEE82BD9BE5E498B58C4AB6A397F4B9D2B | |||
4092 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DFDF1806DEB0841426.TMP | gmc | |
MD5:5C70B636647960445E321BA815F0F02F | SHA256:5A235E54AA389A9548970D169D363C6148ABED9B3DA13E1427FD6BFBE7465BBE | |||
4092 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157 | binary | |
MD5:9B459A8BBC87253FF0FD0430E2337195 | SHA256:B00B4B87606151D4CF00818EFB6DF1D37AE4C751655354728E2F8CA307A4FD87 | |||
4092 | iexplore.exe | C:\Users\admin\AppData\Local\Temp\~DF1B0CC8010FEF6053.TMP | gmc | |
MD5:3303823A6BEC2AF33778A37D93A7DD07 | SHA256:1CFFB44DC79B22F2EB074E216925C07EBB6F2A823AF1592424D8B8E05D7B869E | |||
2180 | WinRAR.exe | C:\Users\admin\Desktop\docProps\app.xml | xml | |
MD5:D30F4F2D029CC73CADA7BB56400FD5A3 | SHA256:0A19559906AE13C878243ED37D658ABE0BD079778B8623973806A85C6102C2A4 | |||
4092 | iexplore.exe | C:\Users\admin\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico | image | |
MD5:DA597791BE3B6E732F0BC8B20E38EE62 | SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07 | |||
4092 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[1].ico | image | |
MD5:DA597791BE3B6E732F0BC8B20E38EE62 | SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07 | |||
4092 | iexplore.exe | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B6QGX7LP\favicon[2].ico | image | |
MD5:DA597791BE3B6E732F0BC8B20E38EE62 | SHA256:5B2C34B3C4E8DD898B664DBA6C3786E2FF9869EFF55D673AA48361F11325ED07 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2240 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | US | der | 471 b | whitelisted |
4092 | iexplore.exe | GET | 200 | 93.184.220.29:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom%2FnYB45SPUEwQU5Z1ZMIJHWMys%2BghUNoZ7OrUETfACEA8Ull8gIGmZT9XHrHiJQeI%3D | US | der | 1.47 Kb | whitelisted |
4092 | iexplore.exe | GET | 200 | 178.79.242.0:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?d55e9ef32f7fc9c8 | DE | compressed | 4.70 Kb | whitelisted |
4092 | iexplore.exe | GET | 200 | 178.79.242.0:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fdebcea962adf0c3 | DE | compressed | 4.70 Kb | whitelisted |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
4092 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2240 | iexplore.exe | 152.199.19.161:443 | r20swj13mr.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
2240 | iexplore.exe | 93.184.220.29:80 | ocsp.digicert.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
4092 | iexplore.exe | 178.79.242.0:80 | ctldl.windowsupdate.com | Limelight Networks, Inc. | DE | whitelisted |
4092 | iexplore.exe | 152.199.19.161:443 | r20swj13mr.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
4092 | iexplore.exe | 131.253.33.200:443 | www.bing.com | Microsoft Corporation | US | whitelisted |
2620 | iexplore.exe | 152.199.19.161:443 | r20swj13mr.microsoft.com | MCI Communications Services, Inc. d/b/a Verizon Business | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
api.bing.com |
| whitelisted |
www.bing.com |
| whitelisted |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
r20swj13mr.microsoft.com |
| whitelisted |
iecvlist.microsoft.com |
| whitelisted |